macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the the next year we will introduce several changes to our security checks:
* A new encrypted protocol for Developer ID certificate revocation checks
* Strong protections against server failure
* A new preference for users to opt out of these security protections
Google or Facebook would not post this because they would be combining the data. Instead it would be some meaningless claim that they don’t use the data for advertising or don’t sell the data, leaving themselves free to do anything else with it (plus, the “we can change the terms at any time” clauses)
I would argue it's because Google has to value security and privacy in a way Apple doesn't - Google has to build platforms instead of gardens, so there's an 'adversarial' incentive to make sure you're not held liable due to a 3rd parties actions.
Also, these incidents would be a thermonuclear event for search due to the intimacy and inherent 'Internet-ness' of the data - versus Apple, who can get away with incidents like introducing Intelligent Tracking Prevention - two years later, it turned out it was a globally unique identifier that also leaked your web history [1] Yet, because Apple didn't have a perceived incentive to leak this information, people see it as a 'mere' competency issue and move on.
Nah it’s because Google and Facebook earn their money with advertising, which implies data. Apple, on the other hand, earns their money by selling hardware.
It’s a different value exchange, and Apple doesn’t really have a lot to gain by becoming a “bad actor” with data. See also, for example, their planned advertising tracking protections coming up in 2021. They don’t have a lot to lose in this area, and a lot to gain.
I think that analysis is adequate for describing why Apple shouldn't be a bad actor with data, but, they meet the criteria for one - the security incidents the past couple years (supercookie, history leak, root, leaking app launches in plaintext...), assisting government access, softening E2E encryption to de facto unencrypted...
>If this was from Google or Facebook, there’d be angry mob about how dear they logged IP in the first place.
Google and Facebook already do that. And of course with them there's no way to stop it either for most of their properties, as they're 100% web based.
Plus, in the excerpt you're quoting the say they stopped logging IP address for dev tests -- logging those (and more) are par for the course in all kinds of debug environments (from MS, Oracle, etc.), that Apple doesn't anymore is probably impressive.
This IP logging might not be legal under GDPR, Apple did not need the IP for this purpose of revoking a certificate and it was proven that almost all user had no idea that this even happens each time they launch an app. But the cherry on the cake is that all of this was not encrypted so even if a users would have accepted this stuff with the TOS dark pattern they did not accepted that this data would be visible but third parties.
A few years/months ago this would have been considered a conspiracy, today is just fine for most because "think about my mother" , I agree with the secure by default but don't forget that when Apple decides or is "forced" to remove an application you have no workaround on iOS around that and this "feature" will come to the laptop and desktop if users don't demand it and keep bringing the mom argument.
There has been an angry mob. This week I learned (from HN) that because I prefer macOS I must be suffering from Stockholm syndrome, enabling technology dictatorships and generally bringing about the end of the world.
> A new encrypted protocol for Developer ID certificate revocation checks
Apple's online verification scheme still seems to be the wrong approach both for privacy (since it leaks information) and for security (since apps still need to keep working offline and during service outages.) Encrypted queries can still leak information to observers, and we apparently still have to trust Apple to "remove" information from their logs (rather than simply not logging to begin with.)
Dev certificate revocations are rare enough that they can be handled by periodic updates to an on-device revocation list. This is similar to what Chrome does with its CRLSet.
I am still waiting for someone providing a plausible explanation as to why it has to be online check and not like AntiVirus where signatures are pushed to the client.
Instead everything were derailed into Apple Data Collection.
Let it be known: one asshole yelling on his personal blog can bully the largest company in the world into encrypting their shit and deleting their logs, and, most importantly, providing a way of turning it off.
Remember that, kids. I’m as surprised as you are.
Now I have an even bigger and more difficult writing task ahead of me: rms cold emailed me today to ask me, point blank (and presumably non-rhetorically), why I am still running macOS.
That’s going to be a doozy, because he’s damn well right.
Apple listens to bad PR, the problem is that you have to be lucky, competent, or gifted enough to get it. Otherwise you might as well pound sand.
As for RMS…well, the issue is that the way he lives is just exceedingly difficult to keep up with in modern society. That being said, you could be instead taking steps to improve yourself by using Linux, but perhaps there exists a place in this world for people to slowly propose changes to macOS and make it better for millions of people alongside those who shout for radical change immediately. Maybe you should probe for what he thinks you should do.
There was absolutely a whole lot of luck involved here, no doubt. It wouldn’t have been possible at all without HN, dhh, Louis Rossmann and many, many others boosting the signal.
I’m just thrilled that so many people care about privacy. I mostly assumed it was a lost cause, given the status quo on mobile (where basically every app launch notifies 3+ companies and data brokers, with no way to turn it off).
Oh, what I wouldn’t give for Apple to sherlock Little Snitch and port it to iOS! I’m going to assume that their Safari ad privacy backtracking for Facebook means that this probably won’t happen, though.
good first start. What I still would like to see extra:
* option to notify user certificate got revoked. Short description why twitter style and link to details and give user choice to quarantine it or to still use it. This is in similar style what antiviruses do it telling you: 'this kind of malware name was potentially found but if we are wrong feel free to remove from quarantine'.
* revocation list is checked twice a day locally on the machine and twice a week (always on the same days) the current way remotely to strike a good balance as a default. Allow user to adjust frequency.
This should be added for literally every single "security" thing they've added since at least High Sierra. They've continually added features for improving system security that have proved to be major impediments to a computer being used as a general purpose computing device. A separate section (maybe under Security & Privacy, add in loads of warnings, I don't care) with a deep dive allowing users to enable/disable security features of macOS would be ideal
The general taboo asking users to even disable any of the security protections of macOS needs to disappear in my honest opinion. With Big Sur and Apple Silicon, I don't think that it's hyperbole anymore of a locked up macOS just tailored towards casual users and dragging along developers in the process.
<quote>
Privacy protections
macOS has been designed to keep users and their data safe while respecting their privacy.
Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the the next year we will introduce several changes to our security checks:
* A new encrypted protocol for Developer ID certificate revocation checks
* Strong protections against server failure
* A new preference for users to opt out of these security protections
</quote>