LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   General (https://www.linuxquestions.org/questions/general-10/)
-   -   Is this saying what I think it says? About Apple recording everything...? (https://www.linuxquestions.org/questions/general-10/is-this-saying-what-i-think-it-says-about-apple-recording-everything-4175685274/)

binkyd 11-15-2020 11:00 AM

Is this saying what I think it says? About Apple recording everything...?
 
Found this when browsing the news this morning:


https://sneak.berlin/20201112/your-c...tm_source=digg

boughtonp 11-15-2020 11:34 AM


 
Heh, "approximately 15 minutes reading time" - here's a super-short version of what the article is saying: Apple's current macOS logs every program you run, when you run it, and sends it unencrypted to a third-party.

Snippets of where the above is derived from:
Quote:

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didnít realize this, because itís silent and invisible and it fails instantly and gracefully when youíre offline, but today the server got really slow and it didnít hit the fail-fast code path, and everyoneís apps failed to open if they were connected to the internet.
Quote:

These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
These requests go to a third-party CDN run by another company, Akamai.
There's more claims in the article than that - anyone running Apple software probably may want to spend the time reading through it and verifying what it says.

(To clarify: I haven't verified the accuracy (or lack of) to what the article asserts.)


hazel 11-15-2020 12:12 PM

There's an obvious solution: don't use Macs. If everyone simply refuses to buy the new models, Apple will be left with very red faces.

fido_dogstoyevsky 11-15-2020 05:15 PM

Quote:

Originally Posted by hazel (Post 6185521)
There's an obvious solution: don't use Macs...

There are people who regard that as heresy :)

Quote:

Originally Posted by hazel (Post 6185521)
...If everyone simply refuses to buy the new models, Apple will be left with very red faces.

Unfortunately it didn't turn out that way with microsoft, so I can't see apple suffering because of it.

ondoho 11-16-2020 02:17 AM

Quote:

Originally Posted by fido_dogstoyevsky (Post 6185641)
Unfortunately it didn't turn out that way with microsoft, so I can't see apple suffering because of it.

Yep, Or Google.
While I can understand OP's indignation, this is hardly news.
Although, unencrypted in 2020 really takes the cake.

PS: I did get a free C. Doctorow ebook download out of this!

cynwulf 11-16-2020 03:15 AM

All of FAANGS, Microsoft, Intel, AMD and a few more are very much implicated in surveillance / telemtry / data mining, etc. Even if you run a FOSS OS, you are still fighting with the browser and the web itself to maintain some semblance of privacy. If you browse anonymously, block trackers, etc, you are still left with hardware which is compromised by IME/PSP.

The situation is deplorable, but the current generation mostly accept it, just as the previous one accepted that MS' OS crashed often, for example.

sevendogsbsd 11-16-2020 08:29 AM

OCSP is a certificate validation protocol and has nothing to do with a person. This is FUD. Akamai is a caching service on the Internet and everyone uses it whether you like it or not. This article is nonsense.

sevendogsbsd 11-16-2020 09:03 AM

To add to this even though I should know better: OCSP is a certificate revocation status protocol and only sends the certificate's serial number when communicating. I could be encrypted, sure, but even if intercepted, is meaningless so I believe that is why the developers of the protocol did not encrypt it.

The article's author is quite the tinfoil hat, and anyone making baseless claims without a shred of evidence except their opinion is, in my opinion, unbelievable. This is especially evidenced by the last statement "Apple sysadmins (and the US military and feds) can totally see all your nudes in iCloud or iMessage." The US military doesn't give a rodent's behind about your nude photos. Any sysadmin on any system can see everything anyway; this isn't limited to Apple.

Rant over.

ntubski 11-16-2020 06:26 PM

Quote:

Originally Posted by sevendogsbsd (Post 6185842)
To add to this even though I should know better: OCSP is a certificate revocation status protocol and only sends the certificate's serial number when communicating. I could be encrypted, sure, but even if intercepted, is meaningless so I believe that is why the developers of the protocol did not encrypt it.

I think that's not quite accurate. The article links to another which claims to debunk it: https://blog.jacopo.io/en/post/apple-ocsp/

Quote:

macOS does actually send out some opaque information about the developer certificate of those apps
So there wouldn't be enough info to distinguish between Firefox and Thunderbird (both would have the Mozilla cert), but there is still enough info to reveal quite a bit.

sevendogsbsd 11-16-2020 08:25 PM

Now THAT was an actually informative article with facts, unlike the first article that was largely rubbish. Thank you. Still no personal information leakage.

cynwulf 11-24-2020 09:47 AM

While I can just about see the marketing value in knowing what applications a user opens and when, OCSP doesn't seem like a particularly clever way of achieving that - so to me the second article makes far more sense than the rather sensationalist one in the OP.

As it stands, Apple do know what applications an end user has installed - and the same goes for Android and ChromeOS devices or anything which uses any kind of "app store" where you have to create an account and log in, etc. Then you have Microsoft's efforts at a similar thing with the "Microsoft Store"...


All times are GMT -5. The time now is 05:53 PM.