> Apple’s most recent OS where it appears that low-level system API such as exec and getxattr now do synchronous network activity before returning to the caller.
Can anyone confirm this? Because honestly this is just terrifying. I don't think even Windows authorises every process from a server. This doesn't sound good for both privacy and speed.
"Full Disk Access" to allow a program to access any place on your computer without a warning. A few programs requested this, so it looks like it's been around for a while.
The other one is "Developer Tools" and it looks pretty new. The only application requesting it is "Terminal". This "allows app to run software locally that do not meet the system's security policy". So, my reading of this is that in Terminal, you could run scripts that are unsigned and not be penalized speed-wise.
- Location Services
- Speech Recognition
- Input Monitoring
- Full Disk Access
- Files and Folders
- Screen Recording
- Analytics & Improvements
Are you running a beta build or something?
Update: Okay, I checked on my other machine and that one does have it (Terminal is listed but disabled by default). What in the actual fuck?!?
sudo spctl developer-mode enable-terminal
Interestingly, I rebooted the machine without after some benchmarking and experimentation with syspolicyd (see https://news.ycombinator.com/item?id=23274903), and after the reboot the category has mysteriously surfaced... Not sure what triggered it. Launching Xcode? Xcode and CLT were both installed on the machine, but I'm not sure when I last launched Xcode on this machine. Another possible difference I can think of: the machine without was an in-place upgrade, while the other one IIRC was a clean install of 10.15.
In the worst case scenario, you can probably insert into the TCC database (just a SQLite3 database, located at ~/Library/Application Support/com.apple.TCC/TCC.db) directly:
INSERT INTO access VALUES('kTCCServiceDeveloperTool','com.apple.Terminal',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1590165238);
INSERT INTO access VALUES('kTCCServiceDeveloperTool','com.googlecode.iterm2',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1590168367);
Back up, obviously. I'm not on the hook for any data loss or system bricking.
Does this not require disabling SIP?
(I'm also on 10.15.4 (19E287))
Don't think so? Apple now theoretically has a centralized database of every Mac user who's ever used youtube-dl. Or Tor. Or TrueCrypt.
Either you have the ability to control the software, or it controls you
First, there was Apple scanning photos to check for child abuse (that obviously got no attention on this site), then there was this one - Apple uploading hashes of all unsigned executables you run.
Do people really accept that company's "privacy" selling point?
 https://news.ycombinator.com/item?id=21180019, https://news.ycombinator.com/item?id=22008855
Not sure how a list of installed apps is going to be worse than that.
Speed, definitely not, this is going to make things slowwwww
That's security, not privacy...