While this is great information, I have to wonder why they have the floating thing in the middle of the content that takes you back to the top when clicked. It's really difficult to read while scrolling with it covering most of the content and inverting colors.
To offer a counter opinion: I agree that it makes it difficult to read and serves no real purpose, but I actually kinda like it. It reminds me of the golden ages of the early net, when everybody had their own website, all with questionable but unique design choices.
I admit that the current sanitized, standardized net is probably better overall. It's certainly more accessible. But I do appreciate sites that make weird personal choices like this.
This is impressive, but if you care about privacy then why are you using MacOS to begin with? It seems like you could never be completely certain that it is safe.
Rather than starting with a closed system and ripping out the parts that spy on you, why not start with an open system like Linux or OpenBSD?
I don't think privacy is such a simple scale like this. I actually trust my macbook to be more secure than my Linux desktop. Apple has spent orders of magnitude more securing this device, while my Linux desktop setup is mostly only ensured to be generally working.
If anyone with the smallest amount of skill had physical access to my desktop, they could replace the bootloader with a malicious one and get everything when I next log in. While my macbook is secured against basically everyone but top tier federal agents. If I left my macbook in a hotel room, I can reasonably expect it has not been tampered with.
There doesn't seem to be any real version of SIP on Linux. Basically every program I run requires full access to everything. Flatpak is sort of tightening things up but it still has a long way to go to close all the loose ends.
So while I might have more control over my linux machine, I still trust my macbook more.
Out-of-box, you're generally right. "Hacking" the average Linux user with Secure Boot disabled and a default GRUB configuration with unencrypted ext4 root is like taking candy from a baby.
It does beg the question of which system can be more secure, though. Apple has a decently high bar out-of-box, but they could certainly do more to make MacOS a trustless ecosystem. The simple fact that all of MacOS is basically unaccountable from a programming perspective is both a security flaw and a privacy concern. Whereas a public codebase like Linux receives constant intersectional scrutiny, closed systems like MacOS can't have that same attention. Non-transparent codebases cut both ways: they can hide embarassing bugs from people reading the source, but it can also protect zero-days and backdoors that would have otherwise been identified and fixed. Transparent systems only seek a ground truth.
So... it's a toss-up. I wouldn't put my life on the line if I was a political dissident considering a Macbook, but Joe Shmoe and his wedding photo editing business should have all the security it needs.
GNU Linux desktop can’t be made more secure than a Mac in my opinion, without having to rewrite the whole thing to the point where calling it general linux desktop is a stretch. But this is not an OS property - if one would install Android, then the security would improve severalfold, likely better than OSX (mobile OSs are much more modern and security oriented). The reason is that the old-school UNIX permission system is way too crude. The minimum is to run every process under a new user, so that its permissions would even start to make sense. SELinux is also important, as well as secure IPC. Android has all that solved.
GrapheneOS on sufficiently secure hardware (! Unfortunately open-source laptops are very bad in this category), which has to be a Pixel for now trades blows with iphones.
The Linux security model was designed for a time when you had multiple humans sharing one machine, and every program either came from the OS, or was sourced from a reputable origin. It's almost useless in the current landscape. Some efforts like Flatpak, Wayland, Pipewire, and immutable OSs are starting to improve things, but it still seems like we are years away from having the level of security MacOS had a long time ago.
And I just can't see how any security measure which requires hardware can come to Linux desktop.
> And I just can't see how any security measure which requires hardware can come to Linux desktop.
Why? TPM works just fine. Secure Boot is perfectly usable on most OSes. Hell, even fprintd supports biometric authentication if you're a weirdo. Nothing inherently stops this stuff from being made, certainly not the kernel.
All hardware-based security measures will probably never be supported by Linux, but if your benchmark for disbelief is "any" then boy have I got a boat to sell you!
It's not the same. There are definitely people who try to exploit both OSes, but the conversation around securing them couldn't be more different. MacOS is developed in the "Cathedral" style - closed source, with a small group of contributors who assume responsibility for everything (including security response). Linux is developed in the "Bazaar" style, with patches being freely distributed and incrementally contributed by the community for each release. This represents a fundamental change in how security is handled; Linux can merge a fix as soon as it's available and passes review. Mac issues must be reported by a user, passed to an Apple engineer, located in the codebase, fixed, and then reviewed before it can make it into a Rapid Security Response patch. Apple's system is less transparent, often slower, and overall more convoluted than developers and users pointing to the spot that's broken.
