> In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules ... Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.
This is not new - every time I update macOS, some of the system settings are changed to default including some in the firewall. And I have to painstakingly go through all of it and change it. Also, the few times I've reinstalled or updated macOS, I've always noticed that it takes longer for the installation if your system has access to the internet - so now I've made it a practice to switch of the router while installing or updating macOS or ios. (With all the AI bullshit being integrated everywhere in Windows, macOS and Android etc., I expect this kind of "offloading" of personal data, and downloading of data, to / from AI servers to keep increasing, especially during updates, to "prepare" for the new AI features in the newer OS updates. No internet means the installer is forced to skip it for later, saving you some valuable time, and hopefully you get to change the default setting before it starts up again. Whatever the claims of AI processing done on the Mac or iDevices itself, some "offloading" to their servers, will still happen, especially if the default settings - which you can change only after the OS is installed - also enables analytics and data collection.)
How can you even install the update without access to the Internet?
For years, I can not do the automatic updates, because it always fails with an error message along the lines of "Failed to personalise software, check your internet!", even though I have a perfectly working Internet connection. The only way to update is with a live USB and an ethernet connection. Everything else fails.
every time I update macOS, some of the system settings are changed to default including some in the firewall
Windows has also been doing that for some time now. Only Linux is relatively "clean" from that perspective, but even now some distros are beginning to sneak in spyware. The enshittification of OSes continues...
If you want leak-proof VPN, you need to implement it outside of your device, at the router level. This is true for any device but Apple devices in particular.
I highly recommended sniffing the traffic on the wire and piping it through wireshark. You can do this with a router, or a passive Ethernet tap. You’ll see a bunch of packets going to places other than your VPN entrypoint. If you use a router, you can check your mobile for leaks too. (Did you know if you have WiFi calling enabled, then your phone makes a TCP connection to a sensor server controlled by your ISP every 30 seconds? So if you’ve got T-Mobile and you’re abroad, not even using it as your default SIM, they’ll get a nice log of every exit IP you use.)
Apple’s seeming embrace of support for VPN and network filtering extensions is a red herring, because they’ll happily disable it for their own traffic.
On iOS, the App Store will skip any VPN, and similarly Apple will even block you from downloading updates if you’re on a VPN. I only realized this when I used my wireless router with VPN on it and updates failed to download.
On Mac, there are a bunch of issues, especially on first boot. It seems like the Mac will refuse to establish the VPN until it can make one connection outside of it. I encounter this when my computer wakes from sleep and the on-demand wireguard tunnel (using Cloudflare Warp) fails to send packets. I unplug my Ethernet, disable always-on, wait 30 seconds (for some timeout?), re-enable always-on, and then plug in the Ethernet and in connects. But I’m not actually sure this isn’t leaking, I need to investigate more.
it also leaks the audio of tabs before logging in.
Even though I had disabled all 'restore' applications features, macos sometimes decides to 'start' browsers BEFORE logging in after a restart AND those start auto-playing audio from whatever was paused before the reboot (or many days before).
Since then I went rather deep disabling that feature, but I never trusted it.
They want their TCP/IP stack and safari browser hot and ready for their demanders of instant gratification.
In the long run, they barter this goodwill for "Safari is shit" credit until they and Google force the internet until a browser-turned App-Play-Store war.
Both companies win, and can blame the other company - all while incentivising anti-competition behavior and benefiting from their own organizational, yet altruistic, self-interests happening to coincidentally collude in similar, yet distinctly more complicated cases of creating monopolies spanning multiple domains.
The internet was captured, gamified, commoditized, and vertically integrated into a handful of giga-Corps.
your mobile devices are essentially tracking devices you are addicted to, and the government is too interested in these shiny grandiose things and their use in facilitating government functions without any real consequence, they fail to see the systematic risks that they themselves have allowed to proliferate by not enforcing stricter laws for systematically - exploitable intersections of law, technology, and business.
How is this possible? I wouldn’t have thought that it could open your applications without you logging in? How does it know who you are? How does it know which applications to open? If you’re not logged in yet, is is just logging in for you automatically but not showing you?
Seems like a huge security bug. This isn’t being exploited? Wild stuff.
Reminds me of when you could hear a FaceTime call coming through but if you chose not to answer it, no worries! Your iPhone will turn on your camera anyway! And send your video to the calling party!
Damn, how is that possible? I imagine you have FileVault enabled, and if so this sounds like some security bypass?
