The problem should have never existed. Phoning home in this manner should never have existed. This problem is not a bug, it's a fundamental problem with the culture of software development apple curates. They don't believe you should own your computer, that apple always knows better, and if you don't use it the way they force you to, it's unsupported behavior.
To them this is natural, they get away doing anything with the Iphone. Doing it to macos is the natural result of that precedent.
There's a downvote brigade in this thread. The downvote button is not a "I disagree" button.
Oh please. Just because there’s someone shouting this in every such thread doesn’t make it automatically true. You can set up a Mac without ever connecting it to the internet and it will work perfectly.
These are defensive measures to protect the general user base from malware. Yes, using HTTP in 2020 is worthy of scrutiny, but not using every such incident as a new piece of armour for this tedious narrative. Apple’s entire platform offering is based around curation. If you disagree with it, there are many other platforms out there you can elect to use. The bitterness that flies around whenever Apple comes up around here is almost inexplicable.
> Yes, using HTTP in 2020 is worthy of scrutiny [...]
This is the understatement of the year.
It's one thing for Apple to "curate" their offerings and not allow you to do everything with their devices. It's quite another thing for them to pretend they're about "privacy" and then sending confidential information over the wire unencrypted.
When businesses use macOS, they might be fine with the "curation" and "you're not allowed to do everything" aspects (that everybody was aware of), but certainly not with something like this.
> The bitterness that flies around whenever Apple comes up around here is almost inexplicable.
or more specifically, not so much inexplicable (as actually I think it is quite predictable), but rather it is just exhausting.
I'm never going to buy a Windows computer. Period. I'm probably never going to switch to Linux either. I don't go around shouting my reasons why I won't, and I think most Apple users behave this way.
But for a certain segment of the non-Apple crowd, yelling consistently about their opinions is an odd recurrence.
> or more specifically, not so much inexplicable (as actually I think it is quite predictable), but rather it is just exhausting
Weird how I feel the same about all the pro-Apple comments in every Linux thread, specifically to the effect of:
'Unlike Linux, macOS just works. When I was younger I used to play with Linux too, but now I do actually work I just need shit to work and macOS does that', followed by a bunch of outdated, showing knows nothing about what they're talking about shit about PulseAudio.
But when Apple completely and utterly screws up, to the point when you can't even launch non-Apple apps on a machine you paid thousands of dollars for, then people are all too sudden overreacting?
Funny how that works.
> I'm never going to buy a Windows computer. Period. I'm probably never going to switch to Linux either.
Good. And most FLOSS people don't want you to either. What is my problem is when people have crazy high expectations of FLOSS maintainers, but a trillion dollar company screwing up is filled under the category of 'shit happens' so to speak.
Especially considering Apple's a commercial entity that DOES NOT and WILL NOT care about you or what you think and does not need anyone's advocacy as they have a massive marketing budget of their own. Aside from that, there is a feeling in the FLOSS community that Apple's conducting a war on general purpose computing as we know it, which is not an unreasonable thing to be fearful of considering their influence.
> I don't go around shouting my reasons why I won't,
I am glad to hear that, but there's an awful number of your fellow Applers who are doing exactly the opposite.
> But for a certain segment of the non-Apple crowd, yelling consistently about their opinions is an odd recurrence.
Right, which is totally not a thing for the Apple crowd, is that it?
Fair enough, I can see your perspective. Thank you. Although to take my position that I don't plan to switch which OS I use and thus claim that an entire community of developers don't want me, that was a bit of a low blow.
> to take my position that I don't plan to switch which OS I use and thus claim that an entire community of developers don't want me
I meant to say that we don't want you to switch to Linux if you're clearly happy with what you have already, not that we don't want [to have anything to do with] you, sorry if that wasn't clear.
What a bizarre post considering all the pro-Apple smugness we see in Windows, Android and Linux topics. To the point where some of them are almost outright Apple ads.
Almost as bizarre as loyalty to a single brand even when they stop treating you well.
I’ve said it before and I’ll say it again; there is smugness from all sides. There does appear to be a an awful lot more coming from the FOSS community, but perhaps that cognitive bias on my part, id suggest that what you see is the same.
This. I'm well aware some of the comments I leave on the net about certain products (be it applications, os, hardware, tools, literally anything) might come over as smugness (though I do my best to just state facts without putting an extra undertone in it) but at least I realize that; it's just a natural reaction when you see something you like getting bashed - especially if that bashing is not entirely just or even completely wrong. But it's baffling to see people not realizing they're being dragged down by cognitive error and it makes them blind. We're humans, we can be thaught to self-inspect, it's unfortunate this doesn't get done in education enough.
> But it's baffling to see people not realizing they're being dragged down by cognitive error and it makes them blind.
I misread this initially and I suspect others are as well based on the downvoting. But I think what you mean is that impulsive and/or unconditional bashing is the cognitive error here, right?
I'm a windows user primarily and linux user by choice. To my dismay, at my workplace I have to use MacOS because everyone uses iMacs which belong to the company and have no choice in that regard. This means MacOs is tied directly and non-trivially to my livelihood. My complaint of apple and what I percieve as shenanigans by Apple are due to that very fact that it is tied to my livelihood. Ofcourse you can say switch jobs because you dont like the brand the company uses and I will concede that as a somewhat valid point- but a reasonable person may look askance at the suggestion. We can agree it's a stupid reason to plunge myself into financial uncertainty. There is a non-zero chance that there are others in my position and who must exercise the right if not courtesy to complain.
> But for a certain segment of the non-Apple crowd, yelling consistently about their opinions is an odd recurrence.
There is a certain group which self identifies as fanboys which is their right and that group is not comprised of Windows or * nix users. This segment of fanboys I can assure is equally if not more vocal. Amusing if nothing else.
That's such a weird complaint. I own an Android device and use Google services and yet, I'm perfectly capable of criticising Google and their practices (criticism that, I might add, is least as frequent on this page as criticism of Apple - see AMP et al.). I expect that especially on a forum such as this one, people would be able to make informed choices and understand trade-offs. To say "I use Apple/Google/Microsoft devices because the trade-offs work best for me" is completely reasonable. What I don't think is reasonable is to perceive any criticism of a big corporation whose products you happen to be using as a personal attack.
