Posted on 11/17/2020 10:32:48 AM PST by Mount Athos
Apple's latest operating system, macOS Big Sur, uses a new API to constantly send users' data (including how, when, and where a Mac is used) to Apple. This data is transmitted to Apple without encryption, meaning anyone with access to the same network as the Mac can see the information.
There are plenty of reports of Google, Amazon, Facebook, and other big tech companies tracking and logging user data. Thankfully, Apple has been a bastion of respect for user privacy in both the computer and smartphone world. Right?
According to a new report from Jeffrey Paul, a computer privacy blogger and advocate, macOS Big Sur is constantly logging and transmitting user data. He reports that a recent Apple server failure brought attention to the tracking process. Apparently, macOS Big Sur communicates with Apple servers and logs which apps a user opens; the time the app is opened; and location data like the user’s IP address, city, state, etc.
Normally, this process either logs and send user data when a user is online. If the process cannot immediately connect with the server, it fails without notifying the user. Late last week, an Apple server got bogged down. The tracking process could still communicate with the server, but the longer connection times caused the code to skip past its quick-fail path. However, the issue caused apps to fail to open as they couldn’t verify the logging process.
What does this mean? In a nutshell, Apple receives data detailing exactly where, when, and how you use your macOS Big Sur device. Further still, Apple can prevent apps from opening on your computer, whether you know it or not.
This tracking has been present in prior versions of macOS, but privacy-focused apps and VPNs could trick the process. However, Big Sur introduces a new API that circumvents even these apps and VPNs. In other words, a VPN or firewall won’t shield your location from Apple’s own tracking.
Considering the new proprietary hardware Apple has put into its MacBooks (like the T2 security chip and the new M1 SoC), this tracking has become extremely difficult to circumvent as some processes appear to take place at the hardware level. Not only is it almost impossible to install another operating system through non-Apple-approved channels (i.e., dual-booting Linux), it is becoming harder to block or hamper Apple’s embedded tracking practices.
Perhaps worst of all, the data is sent to Apple through unencrypted channels. That means anyone with access to the computer’s connected network (e.g., your ISP or anyone on the same public WiFi network) can see the data being transmitted with little trouble. Apple does hash the application data, but if history is any lesson, hashes like these are cracked in due time.
As Jeffrey Paul states, your MacBook is no longer yours.
I’m told by reliable sources here that Apple does not spy on its users.
Ping
Yes - if you check the box that says “send analytics data to Apple” that’s what it does.
I fully switched from Mac to Linux years ago. I also do my freeping and other conservative web activities inside a VM, connected to a VPN.
Because things are starting to get weird.
How surprised would you be to find out you are completely wrong?
Q: Is this part of macOS analytics? Does this still happen if I have analytics off?
A: This has nothing to do with analytics. It seems this is part of Apple’s anti-malware (and perhaps anti-piracy) efforts, and happens on all macs running the affected versions of the OS, independent of any analytics settings. There is no user setting in the OS to disable this behavior.
https://sneak.berlin/20201112/your-computer-isnt-yours/
This is a stupid article. You have to opt-in to send the analytics.
You are completely wrong.
Do you feel... stupid?
Q: Is this part of macOS analytics? Does this still happen if I have analytics off?
A: This has nothing to do with analytics. It seems this is part of Apple’s anti-malware (and perhaps anti-piracy) efforts, and happens on all macs running the affected versions of the OS, independent of any analytics settings. There is no user setting in the OS to disable this behavior.
https://sneak.berlin/20201112/your-computer-isnt-yours/
I’m told by reliable sources here that Apple does not spy on its users.
Well that, and Linux is the holy grail.
Read the whole article, all the way to the bottom, including the part about the fixes supplied by Apple.
Smart.
What browser do you use?
Brave?
Privacy protections
macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the next year we will introduce several changes to our security checks:
*A new encrypted protocol for Developer ID certificate revocation checks
*Strong protections against server failure
*A new preference for users to opt out of these security protections
More:
Editorial
macOS Big Sur telling Apple what app you’ve opened isn’t a security or privacy issue
That’s okay, you can use an Android ....
