WingNews logo WingNews
top | item 42000130

(no title)

dmz73 | 1 year ago

Mac OS calls home every time you execute an application. Apple is well on its way to ensure you can only run things they allow via app store, they would probably already be there if it wasn't for the pesky EU. If you send your computer/phone to Apple for repair you may get back different physical hardware. Those things very much highlight that "your" Apple hardware is not yours and that privacy on Apple hardware does not actually exist, sure they may not share that data with other parties but they definitely do not respect your privacy or act like you own the hardware you purchased. Apple marketing seems to have reached the level indoctrination where everyone just keeps parroting what Apple says as an absolute truth.

discuss

order

spacedcowboy|1 year ago

They send a hash of the binaries/libraries, and generate a cache locally so it's not sent again. That helps stop you from running tampered-with binaries and frameworks. No user-personal data is sent.

There is no evidence at all that they are trying to ensure you can only run things from the App Store - I run a whole bunch of non-app-store binaries every single day. To make that claim is baseless and makes me de-rate the rest of what you write.

There is always a trade-off between privacy and security. This still falls well under the Google/Android/Chrome level, or indeed the Microsoft/Windows level with its targeted ads, IMHO.

Choose your poison, but this works for me.

GeekyBear|1 year ago

> They send a hash

My understanding is that they keep a local file with known malware signatures, just like the malware scanners on every other platform.

> macOS includes built-in antivirus technology called XProtect for the signature-based detection and removal of malware. The system uses YARA signatures, a tool used to conduct signature-based detection of malware, which Apple updates regularly

https://support.apple.com/guide/security/protecting-against-...

torginus|1 year ago

Doesn't Windows do the exact same thing?

ddingus|1 year ago

I agree and want to emphasize a few things:

1. Most users are not capable of using general purpose computing technology in a wild, networked environment safely.

2. Too many people who matter to ignore insist, "something must be done."

3. And so something shall be done.

4. Apple is navigating difficult waters. As much as I disapprove of how they have chosen a path for iOS, the fact is many people find those choices are high value.

5. I do, for the most part, approve of their choices for Mac OS. I am not sure how they prevent malicious code without maintaining some sort of information for that purpose.

6. We are arriving at a crossroads many of us have been talking about for a long time. And that means we will have to make some hard choices going forward. And how we all navigate this will impact others in the future for a long time.

Look at Microsoft! They are collecting everything! And they absolutely will work with law enforcement anytime, any day, almost any way!

I sure as hell want nothing to do with Windows 11. Most technical people I know feel the same way.

Screenies every 3 to 5 seconds? Are they high? Good grief! Almost feels like raw rape. Metaphorically, of course.

Then we have Linux. Boy am I glad I took the time way back in the 90's to learn about OSS, Stallman, read words from interesting people, Raymond, Perkins, Searles, Lessig, Doctorow, many others!

Linus did all of tech one hell of a solid and here we are able to literally dumpster dive and build whatever we want just because we can. Awesome sauce in a jar right there

, but!

(And this really matters)

...Linux just is not going to be the general answer for ordinary people. At least not yet. Maybe it will be soon.

It is an answer in the form of a crude check and balance against those in power. Remember the "something shall be done" people? Yeah, those guys.

And here we are back to Apple.

Now, given the context I put here, Apple has ended up really important. Working professionals stand something of a chance choosing Mac OS rather than be forced into Windows 11, transparent edition!

And Apple does not appear willing to work against their users best interests, unless they are both compelled to by law, and have lost important challenges to said law.

If you want that, your choices are Apple and Linux!

7. Open, general purpose computing is under threat. Just watch what happens with Arm PC devices and the locked bootloaders to follow just like mobile devices.

Strangely, I find myself wanting to build a really nice Intel PC while I still can do that and actually own it and stand some basic chance of knowing most of what it doing for me. Or TO ME.

No Joke!

As I move off Win 10, it will be onto Linux and Mac OS. Yeah, hardware costs a bit more, and yeah it needs to be further reverse engineered for Linux to run on it too, but Apple does not appear to get in the way of all that. They also do not need to help and generally don't. Otherwise, the Linux work is getting done by great people we all really should recognize and be thankful for.

That dynamic is OK with me too. It is a sort of harsh mutual respect. Apple gets to be Apple and we all get to be who we are and do what we all do with general purpose computers as originally envisioned long ago.

We all can live pretty easily with that.