> I'm never going to buy a Windows computer. Period. I'm probably never going to switch to Linux either.
This sounds to me as if you were saying "since I won't be switching away from Apple, I find criticism of Apple tiring because it won't change my mind". Which seemed to imply to me that you were taking Apple criticism as an invalidation of your personal beliefs / preferences. But I don't think it should be construed that way. It's just criticism of a company.
No, it meant that just because I will never buy Windows does not mean I will go around bashing it. That’s why the next sentence said “I don't go around shouting my reasons why I won't”.
You really have no way of knowing that particular users are part of the "non-Apple crowd" unless they explicitly say so. I expect that many of the louder voices criticizing Apple come from Apple users themselves, because they have skin in the game.
So? You mean that it's exhausting to be reminded of the negatives of a choice you make?
The sentiment expressed is basically the same as in 'Your Computer Isn't Yours' mentioned in the article, which has already caused Apple to respond and enact change. That criticism directly caused real improvement.
The sentiment here and in the article isn’t what caused Apple to enact the change, it was the negative publicity timed to coincide with the launch of a new release of their flagship operating system. The incessant drone of “Apple owns its users and they’re basically slaves to their own devices” is what annoys people so much.
There is no such thing as a perfect computer. Every purchase involves tradeoffs, including Linux. I, personally, started out on Macs in late 1995 and then switched to Windows in 2002. A few years later I switched to Linux and then ran Arch until summer 2017. I switched back to Macs with a MacBook in fall 2017, just as I began university.
Why did I switch back to Mac after all those years learning Linux? Because I was tired of my computer breaking all the time. I wanted something that would just keep working and not randomly boot to the system console, unable to start the graphical shell, after an update. This tradeoff in stability came at the price of customization, something I was glad to give up anyway since I knew I’d have a ton of actual work to worry about in school.
I don't see the difference. Negative sentiment, once broadcast publicly and when diseminated widely enough or by the right people, becomes negative publicity, and that's what they acted on as you say.
Anyway I would hope that 'incessant drone' is often about more than customisation, it is because people are concerned about the impacts on general purpose computing a la Cory Doctorow [1]. Moaning about that being annoying is like moaning about the 'incessant drone' of climate change commentary.
I’ve been aware of Cory’s argument since he first began writing about it. It still hasn’t come to pass. I can still run a C compiler on my Mac and write whatever software I want to write. I can still install any other compiler or interpreter I like and write whatever code I want for it. I can still install any open source software I want.
Cory’s arguments ultimately boil down to a slippery slope argument. Apple says it is locking things down in order to protect people against malware. Cory says this will lead to a lockdown against general purpose computing (ability to run any software you want). This hasn’t yet come to pass, so it’s a matter of waiting at this point.
I don’t think climate change is an appropriate analogy. Climate change is a physical process which we can model and predict via the scientific method. It’s pretty clear at this point that if we maintain the status quo and don’t change our behaviour then catastrophe will ensue.
You can’t say the same thing about Apple. They’re a company full of people and you can’t predict what they’re going to do next. Plenty of people try, of course, but they’re wrong every year.
I have been using tons of open source software on my Mac since 2017 without ever disabling SIP. The only thing I’ve ever had trouble with was gdb and I was able to address that by self-signing the binary. Having said that, gdb has other issues on Mac but I think they may have a shortage of actual Mac developers.
M1 Macs don’t boot any OS not signed by Apple but they did demonstrate Linux running under virtualization. The fact that they included this in their demo indicates that the ability to continue running open source software on Macs remains a priority.
> I have been using tons of open source software on my Mac since 2017 without ever disabling SIP.
Homebrew put in some work for this not to be an issue, but SIP was an issue for me back in the day and why I no longer use a Mac.
Additionally, there's an annoying popup every time you want to launch a internet-downloaded binary that doesn't even have an 'Allow' on the box itself. One has to go via Settings => Security and Privacy, which is tedious.
> I was able to address that by self-signing the binary.
For many, that's too much friction to bother.
> M1 Macs don’t boot any OS not signed by Apple but they did demonstrate Linux running under virtualization. The fact that they included this in their demo indicates that the ability to continue running open source software on Macs remains a priority.
Maybe, but virtualization is not the same as bare metal. The only thing this shows to me is that Apple knows server-software will be deployed to Linux servers, so they need to provide some ability to test on Linux, even for their own in-house services I'd imagine.
> You mean that it's exhausting to be reminded of the negatives of a choice you make?
No, that’s not it all what I meant, and I’m sorry if it came across that way. I meant it is exhausting to see the same fairly shallow criticisms shouted on a regular basis. It’s a different product with a different philosophy and people don’t have to buy their products, and it’s exhausting just to see the same things regurgitated over and over.
From the side of a free software user, it's exhausting to see Apple claim over and over in its marketing that it values privacy and then to see its users on a site for tech-literate people parrot that marketing when it is clearly not true. Any time I see somebody fall for that, I will call them out. Any time after I call them out on that, if they say that reduction in privacy is to prevent the spread of malware, I will also call them out because Apple's malware track record in the mobile space is worse than its peers. I'm absolutely fine with people saying that their mobile processors are great because as far as I can tell, that's a true statement. It is the parroting of known false marketing claims that I will correct every single time.
Xcodeghost alone infected an order of magnitude more users than all the malware combined on Google and Amazon Android devices, despite there being an order of magnitude more users of the latter.
Unlike Google and Amazon, who do both static and dynamic analysis of uploaded apps for malware, Apple relies on very basic code scanning and manual review, leaving infected apps up until they were reported externally.
Even worse, Apple does not let third party security research release apps on the App Store, making it harder for them to find and report malware to Apple.