I was under the impression that until you provide the password after a reboot, the system should know nothing about you as all user data should be encrypted, so it should not know what apps you had open before reboot let alone start playing sound.
Somewhat loosely related, but I have something similar with the iPhone browser. Where opening the browser will shortly show the last page I had open (even I carefully closed it before closing the browser). Even if it never got me into trouble, I found that annoying as s. And could potentially make problems.
The only explanation is that you restarted whilst having the "Open All Previous Application" checkbox enabled. And yes it will launch processes after you have logged in but before the Desktop is shown.
Either that you or you have some launch daemon that is opening a browser.
> During the macOS 14 Sonoma beta period Apple introduced a bug in the macOS firewall, packet filter (PF). This bug prevents our app from working, and can result in leaks when some settings (e.g. local network sharing) are enabled. We cannot guarantee functionality or security for users on macOS 14, we have investigated this issue after the 6th beta was released and reported the bug to Apple. Unfortunately the bug is still present in later macOS 14 betas and the release candidate.
I've heard NixOS is good, but I guess I still need a GUI os because of browser and some apps I use regularly. I would love to get out of the macOS world, its going to a bad place. Seems like I've configured my whole digital life around apple.
The first boot after a macOS system update has long been bugged out. It launches a bunch of apps you didn’t even have open before updating, seems to be the 5-10 most recent apps you quit. Yes they were fully quit, yes I have the “resume” setting off. It also doesn’t do a resume, it launches them, i.e. tells them to create new windows, and it launches them before it finishes mounting disks, resulting in every update being followed by all my most used apps appearing out of nowhere and telling me all my config and data is gone. It doesn’t really matter, you just reboot again and you’re good, it’s just careless and makes the OS feel unstable. Maybe the firewall thing is unrelated, maybe it finally forces Apple to fix the bug, we’ll see.
I'm not sure what this setting does. The amount of times mac will jsut reopen everything anyway is frustration. I go look up how to stop it and the answer is always "Turn off this setting you already have off".
Mhmm... A POSIX compliant OS which is bundled with a calibrated high gamut screen, low latency audio stack, and relatively high speed networking with good thread scheduling, great memory management and tremendous uptime numbers for a personal computer.
...a toy OS which becomes invisible most of the time for serious users indeed.
I prefer Linux over anything else, but let's be real.
thisislife2|1 year ago
This is not new - every time I update macOS, some of the system settings are changed to default including some in the firewall. And I have to painstakingly go through all of it and change it. Also, the few times I've reinstalled or updated macOS, I've always noticed that it takes longer for the installation if your system has access to the internet - so now I've made it a practice to switch of the router while installing or updating macOS or ios. (With all the AI bullshit being integrated everywhere in Windows, macOS and Android etc., I expect this kind of "offloading" of personal data, and downloading of data, to / from AI servers to keep increasing, especially during updates, to "prepare" for the new AI features in the newer OS updates. No internet means the installer is forced to skip it for later, saving you some valuable time, and hopefully you get to change the default setting before it starts up again. Whatever the claims of AI processing done on the Mac or iDevices itself, some "offloading" to their servers, will still happen, especially if the default settings - which you can change only after the OS is installed - also enables analytics and data collection.)
(More here https://news.ycombinator.com/item?id=26418809 and on this thread - https://news.ycombinator.com/item?id=26303946 ).
hypeatei|1 year ago
Why are you still using those OSes? That seems like a lot of work for something you paid for.
isodev|1 year ago
Foivos|1 year ago
For years, I can not do the automatic updates, because it always fails with an error message along the lines of "Failed to personalise software, check your internet!", even though I have a perfectly working Internet connection. The only way to update is with a live USB and an ethernet connection. Everything else fails.
userbinator|1 year ago
Windows has also been doing that for some time now. Only Linux is relatively "clean" from that perspective, but even now some distros are beginning to sneak in spyware. The enshittification of OSes continues...
AndyMcConachie|1 year ago
Everytime I upgrade my iPhone it turns on Bluetooth. Phreaking annoying.
Apple clearly wants their customer base to use certain features so they simply enable them at upgrade. It's gross.
chatmasta|1 year ago
I highly recommended sniffing the traffic on the wire and piping it through wireshark. You can do this with a router, or a passive Ethernet tap. You’ll see a bunch of packets going to places other than your VPN entrypoint. If you use a router, you can check your mobile for leaks too. (Did you know if you have WiFi calling enabled, then your phone makes a TCP connection to a sensor server controlled by your ISP every 30 seconds? So if you’ve got T-Mobile and you’re abroad, not even using it as your default SIM, they’ll get a nice log of every exit IP you use.)