So, onward we go! This interesting time will prove to be more dangerous than it needs to be.

If it were not for Apple carving out a clear alternative things would look considerably more draconian, I could and maybe almost should say fascist and to me completely unacceptable.

m463|1 year ago

> I run a whole bunch of non-app-store binaries every single day

if you are in the US, you need to either register as a developer, or register an apple id and register your app to run it for a week. that's how you run non-app store code. Both of those require permission from apple.

EDIT: Sorry, ios.

hilux|1 year ago

> If you send your computer/phone to Apple for repair you may get back different physical hardware.

I happen to be in the midst of a repair with Apple right now. And for me, the idea that they might replace my aging phone with a newer unit, is a big plus. As I think it would be for almost everyone. Aside from the occasional sticker, I don't have any custom hardware mods to my phone or laptop, and nor do 99.99% of people.

Can Apple please every single tech nerd 100% of the time? No. Those people should stick to Linux, so that they can have a terrible usability experience ALL the time, but feel more "in control," or something.

linguae|1 year ago

Why not both? Why can’t we have a good usability experience AND control? In fact, we used to have that via the Mac hardware and software of the 1990s and 2000s, as well as NeXT’s software and hardware.

There was a time when Apple’s hardware was user-serviceable; I fondly remember my 2006 MacBook, with easily-upgradable RAM and storage. I also remember a time when Mac OS X didn’t have notarization and when the App Store didn’t exist. I would gladly use a patched version of Snow Leopard or even Tiger running on my Framework 13 if this were an option and if a modern web browser were available.

makeitdouble|1 year ago

It could help to compare to other makers for a minute: if you need to repair your Surface Pro, you can easily remove the SSD from the tray, send your machine and stick it back when it comes repaired (new or not)

And most laptops at this point have removable/exchangeable storage. Except for Apple.

serf|1 year ago

>And for me, the idea that they might replace my aging phone with a newer unit, is a big plus. As I think it would be for almost everyone.

except that isn't generally how factory repairs are handled.

I don't know about Apple specifically, but other groups (Samsung, Microsoft, Lenovo) will happily swap your unit with a factory refurbished or warranty-repaired unit as long as it was sufficiently qualified before hand -- so the 'replaced with a newer unit' concept might be fantasy.

onepointsixC|1 year ago

What makes you think it would be a new one as opposed to a refurbished used one.

nkmskdmfodf|1 year ago

> And for me, the idea that they might replace my aging phone with a newer unit, is a big plus.

It's called a warranty and not at all exclusive to apple whatsoever?

> Those people should stick to Linux, so that they can have a terrible usability experience ALL the time, but feel more "in control," or something.

Maybe you should stick to reading and not commenting, if this is the best you can do.

GeekyBear|1 year ago

> Mac OS calls home every time you execute an application

Consulting a certificate revocation list is a standard security feature, not a privacy issue.

derefr|1 year ago

Further, there is a CRL/OCSP cache — which means that if you're running a program frequently, Apple are not receiving a fine-grained log of your executions, just a coarse-grained log of the checks from the cache's TTL timeouts.

Also, a CRL/OCSP check isn't a gating check — i.e. it doesn't "fail safe" by disallowing execution if the check doesn't go through. (If it did, you wouldn't be able to run anything without an internet connection!) Instead, these checks can pass, fail, or error out; and erroring out is the same as passing. (Or rather, technically, erroring out falls back to the last cached verification state, even if it's expired; but if there is no previous verification state — e.g. if it's your first time running third-party app and you're doing so offline — then the fallback-to-the-fallback is allowing the app to run.)

Remember that CRLs/OCSP function as blacklists, not whitelists — they don't ask the question "is this certificate still valid?", but rather "has anyone specifically invalidated this certificate?" It is by default assumed that no, nobody has invalidated the certificate.

JCharante|1 year ago

Huh? It hashes the binary and phones home doesn’t it? Go compile anything with gcc and watch that it takes one extra second for the first run of that executable. It’s not verifying any certificates

sgarland|1 year ago

With the sheer number of devs who use Macs, there is a 0% chance they’re going to outright prevent running arbitrary executables. Warn / make difficult, sure, but prevent? No.

beeflet|1 year ago

The strategy is to funnel most users onto an ipad-like platform at most where they have basic productivity apps like word or excel but no ability to run general purpose programs.

Meanwhile you have a minimal set of developers with the ability to run arbitrary programs, and you can go from there with surveillance on MacOS like having every executable tagged with the developer's ID.