Wait!
Virtually no businesses will transact with you from a VPN.
Following some blowback, Apple responds...
Second, it’s putting in place new protections to prevent server failure issues. And finally, addressing the overarching concern that Jeffry Paul raised, Apple will release an update to allow users to opt-out of using these macOS security protections.
https://9to5mac.com/2020/11/15/apple-explains-addresses-mac-privacy-concerns/
Any issues with the iPhone recent 14.2 update? I don’t like the new orange or green dot in top right corner near the battery/wifi/cell signal icons, which is supposedly showing apps are using microphone or camera without my consent.
https://9to5mac.com/2020/11/15/apple-explains-addresses-mac-privacy-concerns/
Update 11/15 8:25 pm PT: Apple has updated a Mac security and privacy support document today sharing details about Gatekeeper and the OCSP process. Importantly, Apple highlights it doesn’t mix data from the process of checking apps for malware with any information about Apple users and doesn’t use the app notarization process to know what apps users are running.
The company also details Apple IDs and device identification have never been involved with these software security checks.
But going forward “over the next year,” Apple will be making some changes to offer more security and flexibility for Macs. First is that Apple will stop logging IP addresses during the process of checking app notarizations.
Second, it’s putting in place new protections to prevent server failure issues. And finally, addressing the overarching concern that Jeffry Paul raised, Apple will release an update to allow users to opt-out of using these macOS security protections.
Privacy protections
macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the next year we will introduce several changes to our security checks:
*A new encrypted protocol for Developer ID certificate revocation checks
*Strong protections against server failure
*A new preference for users to opt out of these security protections
We’ve also learned more technical details about how this all works from Apple that aligns with what independent security researcher Jacopo Jannone shared earlier.
macOS’ process of using OCSP is a very important security measure to prevent malicious software from running on Macs. It checks to see if a Developer ID certificate used by an app has been revoked due to software being compromised or events like a dev certificate being used to sign malicious software.
Online certificate status protocol (OCSP) is used industry-wide and the reason why it works over unencrypted HTTP connections is that it is used to check more than just software certificates, like web connection encryption certificates. If HTTPS were used, it would create an endless loop. Jannone explained it succinctly: “If you used HTTPS for checking a certificate with OCSP then you would need to also check the certificate for the HTTPS connection using OCSP. That would imply opening another HTTPS connection and so on.”
Two notable points on this are that it’s not strange for macOS to be using unencrypted requests for this as that’s the industry standard and that with Apple’s commitment to security and privacy, it is investing in creating a new, encrypted protocol that goes above and beyond OCSP.
In addition to the OCSP process currently used by Apple, macOS Catalina and later also have another process where all apps are notarized by Apple after having checked for malware. When launching an app, macOS makes another check to make certain the app hasn’t become malicious since the first notarization. This process is encrypted, isn’t usually impacted by server issues, and indeed wasn’t affected by the OCSP issue.
As for the performance problems we saw on macOS Catalina and earlier during Apple’s server issues last week, they were caused by a server-side misconfiguration that was exacerbated by an unrelated CDN misconfiguration. Those issues were resolved on Apple’s end a few hours after they began with no action needed to be done on the users’ part.
Between the explanation of how everything is working here and the commitment to the future changes described above, Apple shows it is listening to users and putting privacy and security first.
Update 11/15 9:00 am PT: More details about Apple’s use of OCSP have been shared by cybersecurity researcher Jacopo Jannone. He says that macOS isn’t sending a hash of each app to Apple when they run and explains why the industry-standard OCSP doesn’t use encryption. Further, he says Paul’s analysis “isn’t quite accurate” and importantly notes that Apple uses this process to check and prevent apps with malware from running on your Mac.
Not using Sur, but I did notice a change of character set data, in an older Mac OS, overnight -— as a result of the older Mac OS communicating with an Apple server.
24/7, a Mac (if allowed by the user) is in routine contact with Apple via at least:
AppleIDAuthAgent
configd
helpd (AmazonAWS sub-contracting to Apple)
ntpd
ocspd
sntp
syspolicyd
trustd
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.