So we have that iOS is worse than Google and Amazon Android devices as a whole. Users who care about security will not randomly choose from that whole set of devices but instead choose among those that receive rapid security updates. That subset makes the difference in security even more stark meaning that iOS users give up their privacy and get worse security.
I see you have cherry-picked a single malware attack from five years ago that affected a very specific and highly-populated region, and are using that as your single claim that iOS is less secure overall. But search after search I conduct, reading articles on this topic from the likes of Norton and various respected security researchers are tipping the balance in favor of iOS for overall security. It's not perfect but it is rather clear. The lack of fragmentation, and the centralized control and ease over updates, are all cited as key advantages in the iOS space in the war against malware.
Thanks for the info on XcodeGhost, I hadn't heard that before. But to stake your evidence on this one single event from over five years ago is not so convincing.
I appreciate your effort to dig up an example that is an exception, but we're talking about the industry overall here, worldwide, and in recent years.
That single event infected an order of magnitude more users that all the infections of Google and Amazon devices combined. I don't need to find any others. That single event also showed how ineffective Apple's malware scanning was because Apple relied on third parties to find the affected apps even after being given some examples. That process took even longer because Apple does not allow third parties to do this effectively.
> The lack of fragmentation, and the centralized control and ease over updates
As I said, if you're choosing a device to run, you don't select one at random from the set of all Android devices. You select one that receives timely updates. On the subject of ease of updates, Android is even better because system app updates do not require a reboot and instead happen silently in the background while the user continues to use the device. This is especially important for apps with large attack surfaces like web browsers, and this is why malware markets have priced mobile Safari exploits as essentially too cheap to meter.
Well, it’s an interesting perspective you have. Worthy of consideration. It’s an idea that swims against the tide, as all of the objective third-party security researchers and antivirus companies that I’ve been reading seem to disagree with your assessment here. But thanks for sharing.
Please read this entire series of tweets, which starts off looking unrelated but is actually entirely focused on this topic. It was written by me--someone very famous in the security field--and I don't know if anyone in said field who disagreed with the Apple/security sentiments... that Apple was better than Android at malware issues ended 2-3 years ago.
Those tweets make some valid points but it seems like a different topic than what we’ve been discussing. I guess I failed to see the connection to this particular issue.
The culminating moment of all of the security researcher hostility discussion was "The reality is that Apple has been so hostile to independent security research that they've lost their edge: exploits for Android now cost more than exploits for iOS, a reversal experts generally credit to Google correctly allowing researchers open access." https://www.wired.com/story/android-zero-day-more-than-ios-z...
It’s been like that forever. I can remember my friends dad had a Mac in the 90s. When I asked my dad he hated Apple and Macs with a passion about. He was an EE and hated the closed operating system. He was not even close to being alone either.
It really was similar to what I hear today from a couple people who I know that refuse to use an iPhone or any apple product. The Apple hating passion from people who have never used them is very real and has been for decades.
It is true, please provide evidence otherwise. Do you know that the 'safety feature' phones home every single app you use clear as daylight on any network you're on? Your ISP can log what you're using, what time, where from. Apple is supposedly big on privacy, yet this was handled by many engineers who thought it was OK to do. That's called hypocrisy. You should be calling out Apple too.
"Apples platform is based on curation" yep, here it is. That's the iphone developer Mantra. Except were talking macos. What you're saying is nobody can create and run applications without apples signature. That apple gets to control it all.
Whatever happened to developer freedom? The ability to create and share? That disrespect software development, that disrespects it's origins, and instead of seeing how hypocritical that is you create excuses for the company that chokes the life out of it.
These are terrible apologies for the world's richest company. You advocate against yourself by thinking "it's apples way or it's the highway". You willingly give up consumer control and make logical fallacies to ignore having to address the cognitive dissonance.
This is why right to repair is being chosen by voters. If you won't be a responsible consumer then the others who have work to do have no choice but to force apples hand.
So your retort to "Apple doesn't believe that you should own your computer" is essentially "if you just don't connect it to the Internet, they can't control you"?
It's not a bizarre position to take when someone wants something to come live in your digital home.
I'm not saying "Tim Cook has something to hide because he won't show us his private life". I'm saying "Apple wants to send a machine to come live in other people's homes; if they won't show the machine's insides, I wouldn't trust that they've got nothing to hide".
> This problem is not a bug, it's a fundamental problem with the culture of software development apple curates.
An equally annoying "Apple policy enforcement" is you cannot downgrade apps on iOS;
So you're using some app and an important part of your daily workflow is based on using this app, and all of a sudden out of nowhere Apple or the Developer decides to radically change/update the app and now your workflow is broken. No way to go back to your previous workflow.
So frustrating... we do not own our devices anymore. Apple enforces what we may and may not do with our devices.
That is very annoying. There should be at least the possibility of "return to previous good old version"
Non-hypotetical example: Latest app update breaks in some weird way on older iPhones/iPads. While developers need to figure that out, users are left unable to use their apps.
> While developers need to figure that out, users are left unable to use their apps.
Or worse, the developers get stuck in App Review Hell for over a week and are unable to release their fix to their users.
This happened to me when the reviewer took umbrage with our screenshots (which have passed numerous previous reviews) and kept rejecting our update. Meanwhile the app was bricked in some configurations with nothing anyone could do about it.
I had two apps that radically changed their business model through updates with no recourse.
I had an app called gas cubby, which let me locally - on the phone - keep track of all my vehicles. I could enter detailed information about each car such as year, make, model, vin, insurance policy, gas purchases, oil changes and the like. It would tell you gas mileage and remind you of upcoming maintenance.
One day, the app was updated and all my local data was uploaded to the cloud.
Another app I had was camscanner from tencent that basically did the same thing. Think of all the PDFs you scan going to their cloud.
I had an app that did nothing but try to identify plants from photos of them, and they updated it to require a social media login.
Another app that let you take a photo of a wine bottle and show you reviews of the wine. They added a social media login too. My list of favorite wines was gone unless I logged in.