I want things to work this way, but often they do not. Often what happens on the Linux side is that the security patch, if any, gets silently put into the tree without disclosing that it's a security patch, and downstream never pulls it in. There have been numerous instances of kernel maintainers asking people to water down their commit messages so they don't sound as bad as they are :/
This doesn't mean Apple does everything right, of course, but the situation on the other side frequently sucks too even though it nominally should not. And given various choices in their ecosystem (lack of fragmentation, for example) they can and do end up with a better security story in some areas.
Definitely, there are pros and cons to each process. They are markedly different, though - Apple wants secrecy, whereas Linux demands transparency. Sometimes patches are rejected or ignored, but transparency is never compromised. This gives insight into how patches are accepted or rejected (eg. the Paragon NTFS), information that isn't public in Apple's process. The separation of users and "blessed" developers remains an enormous roadblock to effectively scrutinizing and quickly fixing Apple's software platforms. It offers some protection, too, but it is a night-and-day difference to how things are handled in the Linux world, dysfunction and all.
I'm not sure if the MacOS codebase gets as much review as Linux, but what makes MacOS more secure is that they utilize multiple layers of security. Finding a bug in a single component is often not enough. Which is why even after countless bugs found in macos and ios, we never see things like the secure enclave and encryption keys compromised, because they are layered out and unaffected by bugs in the OS.
We are at the point where being bug free is impossible and patching after discovery is not good enough. Secure designs must protect against undiscovered bugs.
You could custom-build a special version of MacOS that runs entirely in userspace, but unfortunately it would never be as secure as a properly-configured Linux system. The default on MacOS is a venerable effort, and a powerful standard to enforce across an entire line of devices. Apple does not give the user enough control to protect them against Apple themselves, though.
There are certainly security and convenience scenarios where MacOS is hard to beat, but no trust-based system can ever be the final say in security.
And I'd happily run them if the hardware situation wasn't so damn grim. There's no Arm booting standard so you have to re-invent the kernel for each model of chip vs just booting an x86 PC and let the kernel poke at discoverable hardware and figure it out. Arm has old-school ISA like configuration for your non-discoverable hardware with devicetrees preventing generalized kernels from existing.
Someone please make open booting and hardware configuration for a general OS on Arm a reality. Without standard booting I feel that open source OS phones will never exist. They're always behind on driver development leaving users with buggy battery murdering devices that are missing features. Dev's don't want to bother with messy alpha quality platforms. They move slow as they don't have FAANG money so the platforms never gain momentum. Simple general booting will change that - no more recompiling a kernel using some byzantine labyrinth build system - just write an image to SD or USB and boot.
I am wrong there, they describe non-discoverable hardware so they are useful.
I am confusing them with the issue of getting a kernels built for a lot of the poorly documented hardware that varies a bunch which device trees try to solve but don't. No two vendors agree on how to boot things. I cant just download ubuntu or even openbsd for my phone or tablet as each of those has its own boot loader. Too splintered of a platform.
Thanks for your response. It’s an interesting perspective. From my point of view the idea of having incompatible boot protocols is a feature, not a bug. Fundamental differences must exist at some point in the hierarchy. Why not the boot mechanism?
The SoC is its own static architecture - each vendor sells its own little computer system complete with booting methods. Since the hardware is static there is no need to implement a configuration mechanism which also acts as a discovery mechanism (like PCI). So we can't build a kernel that asks the SoC "Whats inside", instead, the device tree is a list of what hardware exists and where it is mapped in memory.
And that hardware might not be standard or use weird register layouts that don't match other commonly used layouts in other similar devices further complicating the porting effort. The SoC might have a unique USB controller or Ethernet MAC or whatever that needs a new driver. Just lots of duplicated effort for each "new computer" when its all the same hardware inside. And its like this because SoC's are low cost disposable chips - no one cares if you cant port a new kernel because by the time you want a new kernel the thing is already obsolete and expected to be disposed of and replaced with a new gadget.