The greater the distance between the developer and the user, the more you can charge people to use programs instead of just copying them. But you can go much further under the guise of "quality control".

insane_dreamer|1 year ago

> not share that data with other parties but they definitely do not respect your privacy

not sharing my data with other parties, or using it to sell me stuff or show me ads, is what I would define as respecting my privacy; Apple checks those boxes where few other tech companies do

abrookewood|1 year ago

Their repair policy, from what I can see, is a thinly veiled attempt to get you to either pay for Apple Care or to upgrade. I got a quote to repair a colleague's MacBook Pro, less than 2 years old, which has apparent 'water damage' and which they want AUD $2,500 to repair! Of course that makes no sense, so we're buying a new one ...

traceroute66|1 year ago

> to get you to either pay for Apple Care

The problem with many self-repair people is they effectively value their time at zero.

I value my time realistically, i.e. above zero and above minimum wage. It is therefore a no brainer for me to buy AppleCare every ... single ..time. It means I can just drop it off and let someone else deal with messing around.

I also know how much hassle it is. Like many techies, I spent part of my early career repairing people's PCs. Even in big PC tower cases with easy accessibility to all parts its still a fucking horrific waste of time. Hence these days I'm very happy to let some junior at Apple do it for the cost of an AppleCare contract.

JCharante|1 year ago

Why not pay for apple care? In the US it covers water damage

nox101|1 year ago

Agree. I recently went to an Apple store in Tokyo to buy an accessory. The Apple employee pulled up their store iPhone to take my payment (apple pay) and then asked me to fill out a form with my email address and there was a message about how my info would be shared with some company. I thought about going back and pretending to buy something else so I could film it. I questioned the store person, "It's apple supposed to be "Privacy first"". If it was privacy first they wouldn't have asked for the info in the first place and they certainly wouldn't be sharing it with a 3rd party.

leokennis|1 year ago

At the very least Apple are better than Microsoft, Windows and the vendors that sell Windows laptops when it comes to respecting user experience and privacy.

HeckFeck|1 year ago

I switched to iPhone after they added the tracker blocking to the OS.

Everything is a tradeoff.

I’d love to live in the F droid alt tech land, but everything really comes down to utility. Messaging my friends is more important than using the right IM protocol.

Much as I wish I could convince everyone I know and have yet to meet to message me on Signal or whatever, that simply isn’t possible. Try explaining that I am not on Whatsapp or insta to a girl I’ve just met…

Also it is nice to spend basically no time maintaining the device, and have everything work together coherently. Time is ever more valuable past a certain point.

d_theorist|1 year ago

> Apple is well on its way to ensure you can only run things they allow via app store, they would probably already be there if it wasn't for the pesky EU.

People have been saying this ever since Apple added the App Store to the Mac in 2010. It’s been 14 years. I wonder how much time has to go by for people to believe it’s not on Apple’s todo list.

madeofpalk|1 year ago

If there was a time Apple was going to do it, it would have been when they switched to Apple Silicon. And they didn't.

wslh|1 year ago

Even if I have analytics disabled?

Genuinely asking: are there any specifics on this? I understand that blocking at the firewall level is an option, but I recall someone here mentioning an issue where certain local machine rules don’t work effectively. I believe this is the issue [1]. Has it been “fixed”?

[1] https://appleinsider.com/articles/21/01/14/apple-drops-exclu...

angott|1 year ago

They're probably referring to the certificate verification that happens when you open any notarized application. Unless something changed recently, the system phones home to ensure its certificate wasn't revoked.

weikju|1 year ago

> Even if I have analytics disabled?

Yeah because what’s being sent is not analytics but related to notarizarion, verifying the app’s integrity (aka is it signed by a certificate known to Apple?)

This came to light a few years ago when the server went down and launching apps became impossible to slow…

https://www.macrumors.com/2020/11/12/mac-apps-not-opening/

Razengan|1 year ago

> where everyone just keeps parroting what Apple says as an absolute truth.

You are free to verify.

robenkleene|1 year ago

> Apple is well on its way to ensure you can only run things they allow via app store

I don't think Apple's behavior actually reflects this if you look closely (although I can certainly see how someone could form that opinion):

As a counter example, Apple assisted with their own engineers to help port Blender to Metal (https://code.blender.org/2023/01/introducing-the-blender-met...):

> Around one year ago, after joining the Blender Development Fund and seeding hardware to Blender developers, Apple empowered a few of its developers to directly contribute to the Blender source code.