Updating is important. There might be security updates. However, if once in a while an update itself causes a bigger problem (e.g. is unusable), it's logical you shoudl be able to downgrade. A defensive attitude ("I better not upgrade as it can break something") is definitely an option and many people are doing that, but it's not the right way to approach the whole issue.
...plus, it becomes very cumbersome to manually update 'some apps' but not 'other apps'. The UI interface makes it nearly impossible to manage this because you can't click "update all apps" anymore;
So, you'd then have to manually click like 100 apps individually/one by one to update them.
I have long argued that what we really need to fix this kind of problem is a very clear separation between essential updates for things like security fixes, where something in the original software was not working as intended, and any other updates that might change behaviour or look and feel in arbitrary (and possibly unwanted by the user) ways.
IMHO, it would then be very beneficial from the user's perspective to have a system-wide default policy for updates along the lines of "install nothing without asking", "install essential updates automatically, ask about others" and "install all updates automatically".
Of course, this would require software developers to actually fix older versions of the software they sold when it was broken, as they used to, instead of trying to make it the user's problem as the developers move on to whatever they want to do next, which has become a popular business model as we've moved to online updates being widely accessible and to web and mobile apps where "latest" is often the only version available to users. So it's obvious why developers aren't so keen. What's less obvious to me is why, given the damage caused by the more recent model, the rest of society tolerates that behaviour instead of holding developers accountable for their earlier mistakes like anyone else who sells us a defective product.
That would require turning off automatic updates and vetting each update individually. On any modern phone with tons of apps installed that would be completely unrealistic. I used to do that in iOS until about 4-5 years ago when it became intolerable.
1) What if, and bear with me here, what if Apple's explanation for why they are doing this is legit? What if they are successfully preventing some malware from running on macs?
2) "They don't believe you should own your computer" -- it appears Apple is planning to offer a feature that allows you to turn this behavior off.
It's easy to assume Apple has malicious intentions here. But I think there is a larger issue which is that all kinds of bad stuff can in fact run on your machine without your intention. You could try to throw anti-virus software at the problem, and that's one approach, and Apple is taking this approach. Which is the best approach? That's a much more complicated discussion.
It strains credulity to assume no malicious (i.e. data harvesting) intent. They are requiring millions of devices to phone home every time they open any application, rather than just pushing an update to a locally stored certificate blacklist when necessary.
By that argument, if the intent was data harvesting, they wouldn't need to do this in real-time, they could also just periodically push a list of apps and launch dates/times without using the internet connection when an app is launched. That would certainly be a lot easier and a less expensive way to harvest data -- and it would also be more reliable since it could capture things that happen when offline. But that's not what they are doing.
If the intent was data harvesting, why the hell did they not actually send data that was useful to harvest? If they wanted to harvest data, they would have sent your Apple ID or device identifier along with the app hash.
They didn't.
Either they are just completely, blitheringly incompetent, or: They actually, truly, didn't intend to harvest any data.
Who's to say they won't add that in future as a new "security feature" - especially now that they are "fixing" this issue by encrypting the calls home. Apple is a master of shifting consumer norms, behaviours and expectations over the long term using this boil the frog slowly approach.
Then you can complain when they do that. In theory, they can add any tracking anywhere in the OS they want. But until they actually do so, complaining about it is somewhat inane.
Same thing applies to the current Apple implementation - Malware could disable the application check. If malware has that kind of access (disable blacklist/application-check), the owner has already lost.
Both approaches are meant to stop malware from launching so I don't see much of a difference. Blacklist/whitelist? Whitelist could be implemented locally as well.
My gut tells me it’s easier to sabotage something passively polling for updates vs something built into the OS that checks at each application launch, but if not, the only difference is the vulnerable window between polling intervals.
So, you may be right, may not make much difference. I don’t accept malicious data-mining intent, however.
Realtime information about spread of malware is really valuable from a prevention/attack perspective. Virus scanners also employ this method. That's why they still give away free versions of their software, just to have as much coverage as possible to get the latest zero-day. So you could even discuss if the data harvesting itself is with malicious intent or not.
Opt-out is not appropriate for privacy concerns, IMO, for two reasons.
1. Opt-out is not necessarily sticky. I don't have confidence that when I opt out, my preference will get rolled forward every time there's an update to the way the feature works. I have noticed this in the past with Facebook and Google.
2. What's good for the goose is good for the gander. If Apple needs to implement opt-out to placate sophisticated users who actually understand what the problem is, then what about the poor saps who don't really know why this is a bad thing in the first place?
If this is truly a "feature," let people decide for themselves at time of device setup whether they want to opt in.
> If this is truly a "feature," let people decide for themselves at time of device setup whether they want to opt in.
They may very well do this. On startup installation, macOS and iOS do have opt-in screens for certain things like analytics, improving Siri, stuff like that. With the introduction of this feature, I wouldn't be surprised if they add that as well.
It's easy to find fault in retrospect but it doesn't make sense to have opt-in screen for every conceivable feature. Apple's philosophy, which is wildly successful for most users, is to choose sensible defaults about how the OS works. When those are challenged, they expose them more explicitly, as they have done in the past. No company can easily predict if their defaults are going to cause a divide, so sometimes they have to be reactive on some features. Apple generally has a great track record of responding to criticisms like this and making things clearer for users.
> It's easy to find fault in retrospect but it doesn't make sense to have opt-in screen for every conceivable feature.
Privacy isn't "every conceivable feature" and the reason Apple is taking heat for this in the first place is that they buried it, and many people discovered it for themselves when the server slow-down happened. It takes some mental gymnastics to refer to that as "wildly successful."
My view is that Apple has no business knowing when and how frequently I run programs, nor circumventing my VPN. If these things are really a "wildly successful" "feature," then why bury them in the first place? Offer them to me as an option and let me bask in the glory of all that Mac OS has to offer.
...That is, unless this is just an intrusion into my privacy.
On startup installation, macOS and iOS do have opt-in screens for certain things like analytics, improving Siri, stuff like that.