Apple’s seeming embrace of support for VPN and network filtering extensions is a red herring, because they’ll happily disable it for their own traffic.
On iOS, the App Store will skip any VPN, and similarly Apple will even block you from downloading updates if you’re on a VPN. I only realized this when I used my wireless router with VPN on it and updates failed to download.
On Mac, there are a bunch of issues, especially on first boot. It seems like the Mac will refuse to establish the VPN until it can make one connection outside of it. I encounter this when my computer wakes from sleep and the on-demand wireguard tunnel (using Cloudflare Warp) fails to send packets. I unplug my Ethernet, disable always-on, wait 30 seconds (for some timeout?), re-enable always-on, and then plug in the Ethernet and in connects. But I’m not actually sure this isn’t leaking, I need to investigate more.
mgoetzke|1 year ago
Even though I had disabled all 'restore' applications features, macos sometimes decides to 'start' browsers BEFORE logging in after a restart AND those start auto-playing audio from whatever was paused before the reboot (or many days before).
Since then I went rather deep disabling that feature, but I never trusted it.
Jerrrrrrry|1 year ago
In the long run, they barter this goodwill for "Safari is shit" credit until they and Google force the internet until a browser-turned App-Play-Store war.
Both companies win, and can blame the other company - all while incentivising anti-competition behavior and benefiting from their own organizational, yet altruistic, self-interests happening to coincidentally collude in similar, yet distinctly more complicated cases of creating monopolies spanning multiple domains.
The internet was captured, gamified, commoditized, and vertically integrated into a handful of giga-Corps.
your mobile devices are essentially tracking devices you are addicted to, and the government is too interested in these shiny grandiose things and their use in facilitating government functions without any real consequence, they fail to see the systematic risks that they themselves have allowed to proliferate by not enforcing stricter laws for systematically - exploitable intersections of law, technology, and business.
Affric|1 year ago
cryptoz|1 year ago
Seems like a huge security bug. This isn’t being exploited? Wild stuff.
Reminds me of when you could hear a FaceTime call coming through but if you chose not to answer it, no worries! Your iPhone will turn on your camera anyway! And send your video to the calling party!
radicality|1 year ago
I was under the impression that until you provide the password after a reboot, the system should know nothing about you as all user data should be encrypted, so it should not know what apps you had open before reboot let alone start playing sound.
f1shy|1 year ago
commandersaki|1 year ago
threeseed|1 year ago
The only explanation is that you restarted whilst having the "Open All Previous Application" checkbox enabled. And yes it will launch processes after you have logged in but before the Desktop is shown.
Either that you or you have some launch daemon that is opening a browser.
nubinetwork|1 year ago
diggan|1 year ago
> During the macOS 14 Sonoma beta period Apple introduced a bug in the macOS firewall, packet filter (PF). This bug prevents our app from working, and can result in leaks when some settings (e.g. local network sharing) are enabled. We cannot guarantee functionality or security for users on macOS 14, we have investigated this issue after the 6th beta was released and reported the bug to Apple. Unfortunately the bug is still present in later macOS 14 betas and the release candidate.
https://mullvad.net/en/blog/bug-in-macos-14-sonoma-prevents-...
Was fixed September 22, 2023 it seems (https://mullvad.net/en/blog/macos-14-sonoma-firewall-bug-fix...).
Seems like Apple's product/engineering department doesn't agree with the marketing department about how important their users privacy is.
VoxPelli|1 year ago
banku_brougham|1 year ago
yjftsjthsd-h|1 year ago
What? NixOS runs GUIs just fine. (This comment sent from a browser on NixOS)
akira2501|1 year ago
Insane. Why even have one or expose it to the user if it's just suggestive fiction?
Vendors really need to stop privileging themselves on users machines.
eptcyka|1 year ago
handsclean|1 year ago
galad87|1 year ago
trissylegs|1 year ago
I'm not sure what this setting does. The amount of times mac will jsut reopen everything anyway is frustration. I go look up how to stop it and the answer is always "Turn off this setting you already have off".
pt_PT_guy|1 year ago
[deleted]
bayindirh|1 year ago
...a toy OS which becomes invisible most of the time for serious users indeed.
I prefer Linux over anything else, but let's be real.
threeseed|1 year ago
OutOfHere|1 year ago
[deleted]