I'm assuming similar support goes to other key pieces of software, e.g., from Adobe, Maxon, etc... but they don't talk about it for obvious reasons.

The point being Apple considers these key applications to their ecosystem, and (in my estimation at least) these are applications that will probably never be included in the App Store. (The counterargument would be the Office Suite, which is in the App Store, but the key Office application, Excel, is a totally different beast than the flagship Windows version, that kind of split isn't possible with the Adobe suite for example.)

Now what I actually think is happening is the following:

1. Apple believes the architecture around security and process management that they developed for iOS is fundamentally superior to the architecture of the Mac. This is debatable, but personally I think it's true as well for every reason, except for what I'll go into in #2 below. E.g., a device like the Vision Pro would be impossible with macOS architecture (too much absolute total complete utter trash is allowed to run unfettered on a Mac for a size-constrained device like that to ever be practical, e.g., all that trash consumes too much battery).

2. The open computing model has been instrumental in driving computing forward. E.g., going back to the Adobe example, After Effects plugins are just dynamically linked right into the After Effects executable. Third party plugins for other categories often work similarly, e.g., check out this absolutely wild video on how you install X-Particles on Cinema 4D (https://insydium.ltd/support-home/manuals/x-particles-video-...).

I'm not sure if anyone on the planet even knows why, deep down, #2 is important, I've never seen anyone write about it. But all the boundary pushing computing fields I'm interested in, which is mainly around media creation (i.e., historically Apple's bread-and-butter), seems to depend on it (notably they are all also local first, i.e., can't really be handled by a cloud service that opens up other architecture options).

So the way I view it is that Apple would love to move macOS to the fundamentally superior architecture model from iOS, but it's just impossible to do so without hindering too many use cases that depend on that open architecture. Apple is willing to go as close to that line as they can (in making the uses cases more difficult, e.g., the X-Particles video above), but not actually willing to cross it.

robertlagrant|1 year ago

> Apple is well on its way to ensure you can only run things they allow via app store, they would probably already be there if it wasn't for the pesky EU

What has the EU done to stop Apple doing this? Are Apple currently rolling it out to everywhere but the EU?

kranke155|1 year ago

You’re way off base. Paranoid.

randomcarbloke|1 year ago

>Apple is well on its way to ensure you can only run things they allow via app store

that ship has well and truly sailed, this conspiracy might once have held water but Apple's machines are far too commercially ubiquitous for them to have any designs on ringfencing all the software used by all the industries that have taken a liking to the hardware.

idontwantthis|1 year ago

> Apple is well on its way to ensure you can only run things they allow via app store,

What are you talking about? I don’t run a single app from the app store and have never felt a need to.

lynx23|1 year ago

The EU is center-right-wing, and laughs all the way to the bank whenever someone like you falls for their "we externally pretend to be the good guys" trope. Leyen is pretty much the worst leadership ever, but they still manage to convince the politically naiv that everything is fine, because of GDPR, AI laws and huge penalties for big tech. Its sad how simple it is to confuse people.

lukev|1 year ago

I mean, the security features are pretty well documented. The FBI can't crack a modern iPhone even with Apple's help. A lot of the lockdowns are in service of that.

I'm curious: what hardware and software stack do you use?

misiek08|1 year ago

FBI and Apple „can't”, but 3rd party do and they do it cheaper every day.

traceroute66|1 year ago

> Apple is well on its way to ensure you can only run things they allow via app store

I'm very happy to only run stuff approved on Apple's app store... ESPECIALLY following their introduction of privacy labels for all apps so you know what shit the developer will try to collect from you without wasting your time downloading it.

Also have you seen the amount of dodgy shit on the more open app stores ?

freefaler|1 year ago

It's a reasonable choice to do so and you can do it now. The problem starts when Apple forbid it for people who want to install on their computer what they want.

kcplate|1 year ago

> Apple is well on its way to ensure you can only run things they allow via app store

I am totally ok with this. I have personally seen apple reject an app update and delist the app because a tiny library used within it had a recent security concerns. Forced the company to fix it.

eviks|1 year ago

No one is stopping you from using only the app store if you value its protection, so you need a more relevant justification to ok forcing everyone else to do so

1596025359|1 year ago

What about all those libs and executables you likely install via brew, npm, cargo etc? Those are all applications