And yet there is some data stored in my iCloud account, even though the first thing I did when I bought an iPhone was spend an hour turning off every setting that I could see that would permit uploading anything. How did that happen? Apple introduced some new settings in a subsequent iOS update, and defaulted them to being turned on.
It's easy to find fault in retrospect but it doesn't make sense to have opt-in screen for every conceivable feature.
OK. Just provide a single, clearly marked option to enable or disable telemetry globally, and require that all Apple software and all apps in the App Store use APIs that are gated by that option for all relevant data uploads. That would be very clear about user intent, if you want to be seen to support user privacy as a genuine goal.
Apple generally has a great track record of responding to criticisms like this and making things clearer for users.
And yet huge amounts of data uploaded to iCloud still isn't end-to-end encrypted, even optionally. A lot of Apple users don't realise this, but plenty who do have called Apple out on it for a long time, and it hasn't been fixed. You can read whatever conspiracy theories and subjective arguments you like about why that might be, but the insecurity is an objective weakness in the system that hasn't been fixed.
Zoom, WhatsApp and other companies have recently been criticized for lacking proper end-to-end encryption as well. I don’t know much about that technology but it appears to be tough to do at scale, or at least, this is a more general flaw in the industry than specifically Apple’s problem.
The basic principles of end-to-end encryption aren't particularly difficult if there are only two communicating parties[1]. However, you do need an architecture that supports it.
I suspect a lot of online communications and data hosting services now have a barrier to implementing E2E simply because they already have established infrastructure and software architecture but everything was originally specified to support a centralised system. You can't just drop in a different library or edit a handy configuration file to turn one type of system into the other. Fundamentally, you need to build something new and with a different architecture to work on an E2E basis, which is a major investment and a significant risk if you already have an otherwise successful product operating on a large scale.
The main challenge with E2E, as far as I'm aware, is still how to scale up the basic principle effectively as the number of participants increases.
However, none of this affects the iCloud functionality I've been referring to, where essentially you're only storing data for one party anyway.
[1] This statement is made in the context that encryption in general is a field where you really want people who know what they're doing implementing everything and if you don't have experts in-house then you should probably use someone else's tried and tested implementation instead of attempting a home-grown version.
> You could try to throw anti-virus software at the problem, and that's one approach, and Apple is taking this approach. Which is the best approach? That's a much more complicated discussion.
If I do want to rely on anti-virus instead of Apple, it still doesn't matter.
That is completely incorrect. You have the most important choice of all: Just don't buy Apple.
For everyone else, assume they've already made that choice and are very comfortable with Apple's strategy of curating everything on the machine, not because they are evil or control-freaks, but because they do genuinely want the platform as safe and high-quality as they can make it. Whether it works or not is perhaps a matter of opinion, but if it's not your opinion, move along. No need to spend the days fussing about things you don't own.
> it's a fundamental problem with the culture of software development apple curates.
It's not the Apple exclusive problem; Microsoft, Google are also guilty of datamining our activity and so are many others. The story is always same saying they're respecting our privacy, data is anonymized and it's being used for good cause of improving software and services. But then, suddenly we're learning that someone somewhere is sucking more than it promised in a way that is far from private.
From the Guidelines[0]: Please don't comment about the voting on comments. It never does any good, and it makes boring reading.
And dang himself has backed up the "downvote button as a disagree button" idea, so if you really want to make that argument, I think you'll find the site admins against the idea (frustrating as it is.)
Apple often refuses to learn, or in fact "forgets" what the industry already knew.
Another example: Forcing people to use an E-mail address as their user ID. This is a security and practicality disaster. Not only do people now have multiple Apple IDs (which Apple huffily refuses to consolidate) that split their iCloud and App Store purchases into a mess, but a large proportion of the public undoubtedly thinks that they have to use the same password for this ID as they do for their E-mail account itself.
Everyone's E-mail address is on spammers' lists. When you combine that with a list of the top passwords, you get thousands if not millions of compromised accounts.
I would like to see mac that does not phone home at all out of box! And if you chose to use internet then it phone home for authentication like icloud.
And that's fair, you can put the notary verification server in your hosts file so requests to it do not work and everything will work as before.
But for the vast majority of people, a system that warns them their software has been compromised will help keep things secure.
I mean I don't agree with them phoning home for every application startup; they could have implemented it like the https certificate system, where you have a database on your own system with signatures that the OS can check against. They can install the signature (or fetch it) on application installation / update, no additional phone home required. They could even put it in a secure enclave or whatever so that in theory, no malicious software can update it.
The Windows community reacted to similar behavior by Microsoft by creating several scripts and lists of servers being used to phone home. I guess something similar will be created for macOS although the actual packet filtering will have to be implemented on the router rather than the host.
I want a computer that I can use for music without internet. Only connect for software upgrade. Very simple. And I don't want to use linux or freebsd. Mac used to be for pros, not it is just for hispsters.
You’re 1 in 7 billion and not every one wants to be a car mechanic. To customers this is natural. This is a tiring attitude to encounter in society, from car guys to computer guys.
An individual or a minority does not dictate market behaviors. To everyone except control freaks that’s natural.
Social memes of yesterday are fading. Should we revive pagan ritual and return the land to Native Americans? How to avoid harm in a reality that erodes on auto-pilot?
Your words are outdated software, programmed in decades ago. You’re over the hill and new ideas are following up as usual. Move along.
If you have real ideas act on them. The market for low effort bleating online is saturated. Such ideas aren’t even worth a dime a dozen anymore.
Apple is responding to what the vast majority of the market wants. Most customers want a computer that "just works" and is secure, and they want Apple to do security for them. Having the OS/machine vendor do security for you is a gigantic value-add for most users. Most people either don't know enough to handle it themselves or don't have time.
There is a minority base of users who explicitly don't want this, and that includes many of the users on HN. Product development tends to be a quasi-democracy in that what most of the market wants, most of the market gets.
That being said the implementation here is badly designed. What Apple should do is have an advanced dialog in the security/privacy preference panel that allows these things to be configured, but with a warning that doing so will disable certain Apple-provided security features. Also: Macs have plenty of space. Why not download the entire f'ing CRL list? It's just a bunch of hashes and timestamps. Download the whole thing and then update it with patches at a configurable rate: every 15 minutes, every hour, every day, or "on request." That would fix many problems.
I would love some policy experimentation with downvoting because downvotes are demotivating and reduce engagement and discussion bandwidth. I think downvoting amplifies herding behavior.
I propose only giving the right to downvote after a comment reply is posted because as commenter a -3 value doesn't contain any information about the comment itself.
HN does have some policy around downvoting - you have to have ~600 "karma" before you can do it.
Reddit doesn't any restrictions at all, and of course that's a massive echo-chamber. But Facebook and Instagram only have upvotes (likes) and the communities are either massive hugboxes or ghettoes.
That’s what not requiring comments prevents: useless comments that are just posted so people can downvote. So now your comment section is flooded by “I disagree” comments and you can’t downvote those without leaving a comment as well. It’s a self-serving cycle.
It's all in our heads. Human species is obsessed with the opinions of others and they define us more than what we actually do. So ignoring downvotes (and upvotes!) is actually a good mental exercise.
The problem with this kind of "we don't do it" disclaimer, is that they send the information in a way that can be intercepted (OCSP is over HTTP). Even if the information from those requests is only a partial picture, you can be certain that entities like the US intelligence services can slurp it and combine it with other data.
If Snowden taught us anything it's that seemingly innocent metadata can be used at scale for a variety of unexpected things.
This combined with Apple system services avoiding Little Snitch / Lulu and VPN software in Big Sur is a very dangerous step.
How long is it going to be a until a journalist/activist is arrested or killed in an Authoritarian state because the VPN was sending most of the information except the Apple information?
It's more than a "we don't do it" disclaimer. They said they're changing the revocation detection to an encrypted protocol later this year and also giving users an option to opt out entirely. https://support.apple.com/en-us/HT202491 (See section "Privacy protections")
It's good that they are making these changes, but they're only making them to save face, rather than proactively. Also (nitpick) it's 'over the next year' not 'later this year' given how late we are in the year those are two very different things. It could be 12 months of being vulnerable.
This also does nothing for privilege they are affording their own apps to avoid VPNs and Firewalls, which has already been shown to be a security flaw (malicious software will then masquerade as the privileged software).
They're basically just promising they won't be bad guys, which solves nothing.
The proper way to implement their feature without causing privacy issues would be to periodically update a list of authorized certificates and check against that list locally when launching apps. That would probably also increase performances.
I will disable it when it comes but I think it should be "opt-out" because otherwise the OS becomes insecure by default. And it will hurt majority of the people.
Apple can ask it on system start like Siri and analytics.
If it were a pre-downloaded list then this is not surveillance. What it is doing it ensuring that software hasn't got malware in and/or that the developer's certificate hasn't been removed (e.g. for distributing malware). That's a good thing, like running a checksum on a downloaded file.
Not any bigger than package repositories on linux distributions, which include the list of all known software and sometimes even rules how to build them.
It's just plain text. If I can have a local dump of wikipedia, I'm pretty sure I can store a list of developer IDs. Especially when I'm a company controlling the hardware and knowing what is the minimum amount of space the hard drives have in my computers.
There is a very large list of binaries that can potentially be downloaded, each of which can have hundreds or thousands of versions, while the number of known virus fingerprints is relatively small.
Apple doesn't check binary hashes but developer certificates these binaries are signed with. Which there are a lot less of (ie. firefox and thunderbird share the same certificate).
But the first lookup would have to stay, with all the implications that the proposed alternative (download a list of all certs/tickets) was meant to overcome.
"Apple clarifies that user-specific data is not harvested during the security check and that they plan in removing all IP information from the logs"
So they were harvesting IP information in their logs. Just wow this is what i expect from company that advocates privacy. Privacy is just marketing game for them.
Bypassing vpn etc has made all your privacy claims invalid apple?
We want less trust more truth. If you cannot do that you are not privacy friendly you are hypocrite.
> So they were harvesting IP information in their logs.
I don’t get to that conclusion from the text you cited. Sure, it’s possible. But I give Apple the benefit of the doubt here that what they are doing is logging IP addresses of HTTP requests like pretty much any other HTTP server does and now they are going to stop doing even that in response to privacy concerns. Seems reasonable.
The other, arguably bigger, problem here is that the data is apparently being sent unencrypted, so regardless of whether Apple discards some of the data after receiving it, others might not.
Absolutely agreed. I am by no means defending Apple’s entire position here — just the pretty mundane operation of logging IP addresses associated with HTTP requests.
Web servers log requests with IP addresses kind of by default. Unless they went out of their way to make sure ip addresses were purged (which they are now) they're probably going to be there.
I would expect a company that goes out of their way to claim they care about user privacy to at least make some trivial configuration changes on how their web servers log requests by their users.
Ironically, CRLite seems similar to the approach Apple was (is?) forcing for "content blocker" extensions to Safari--pre-supplying a canned declarative blacklist to Safari, instead of Safari allowing extensions algorithmic access to the current URL.* Their motivation was supposedly to increase user privacy. Funny how they didn't think of that in the CRL and app-blacklist cases. Perhaps they were worried the locally-cached lists themselves would be subject to attack?
*In my opinion, in the content-blocker instance the result is a much poorer user experience (ad-blocking effectiveness, flexibility) when compared with e.g. uBlock Origin, and one of the reasons I continue to use Firefox instead.
How can "notarization" be advertised as anything else than locking down the platform towards absolute uselessness in the name of security? Not going to use Mac OS, period. Mac users also can say goodbye to F/OSS on their platform, unless Apple themselves release signed versions of apps for the command line and web servers, DNS servers, file servers and the like. Which they're not going to do as can be seen in the outdated (as in 10-20 years old) versions on Darwin ports.
Windows dev here. Not to disagree with you, but I also have to buy an Authenticode certificate just to sign my assemblies so that Windows doesn't show a scary popup when the user starts my application.
