
Why iTunes downloads don't use HTTPS - amaccuish
https://www.wired.com/story/itunes-downloads-https-encryption/
======
GeekyBear
As TFA points out, Macs have a built in service for caching content downloaded
from Apple's various servers that can be turned on in the sharing tab of the
control panel on the Mac you would like to adopt this role.

The other Macs and iDevices on your network will detect the caching server and
start using it instead of overloading your WAN link every time a large file
like a new OS version or OS update needs to be distributed.

Encryption would interfere with caching.

More information on content caching:

[https://www.idownloadblog.com/2018/07/17/howto-mac-
content-c...](https://www.idownloadblog.com/2018/07/17/howto-mac-content-
caching/)

------
dividuum
Even if the downloads where encrypted, an all seeing observer could probably
still detect what you download. See
[https://news.ycombinator.com/item?id=14070130](https://news.ycombinator.com/item?id=14070130)
as an example. I'm not sure how easy it would be to fingerprint the entire
iTunes database and how unique download sizes would be. Might be an
interesting research topic.

------
Derek_MK
I feel like the arguments given here are kind of weak for not implementing
HTTPS. Plus, fingerprinting and such can be cirumvented pretty easily by
adding padding data to the payload of a random length.

That said, I don't think it matters too terribly much here, and in situations
where privacy is much more important, Apple seems to be blowing Google out of
the water, since their business model isn't inherently anti-privacy.

