• 1 Post
  • 3 Comments
Joined 2 years ago
Cake day: June 10th, 2023
  • octalfudge@lemmy.worldtoTechnology@lemmy.worldApple watching & logging EVERY APP YOU OPEN [Louis Rossmann]English
    4·
    2 years ago

    You’re absolutely right that it’s still an issue to transmit information about the developer certificate. Apple published a response to this, which admittedly is not ideal:

    https://support.apple.com/en-us/HT202491#view:~:text=Privacy protections

    We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

    These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

    In addition, over the the next year we will introduce several changes to our security checks:

    A new encrypted protocol for Developer ID certificate revocation checks

    Strong protections against server failure

    A new preference for users to opt out of these security protections

  • octalfudge@lemmy.worldtoTechnology@lemmy.worldApple watching & logging EVERY APP YOU OPEN [Louis Rossmann]English
    213·
    2 years ago

    I’m sorry but did you read the article l linked to or the TL;DR I lifted from the article?

    They do not send the app you open to Apple, and there is no evidence they send it to third parties as the app information is not sent at all!

    Nevertheless, they do send information about the developer certificate for notarization and gatekeeper checks.

    https://support.apple.com/en-us/HT202491#view:~:text=Privacy protections

    Quote:

    We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

    To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

    In addition, over the the next year we will introduce several changes to our security checks: A new encrypted protocol for Developer ID certificate revocation checks Strong protections against server failure A new preference for users to opt out of these security protections

  • octalfudge@lemmy.worldtoTechnology@lemmy.worldApple watching & logging EVERY APP YOU OPEN [Louis Rossmann]English
    11311·
    2 years ago

    Unfortunately, this is highly misleading.

    Thank you for sharing this, and I appreciate good, high quality information about privacy but please don’t spread misleading information about one of the few companies that provides easily accessible private tools for the not-so-tech-savvy, as well as the busy.

    Apple applies E2E encryption for almost all iCloud data with Advanced Data Protection, applies something similar to Tor for web browsing, kills tracking pixels in your mail, uses differential privacy to avoid identifying you, and so much more.

    Please see: https://blog.jacopo.io/en/post/apple-ocsp/

    TL;DR

    No, macOS does not send Apple a hash of your apps each time you run them.

    You should be aware that macOS might transmit some opaque3 information about the developer certificate of the apps you run. This information is sent out in clear text on your network.

    You shouldn’t probably block ocsp.apple.com with Little Snitch or in your hosts file.