What could be done? Setting standards for hardware registers - similar to how PC vendors like Intel and Microsoft standardized the dumb basics like ATA, USB, Ethernet, Serial ports and so on. Set standards so we don't need to re-write drivers for every new chip released. Then standardize the boot firmware so the device can boot-strap the hardware to the point where it can load a kernel image via a debug interface, thumb drive, emmc, sd etc. Let the device boot hand the OS its device tree - done.
Why wouldn’t they? They can analyze it as much as they want even if it’s encrypted (by them), while not doing so would just open them up to to the legal ramifications of data leaks.
> not doing so would just open them up to to the legal ramifications of data leaks.
They can already protect themselves by using pseudonymous IDs, and by not storing SSN and full names on the same system/network as your browsing history.
I'm struggling to come up with a general example where an adversary would be prevented from accessing the data if they had already compromized the network, so to me, it's just obfuscation with extra steps. Maybe if an adversary, by some miracle, had a non-root shell in database server, but somehow did not have read-permission on the crypto store ???
Physical theft of drives is a valid argument, but even that is a weak one. The data center facilities are very secure.
End-to-end encryption doesn't secure anything if you don't control the keys. I'd believe they encrypt the data at rest, but I wouldn't ever dupe myself into believing that makes it safe. So... we're back around to square one. Apple will steamroll over your privacy (along with 10s of thousands of other freedom-loving Americans) without a second thought.
It could be worse, though. If you're a Chinese iCloud user, your data just gets uploaded right into state-owned servers: https://support.apple.com/en-us/HT208351
Why not start with an open system like Linux or OpenBSD?
Probably because they were traumatized by how much extra work that was (and for a sub-par desktop experience overall), last time they went down that rabbit hole.
> Probably because they were traumatized by how much extra work that was (and for a sub-par desktop experience overall), last time they went down that rabbit hole.
I’m in that camp. I ran Slackware on a Compaq laptop in the early 2000’s and it was more work than I would have liked — though I did have more free time then as a student.
I swapped to macOS and have been using that since for work and personal productivity projects, though I do use windows to play games. When my MacBook went on the fritz, I was forced to become acquainted with WSL. And I find it to be pretty usable for my use cases.
My MacBook is a bit aged at this point and probably needs replacement before too long. But now instead of comparing OSes (Linux or windows with WSL vs macOS), I need to think about hardware: battery life, build quality, and performance; my needs in these categories may still favor Apple in the laptop and small form factors.
If you mean the default experience, no. Gnome, Xfce, KDE, LXQt, Lumina, DWM, etc are all in ports and packages and fairly straightforward to get set up.
Is there any indication that the processes this post is concerned about actually do anything when Siri is disabled in the usual way?
I have no wireless interfaces enabled on my Mac, yet several Wi-Fi services are running.
My Mac doesn't support Universal Control, yet UniversalControl.app is running.
And so on.
One could certainly argue that the fact that unnecessary background processes run unconditionally is sloppy system design, but in the absence of some evidence that they materially affect system operation, I'd just as soon leave them alone.
If one's goal is to run a minimalist system, I can hardly think of a worse starting point than macOS, compared to which even Windows is at least somewhat amenable, given that both WinPE and Server Core exist as vendor-supplied examples.
I say this as a near full-time Mac user since the early '90s.
I don't know what happened there, because it should be disabled by default. But if you accidentally enabled it, you can change that in Settings > Accessibility > Voice Control.
Yet another sad (but unsurprising) reflection of Apple's patronising and contemptuous attitude towards its users. This is the number one reason why I don't use Apple products - because Apple consistently says (via its deeds over a long history): "we could make thing xyz opt-out or configurable, but we won't, it's our way or the highway, resistance is futile, f*** you".
I'm not a fan of Microsoft either (and they ain't no saints either - anyway, I primarily use Linux), but if I have to choose between Microsoft-land and Apple-land, I choose the former, because they, at least, are and always have been way better at giving their users choice, and at making everything configurable.
For me, it's not even so much about privacy, or opaqueness, or interoperability (although Apple is abysmal in those ways too, and they matter too). It's about respect, of which Apple demonstrates none.
Even after a concerted effort, the best that the author - someone who appears to have decent technical know-how - could come up with, was a "whack-a-mole" script that kills Siri whenever it rears its ugly head again. Says it all.