Ah, and I also have to buy another certificate for HTTPS so that the browsers don't show a scary popup when the user opens my website.
Yes, my app is Java so I would also have to pay for a Windows cert. I have none right now and would love to not feel so attached to the $300 a fancy cert would be.
For HTTPS I manage with LetsEncrypt. Wouldn't that work for you?
As an iOS developer I justify it as the cost of doing business. However, unlike you I sell my apps so the annual cost is justified. I think Apple should have an "Open Source" certificate that comes at no cost but the source code has to be made public somewhere.
I guess EFF should check if any GPL-licensed software is shipped with Mac OS (such as Apple's antique bash version). Because AFAICT, a requirement for notarization, or any other condition on top of GPL for that matter, is incompatible with GPL.
Why should I trust Apple, or Facebook, or Google, or any company but myself with my privacy?
Why do I care about what they say? Its marketing speak. Why not just not do it at all? Let me decide how I want my data to be sent. Which ideally, is zero.
Apple has some double standards, too. When it's third-party iOS apps, it now requires user consent for tracking, which is a good thing. When it's its own operating systems, it sends too many questionable requests to various Apple servers with you having very little recourse — you basically have to reverse engineer the thing to some degree to prevent it from phoning home.
There won't be 100% security or certainty, at some point you'll have to trust someone. Do you have the schematics or your network controller, your CPU? What about your ISP's router?
One of the hallmarks of Apple news and commentary is how whenever Apple merely announces it will do something, Apple is treated like it already did it, while exactly matching its own promises.
The current headline* hints Apple has already made changes, while the article only says Apple 'plans' on making changes over the next year. Any other company would have been torn to shreds on HN if it kept sending cleartext logs and merely 'planned' to sometime patch this out.
The plan is odd too - why does Apple need 'a new encrypted protocol for Developer ID certificate revocation checks' when existing encryption protocols can do this?
* "Apple Addresses Privacy Concerns Surrounding App Authentication in macOS"
I don't agree, and moreover I note that this is a purely semantic point that you are making.
Apple is a major hardware manufacturer and software developer, and it seems totally appropriate to suggest that Apple is responsible for how it chooses to implement certain features. Saying "well, we just took it off the shelf" may work for a small-potatoes business, but not the largest public company in the world.
Additionally, it's like the Nuremberg Defense of software.
Any protocol (or tool in general) is appropriate for certain situations, and inappropriate (in this case, vulnerable) in other ones. You shouldn't suggest that others must bend over backwards semantically to try to pass the buck away from Apple, because Apple is responsible for using the protocol. Saying "Apple's protocol" indicates that Apple made the conscious choice to use that protocol, and that Apple has ownership of the consequences of using that protocol.
If you read the original thread, nobody complained Apple got his/her IP. Apple already has that IP from a thousand other vectors. The real issues (cleartext, being able to build a profile using Application data, etc.) aren't yet dealt with at all.
> One of the hallmarks of Apple news and commentary is how whenever Apple merely announces it will do something, Apple is treated like it already did it, while exactly matching its own promises.
And yet, this thread and every other Apple thread is full of comments like yours assuming negative intent. Check out other comments in this thread, you'll see comments asserting that of COURSE this feature is for harvesting or that Apple doesn't want you to own your devices any more. You comment is another critique based entirely on what they might do: that are not going to do what they promised.
The point is the headline implies something more expansive than the article's content; and if some other company would promise to fix sending private data in cleartext sometimes later in the next year, HN would have a fit.
Others have pointed out that you are misunderstanding what the word "addresses" means. If they had announced that "tough shit, we ain't changing it" that would still be addressing the issue. Addressing does not mean "fixed" or "resolved".
I don't see how Apple can address this: they already collected the data as an unavoidable function of having performed the intended action.
Any attempt to claim that they do nothing with this data, and choose not to store it for future use, are red herrings: they will do whatever what their shareholders, the government, et al. tell them to do with it, and will do so without notifying users, and do so retroactively if possible.
There is also no way to audit their backend to prove that they are, indeed, doing exactly what they claim to be doing, ergo, the only safe OSX system is one that has Gatekeeper entirely disabled in leu of a local-only switch.
Due to enterprise security concerns with leaking attack targets via signed binaries cert chain/OCSP checking, Windows since Vista already allowed disabling of this obvious hole.
I know a lot of Cult of Apple are going to climb up my ass for saying this, but this continues to highlight that OSX is not, and probably never will be, enterprise ready. Apple needs their own Nadella-type of CEO before I'll change my opinion on this.
this, but this continues to highlight that OSX is not, and probably never will be, enterprise ready
Apple clearly signalled its lack of interest in enterprise offerings when it canned Xserve back in 2010, so don’t hold your breath waiting for these features.
Android is getting just as bad lately. My primary banking app (Barclays) just stopped working on my phone because they've started to use Android hardware attested SafetyNet[0][1] to check to see if the phone is rooted.
This can't be easily bypassed. Magisk Hide is useless. For now I've had to disable auto-updates in the Play Store and manually install an older app APK, but it's only a matter of time before they deprecate that version. I do essentially all of my banking via my phone, so when this happens I intend to close all my accounts and move banks.
The sooner someone leaks a hardware key (preferably one that Google can't revoke without cripplingly bad PR for breaking millions of products) the better.
I honestly think 'appification', app stores, and locked down hardware via key chains will be the end of an era in hacker-friendly consumer electronics. Perhaps the end of personal computing entirely.
Both white and black hat hackers friendly? The vast majority of consumers don't want to 'hack' their device. They just want to watch Youtube and do bank payments without getting hacked and robbed of their savings. Recently there was another case in the news where someone was phished via an insecure platform (PC).
I get that a lot of rights are taken away from us, but we should fight this with proper consumer protection laws. As it is demonstrated times again most consumers are to naive to take responsability of their security and criminals get away with it to easily.
Several other apps I use simply display a warning when used on a rooted device. Ultimately, the problem here is one of recommendation vs enforcement.
