LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > General
User Name
Password
General This forum is for non-technical general discussion which can include both Linux and non-Linux topics. Have fun!

Notices


Reply
  Search this Thread
Old 11-15-2020, 11:00 AM   #1
binkyd
Member
 
Registered: Oct 2016
Distribution: Manjaro Cinnamon
Posts: 321

Rep: Reputation: 33
Is this saying what I think it says? About Apple recording everything...?


Found this when browsing the news this morning:


https://sneak.berlin/20201112/your-c...tm_source=digg
 
Old 11-15-2020, 11:34 AM   #2
boughtonp
Member
 
Registered: Feb 2007
Location: UK
Distribution: Debian
Posts: 781

Rep: Reputation: 560Reputation: 560Reputation: 560Reputation: 560Reputation: 560Reputation: 560

Heh, "approximately 15 minutes reading time" - here's a super-short version of what the article is saying: Apple's current macOS logs every program you run, when you run it, and sends it unencrypted to a third-party.

Snippets of where the above is derived from:
Quote:
It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didnít realize this, because itís silent and invisible and it fails instantly and gracefully when youíre offline, but today the server got really slow and it didnít hit the fail-fast code path, and everyoneís apps failed to open if they were connected to the internet.
Quote:
These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
These requests go to a third-party CDN run by another company, Akamai.
There's more claims in the article than that - anyone running Apple software probably may want to spend the time reading through it and verifying what it says.

(To clarify: I haven't verified the accuracy (or lack of) to what the article asserts.)


Last edited by boughtonp; 11-16-2020 at 10:07 AM. Reason: make clear this posts is stating the article's claims, without any comments on whether they are valid or accurate
 
Old 11-15-2020, 12:12 PM   #3
hazel
Senior Member
 
Registered: Mar 2016
Location: Harrow, UK
Distribution: LFS, AntiX, Slackware
Posts: 4,839
Blog Entries: 14

Rep: Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728
There's an obvious solution: don't use Macs. If everyone simply refuses to buy the new models, Apple will be left with very red faces.
 
Old 11-15-2020, 05:15 PM   #4
fido_dogstoyevsky
Member
 
Registered: Feb 2015
Location: Victoria, Australia
Distribution: Slackware 14.2
Posts: 396
Blog Entries: 2

Rep: Reputation: 474Reputation: 474Reputation: 474Reputation: 474Reputation: 474
Quote:
Originally Posted by hazel View Post
There's an obvious solution: don't use Macs...
There are people who regard that as heresy

Quote:
Originally Posted by hazel View Post
...If everyone simply refuses to buy the new models, Apple will be left with very red faces.
Unfortunately it didn't turn out that way with microsoft, so I can't see apple suffering because of it.
 
Old 11-16-2020, 02:17 AM   #5
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 15,809
Blog Entries: 9

Rep: Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637Reputation: 4637
Quote:
Originally Posted by fido_dogstoyevsky View Post
Unfortunately it didn't turn out that way with microsoft, so I can't see apple suffering because of it.
Yep, Or Google.
While I can understand OP's indignation, this is hardly news.
Although, unencrypted in 2020 really takes the cake.

PS: I did get a free C. Doctorow ebook download out of this!

Last edited by ondoho; 11-16-2020 at 02:19 AM.
 
Old 11-16-2020, 03:15 AM   #6
cynwulf
Senior Member
 
Registered: Apr 2005
Posts: 2,492

Rep: Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818Reputation: 1818
All of FAANGS, Microsoft, Intel, AMD and a few more are very much implicated in surveillance / telemtry / data mining, etc. Even if you run a FOSS OS, you are still fighting with the browser and the web itself to maintain some semblance of privacy. If you browse anonymously, block trackers, etc, you are still left with hardware which is compromised by IME/PSP.

The situation is deplorable, but the current generation mostly accept it, just as the previous one accepted that MS' OS crashed often, for example.

Last edited by cynwulf; 11-16-2020 at 03:57 AM. Reason: typos
 
Old 11-16-2020, 08:29 AM   #7
sevendogsbsd
Senior Member
 
Registered: Sep 2017
Distribution: Slackware
Posts: 2,113

Rep: Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911
OCSP is a certificate validation protocol and has nothing to do with a person. This is FUD. Akamai is a caching service on the Internet and everyone uses it whether you like it or not. This article is nonsense.
 
Old 11-16-2020, 09:03 AM   #8
sevendogsbsd
Senior Member
 
Registered: Sep 2017
Distribution: Slackware
Posts: 2,113

Rep: Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911
To add to this even though I should know better: OCSP is a certificate revocation status protocol and only sends the certificate's serial number when communicating. I could be encrypted, sure, but even if intercepted, is meaningless so I believe that is why the developers of the protocol did not encrypt it.

The article's author is quite the tinfoil hat, and anyone making baseless claims without a shred of evidence except their opinion is, in my opinion, unbelievable. This is especially evidenced by the last statement "Apple sysadmins (and the US military and feds) can totally see all your nudes in iCloud or iMessage." The US military doesn't give a rodent's behind about your nude photos. Any sysadmin on any system can see everything anyway; this isn't limited to Apple.

Rant over.
 
Old 11-16-2020, 06:26 PM   #9
ntubski
Senior Member
 
Registered: Nov 2005
Distribution: Debian, Arch
Posts: 3,575

Rep: Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885Reputation: 1885
Quote:
Originally Posted by sevendogsbsd View Post
To add to this even though I should know better: OCSP is a certificate revocation status protocol and only sends the certificate's serial number when communicating. I could be encrypted, sure, but even if intercepted, is meaningless so I believe that is why the developers of the protocol did not encrypt it.
I think that's not quite accurate. The article links to another which claims to debunk it: https://blog.jacopo.io/en/post/apple-ocsp/

Quote:
macOS does actually send out some opaque information about the developer certificate of those apps
So there wouldn't be enough info to distinguish between Firefox and Thunderbird (both would have the Mozilla cert), but there is still enough info to reveal quite a bit.
 
Old 11-16-2020, 08:25 PM   #10
sevendogsbsd
Senior Member
 
Registered: Sep 2017
Distribution: Slackware
Posts: 2,113

Rep: Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911Reputation: 911
Now THAT was an actually informative article with facts, unlike the first article that was largely rubbish. Thank you. Still no personal information leakage.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Recording live presentations, Part 3: Recording and troubleshooting LXer Syndicated Linux News 0 09-08-2017 04:16 PM
Find with -mtime is finding EVERYTHING since, not everything older than NobleOne Linux - Newbie 6 08-16-2017 08:50 AM
LXer: iFixit boss: Apple has 'done everything it can to put repair guys out of business' LXer Syndicated Linux News 0 03-29-2014 11:39 PM
LXer: With the App Store, Apple changed everything LXer Syndicated Linux News 0 07-11-2013 07:20 AM
M-Audio Fast Track - Recording Issues with everything but 'arecord' highowl Linux - Hardware 1 02-27-2009 08:37 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > General

All times are GMT -5. The time now is 08:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration