[Updated with response from Apple] Macs are a privacy nightmare

Update: Overnight, Apple PR sent out an e-mail about this issue to multiple websites and blogs, including me, for some reason. The company has updated its knowledge base article about “safely opening apps” on the Mac with new information, including a number of promises to fix this issue in the near future:

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

o A new encrypted protocol for Developer ID certificate revocation checks
o Strong protections against server failure
o A new preference for users to opt out of these security protections

These are good promised changes, especially the first and third one. Turning off the security checks is the most welcome change, but it remains to be seen if this cripples the user experience in some other way.

It’s also interesting to note that I’ve been inundated by random people claiming there was no issue here at all, yet it seems Apple sure does disagree with that. A response like this over the weekend, emailed to not only the usual Apple news outlets, but also insignificant ones like OSAlert seems highly unusual for something that, according to a lot of random people, isn’t an issue at all.

Original story: Almost nine years ago, I wrote an article titled “Richard Stallman was right all along“, still one of the most popular, if not the most popular, articles ever posted on OSAlert.

That’s the very core of the Free Software Foundation’s and Stallman’s beliefs: that proprietary software takes control away from the user, which can lead to disastrous consequences, especially now that we rely on computers for virtually everything we do. The fact that Stallman foresaw this almost three decades ago is remarkable, and vindicates his activism. It justifies 30 years of Free Software Foundation.

And, in 2012, we’re probably going to need Free and open source software more than ever before. At the Chaos Computer Congress in Berlin late last year, Cory Doctorow held a presentation titled “The Coming War on General Purpose Computation“. In it, Doctorow warns that the general purpose computer, and more specifically, user control over general purpose computers, is perceived as a threat to the establishment. The copyright wars? Nothing but a prelude to the real war.

Yesterday, every Mac user got a taste of what happens when you don’t actually own the computers you pay a lot of money for. Because Apple wants to control everything you do with the computer you rent from them, and because Apple wants to know everything you do while using the computer you rent from them, a random server somewhere going down meant Mac users couldn’t open their applications anymore.

Why? Because applications on macOS will only open if Apple allows them to be opened, and that means macOS phones home every time you do anything on Apple’s Mac that you rented. This has some serious privacy implications, as Jeffrey Paul notes:

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.

It gets worse. The data that’s being sent as part of this phone home procedure is sent unencrypted, passes through third parties like Akamai, and since Apple is part of the US intelligence program PRISM, the US government has unfettered access to without the need for warrants.

I’ve been warning about the consequences of handing over control of our software and computers to corporations and governments for well over a decade now here on OSAlert, and every year, we seem to slide a little farther down the slippery slope, and every time, people wave it away. Yet yesterday, Mac users all over the world were confronted with the reality of being an Apple user today.

Macs are not yours. They are controlled, owned, and operated by Apple, and are an absolute privacy and security nightmare. Exactly as the Free and open source software movement has been warning about for 40 years now.

60 Comments

  1. 2020-11-13 7:55 pm
    • 2020-11-13 11:41 pm
      • 2020-11-14 5:10 am
    • 2020-11-14 6:34 am
    • 2020-11-14 10:07 am
    • 2020-11-15 8:16 am
      • 2020-11-15 8:27 am
  2. 2020-11-13 10:10 pm
    • 2020-11-14 3:17 pm
  3. 2020-11-14 2:22 am
    • 2020-11-15 8:21 am
  4. 2020-11-14 6:35 am
    • 2020-11-14 8:36 am
      • 2020-11-14 9:17 am
        • 2020-11-14 5:52 pm
          • 2020-11-14 7:58 pm
          • 2020-11-15 12:58 am
          • 2020-11-15 1:34 pm
          • 2020-11-15 2:14 pm
          • 2020-11-15 4:18 pm
    • 2020-11-14 3:33 pm
  5. 2020-11-14 8:33 am
  6. 2020-11-14 9:54 am
  7. 2020-11-14 10:37 am
    • 2020-11-14 5:54 pm
      • 2020-11-16 3:42 pm
        • 2020-11-16 4:23 pm
  8. 2020-11-14 7:51 pm
    • 2020-11-14 8:14 pm
      • 2020-11-15 3:25 am
      • 2020-11-15 1:10 pm
    • 2020-11-16 9:59 am
  9. 2020-11-14 8:16 pm
    • 2020-11-15 5:15 am
      • 2020-11-15 2:43 pm
  10. 2020-11-15 4:16 am
    • 2020-11-15 5:27 am
  11. 2020-11-15 4:57 am
  12. 2020-11-15 6:00 am
    • 2020-11-15 2:52 pm
      • 2020-11-15 5:17 pm
        • 2020-11-16 3:18 pm
  13. 2020-11-15 6:10 am
    • 2020-11-15 3:06 pm
  14. 2020-11-15 9:51 am
  15. 2020-11-15 1:33 pm
    • 2020-11-15 3:58 pm
  16. 2020-11-15 7:55 pm
    • 2020-11-16 12:17 am
  17. 2020-11-15 8:48 pm
    • 2020-11-16 12:06 am
      • 2020-11-16 10:13 pm
        • 2020-11-17 8:14 am
  18. 2020-11-16 10:24 am
  19. 2020-11-16 11:17 am
    • 2020-11-16 12:05 pm
      • 2020-11-16 1:12 pm
  20. 2020-11-16 11:21 am
  21. 2020-11-16 1:49 pm
  22. 2020-11-16 11:31 pm