Would you tolerate a bank that insisted on coming in to your house and forcing you to install Norton Antivirus on your computer before they allowed you to log on to your online banking via their website?
Banking security should be implemented on the server side. I shouldn't have to choose between running my own code as root on my device and being able to bank.
You could ask that question the other way around. Should the bank allow people to put up a fake front for the ATM recording the customers card and PIN?
Not all problems can be solved server side. And no bank is going to come into anyones house. But they need a resonable assurance the environment the customer uses to conduct their bussines in safe and trustworthy. It's either that or no mobile customer service at all. Or everyone needs a "digital drivers licence" which I think some "IT people" I know wouldn't even pass for.
Phishing is a real threat. It might never ever happen to you. But a lot of people thought just that and got phished anyways because they where learned to trust certain signs (eg: green padlocks).
> Should the bank allow people to put up a fake front for the ATM recording the customers card and PIN?
This is a false dichotomy. The hardware attestation for SafetyNet is orthogonal to being able to use hardware attestation for e.g. session/user keys, or even chain-of-trust down to the fingerprint sensor level.
Keys can be kept secure using secure enclaves even if the OS is rooted.
Blocking rooted phones with SafetyNet is just spite.
Not to mention, an ATM is property of the bank and is shared-use. The user is not the owner. The phone belongs to the user.
> To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
Serious question as somebody who is not an Apple developer and has zero clue: does the wording "Developer ID certificate checks" here mean locally-built binaries only? Would a 'Release' binary still be logged? Not trying to spread FUD, but I haven't touched Xcode since it was called Project Builder and legitimately don't quite understand.
I guess to phrase as a question: Does this stop the hypothetical logging of anyone who has downloaded and ran Tor Browser without compiling it themselves?
Like any corporation, we'll be the first to admit that this mistake should never have happened, we should have communicated it differently, and we're very sorry that we got caught.
Going forward, we can promise a quick return to business as usual as we work to regain your confidence, starting today with the announcement of several meaningless token gestures alongside a new and more effective PR and marketing campaign.
They will not stop logging or delete the logs that they have collected. This suggests they want the data that is collected in the logs, and, in fact, they were collecting IP addresses previously, despite their statements about respecting user privacy. Will they tell the public exactly how they are using the data that they will continue to collect in the logs? Is it commercial use that benefits the company? Does that data belong to the user? Do users grant Apple a license to use such data for such purposes? Who pays for the battery and bandwidth to keep transmitting the data to Apple? Does Apple pay? If Apple makes promises to do something in the future, e.g., in a press release, are those promises enforceable? If so, how?
It's not, it's whitewashing of a solution that doesn't respect privacy in any way.
There are already solutions where this data is not (1) sent in plain text over the internet, where your ISP and anyone else along the way can see it, and (2) don't give even the endpoint information about the specific certificate you are checking.
It's crazy that there was no official opt-out for this.
It does create this risk of people opting out and spreading malware to others, but after last week's debacle Apple probably thought they should come clean here.
Is this even legal? Should any personal information be opt in by default? Should Apple present you with the details of what they send and why and an option to opt in to each separately if you want to? Does Apple inform the user where they can download their data that has been collected and who had access to it?
Does Apple use a loophole in GDPR that it only applies to websites?
It's really not. Antiviruses had a much better solution to this ~20 years ago: download malware signatures, store them locally, and check every program run against the signature DB. Works while offline and completely respects user privacy.
Also, doesn't really work that great for security, as there are always relatively easy ways to fool the signature detection. That's why AVs usually moved to include much more complex behavioral checking.
Note: not claiming that AVs usually respected user privacy - a lot of them could be conisdered malware in and of themselves. But the malware protection scheme was simple and it did guarantee privacy - it's other parts of the AV that then went behind your back and sold your data more directly.
Replace Apple with any other company in the title and all hell would break loose, but since it is about HN's personal toy, you are not allowed to criticize them..
Just look at the heavy brigading happening here or any other Apple related thread. As soon as there is one negative article two positive must pop out to calm the Apple fanboys.
And no, saying "if you don't like the platform then don't use it" is not a valid argument. Thank God that it is not up to us on HN to decide what Apple can do, but to the court of law, at least I am putting my trust in the EU..
I was asking in previous threads if we could look at some info directly from Apple before declaring the end of the world, and I was downvoted to hell for seeking more clarification amidst the outrage.
Sometimes, waiting to hear a response isn't unreasonable, don't you think? Maybe rethink the plan to abandon Mac for the rest of your life based on the story of the minute?
Why would you not only believe, but actively look for the PR spin on an obvious violation of trust?
The technical facts are not interpretable: Apple chose to build the new MacOS in such a way that they leaked information about every app you chose to run on your system, in plaintext, over the internet, sending it to a third party. Whether they did this out of malice or bungling, the only conclusion is that you should not trust the new MacOS with caring about your privacy.
Whatever PR spin Apple would choose to put on this is mostly irrelevant. That they chose to simply pinky swear that they wouldn't log IPs as the main defense is even worse.
The reason for outrage is that this problem is so glaringly obvious that we can't dismiss it as an oversight, especially with a company as advanced as Apple claims to be. They boast about the T2 chip and all of their security measures. So for them to leave the gate unlocked on something like this is problematic. It means they made the choice to expose and log users' activity, to some degree or another, on purpose.
To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
Why would they ever have logged IP addresses, if the goal is simply to verify the user-side authenticity of an app?
It may be worth noting that we do not really know what do they mean by "logs". These can be either database records or simply text logs generated by a web server sitting in front of the OCSP backend and logging the requests, regardless of what those requests are referring to. In other words, it does not have to be a conscious decision to "harvest IP addresses" but could easily be a side-effect of what the infrastructure does.
Still, it is no excuse for them as one would expect clear and thorough security/privacy audits before rolling out such features. Especially from companies like Apple.
To them this is natural, they get away doing anything with the Iphone. Doing it to macos is the natural result of that precedent.
There's a downvote brigade in this thread. The downvote button is not a "I disagree" button.