That's an incredibly apples-to-oranges comparison! S3 does cloud storage and nothing much else; MacOS runs your whole desktop. Apple's (primary) target audience is Joe-on-the-street consumers; AWS's is devs and businesses. The only comparison relevant in this case, is that they both have AI voice bots, and FWIW, I have no more intention of ever using Alexa than I do of ever using Siri (nor any of the rest of 'em!).
Kill Siri? We should kill all voice assistants. I've never witnessed a single person using a voice assistant (mobile or not), but yet these behemoths put money on them, so what's the rationale for having them? One actually valid use case could be for impaired persons but even among them I dare to question their popularity, but I could be wrong.
- Set timers when cooking or before I need to leave
- Converting units or doing calculations.
- Check the temperature or weather.
- Set the temperature of radiators in specific rooms.
- Announce upcoming calendar events prior to their occurrence, e.g. which bin day is it tomorrow.
- Play/Pause my TV if I'm eating something messy.
- Occasionally for playing music.
Despite this it still feels very limited. I'd use an assistant that integrated an LLM even more frequently. Alexa's biggest drawback is that she isn't conversational, follow-ups only work when they've been explicitly supported. You can't ask her to clarify or correct her in most cases.
Not much work seems to have gone into tightening up the rough edges either. Multi-User support is pretty poor, failing at fairly basic things like "what's on <wife's name>'s calendar tomorrow?". She's unable to answer much about packages as well. Asking her what items are included in the delivery simply prompts her to re-announce that a package is being delivered today.
Just curious, don't you have any privacy concerns having something that is potentially listening to you at all times?
> Despite this it still feels very limited.
Yes, I was actually thinking about this before posting the comment. It can be kind of useful but for very basic things. On mobiles phones is it possible to call emergency services through it?
> Just curious, don't you have any privacy concerns having something that is potentially listening to you at all times?
Absolutely, although I have similar concerns about any device with a microphone and network connection. Ultimately it was a trade-off, when an OSS alternative of comparable quality exists I'll switch when I have time. The OSS options have come along a fair bit in the last few years and they seem to be quicker at integrating LLMs. Quality hardware seems to be the biggest barrier.
> Yes, I was actually thinking about this before posting the comment. It can be kind of useful but for very basic things. On mobiles phones is it possible to call emergency services through it?
I'd assume so, I don't use it much on my phone but I can ask one of the dedicated Alexa devices to call regular phone numbers/contacts and it'll use my phone plan to do so.
Long time ago I have read an article that was not explicitly about voice assistants, but in this article it was described how a Samsung TV with a microphone was actually hacked and made a surveillance device. Here's a link to this, but again not sure if this was the article I read at a time:
> We have to trust Apple tells the truth, because we have no access to Apple's servers and databases and because its software is closed source. There is no way to confirm this statement.
Yes. You do have to trust Apple to tell the truth, just like you trust every vendor to do the same. You can also choose to trust professionals[1] who do compliance/privacy auditing.
Only looking at what is directly visible to you (the filesystem) and jumping to conclusions (these things run Siri) is too shallow a pass to understand at all what is going on, and this blog post is just spreading FUD.
I helped create one of the daemons you link in the blog post, `siriactionsd`, and it was created for the Shortcuts app. It contains a bucket of different services used across the operating system by a series of features all attributed to Shortcuts. We then then did all of the work to wire everything up to a series of understandable switches: in Shortcuts settings. You can turn those switches off and/or delete the app and you have to (again) trust that the engineering team implemented them properly and in a way that you would agree with. Not all engineering teams are equally good, even at Apple.
If you like to understand how your operating system works and what every single process is doing, then I would switch to an open source operating system like Linux.
Try turning off other services and looking for traces of them – you'll turn up similar results. Daemons are baked into the read-only operating system image on all of Apple's platforms and there is no way to uninstall them.
The thing is that Linux isn’t much more accessible at all. Assuming that your vendor isn’t actively trying to hide backdoors from you, reverse engineering closed-source binaries is a little annoying but not all that different from trying to figure out what some open source code does. It’s really the sheer quantity that is the problem here.
You can disable it... by not enabling and agreeing to TOS. But now your life will be cat and mouse where you consciously have avoid enabling it as the dialog appears unexpectedly.
