Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

SpiritSoul1008

macrumors member
Original poster
May 23, 2019
82
47
Did you guys read this article over at 9to5Mac? (Link)
Here is the original article by the researcher (Link)

I am pretty concerned with the changes that have been made in Big Sur, which could potentially allow any bad actors to spy on our location and app usage. According to this researcher, with these changes to the OS, we cannot even secure our computers with a VPN or Little Snitch. Is Apple lying to us about how security and privacy are priorities for them? What are your thoughts?
 
  • Like
Reactions: bwillwall
Yes thats really not good at all. I knew i stopped upgrading for a reason. I think at some point Apple believed in their position of security but thats obviously gone now.
 
  • Like
Reactions: SpiritSoul1008
Apple joined Prism in 2012.

The other companies: Microsoft (2007), Yahoo (2008), Google (2009), Facebook (2009), PalTalk (2009), YouTube (2010), Skype (2011), AOL (2011), Apple (2012)

Maybe after Steve Jobs died, Apple sold their soul.
 
  • Like
Reactions: katbel
It means the privacy apple talk about all the time is just propaganda to sell more products.
I don’t see it as propaganda. It’s more like marketing spiel. If you look at an iPad advertising/privacy settings. It clearly shows Apple is spying on you by informing you that it will show you ads based on your browsing habits aka “Personalized Ads”. You can turn it off but the ads will now be generic and they will push the same amount of ads.

Gee, that sounds an awful lot like Windows 10. As a previous poster in this thread mentioned, if you are on the internet, “you are being watched and data is being collected”. Linux is going in that direction many of its Distro’s. Canonical sold out to Amazon on Ubuntu. Everyone is doing it in one form or another.

Brave browser was pimping its privacy browser as they sold themselves like Apple does “what’s on your computer stays on your computer”. Well they got caught as well doing some shady stuff.

 
I don’t see it as propaganda. It’s more like marketing spiel. If you look at an iPad advertising/privacy settings. It clearly shows Apple is spying on you by informing you that it will show you ads based on your browsing habits aka “Personalized Ads”. You can turn it off but the ads will now be generic and they will push the same amount of ads.

Gee, that sounds an awful lot like Windows 10. As a previous poster in this thread mentioned, if you are on the internet, “you are being watched and data is being collected”. Linux is going in that direction many of its Distro’s. Canonical sold out to Amazon on Ubuntu. Everyone is doing it in one form or another.

Brave browser was pimping its privacy browser as they sold themselves like Apple does “what’s on your computer stays on your computer”. Well they got caught as well doing some shady stuff.

No matter what word you would like to use or direction the industry is going, it doesn't make me a happy customer.
 
Did you guys read this article over at 9to5Mac? (Link)
Here is the original article by the researcher (Link)

I am pretty concerned with the changes that have been made in Big Sur, which could potentially allow any bad actors to spy on our location and app usage. According to this researcher, with these changes to the OS, we cannot even secure our computers with a VPN or Little Snitch. Is Apple lying to us about how security and privacy are priorities for them? What are your thoughts?
I thought about maybe upgrading to Big Sur (didn't even upgraded to Catalina) but after what happened two days ago I will not upgrade anything. I was attracted by their proprietary chip , now I'm afraid of loosing all my privacy.
Lost trust in Apple , already it was already eroded but not in the "privacy" yet.
I read the article already, thanks
I'm so fed up with Apple. It hurts : I've been an Apple user for so long, 20 years and counting.
Here I'm trying to defend MY COMPUTER, maybe it's time to use it off line all the time, just for the sake of it
I'm nobody, but I'm annoyed if someone knows what color of socks I'm wearing in the morning
It really sucks 😟
 
Last edited:
That ad from Apple, "1984"? Didn't expect they would be the ones making it "possible" to help.
 
Does anyone know what rules to use in an external firewall to block this?
The exact type of rule would depend on your firewall. But basically you would need to set up an outbound rule (Lan to WAN) that would deny traffic to OCSP.APPLE.COM. I have it deployed on my SonicWall, and it works great. You can test the rule by pinging OCSP.APPLE.COM from any computer on the Local Area Network. If the rule works, the pings will be squelched; if the rule is not set up correctly, the pings will be answered.
 
Last edited:
  • Like
Reactions: gerinho and nt5672
The exact type of rule would depend on your firewall. But basically you would need to set up an outbound rule (Lan to WAN) that would deny traffic to ACSP.APPLE.COM. I have it deployed on my SonicWall, and it works great. You can test the rule by pinging ACSP.APPLE.COM from any computer on the Local Area Network. If the rule works, the pings will be squelched; if the rule is not set up correctly, the pings will be answered.
What ACSP does cover? I thought it was OCSP.apple.com
 
Sorry, typo: OCSP.APPLE.COM
Here is an example of the rule using SonicWall OS.
 

Attachments

  • Screen Shot 2020-11-14 at 2.37.12 PM.png
    Screen Shot 2020-11-14 at 2.37.12 PM.png
    134.6 KB · Views: 186
Apple joined Prism in 2012.

The other companies: Microsoft (2007), Yahoo (2008), Google (2009), Facebook (2009), PalTalk (2009), YouTube (2010), Skype (2011), AOL (2011), Apple (2012)

Maybe after Steve Jobs died, Apple sold their soul.

Prism was designed to track terrorism related activity during the war on terror. It was never fully implemented and there was no requirement for companies to join or stay. It existed mostly as a concept in a PowerPoint document leaked by Snowden.

Apple has gone on record as saying they are not part of it. They wouldn’t even help the FBI crack a terrorist’s phone, yet these stupid conspiracy theories remain.
 
There is no security issue there. It’s industry standard certificate validation. All operating systems do it. Usually it’s used to check web certificates, but Apple also uses it to verify the signed applications. Microsoft uses the same thing for their signed apps.

The claims made in the article are overblown and outlandish. They claim that Apple would log every time you start any app, which is not true (results are cached and Apple servers are only consulted once in a while). There is no personal data transmitted that we know of. They further claim that this data can be spied on to collect your app usage habits, since it’s not encrypted. But they completely ignore the fact that OCSP requests are never encrypted, and that there are many more sources of unencrypted traffic that would reveal your web browsing habits (like DNS requests) - which have been used in the entire computing industry since the beginning of internet.
 
  • Like
Reactions: planteater
There is no security issue there. It’s industry standard certificate validation. All operating systems do it. Usually it’s used to check web certificates, but Apple also uses it to verify the signed applications. Microsoft uses the same thing for their signed apps.

The claims made in the article are overblown and outlandish. They claim that Apple would log every time you start any app, which is not true (results are cached and Apple servers are only consulted once in a while). There is no personal data transmitted that we know of. They further claim that this data can be spied on to collect your app usage habits, since it’s not encrypted. But they completely ignore the fact that OCSP requests are never encrypted, and that there are many more sources of unencrypted traffic that would reveal your web browsing habits (like DNS requests) - which have been used in the entire computing industry since the beginning of internet.
I partially agree. But they should be encrypting outbound traffic to ocsp.apple.com. The other problem is whenever an ISP has an issue with intermittent connectivity (Comcast is known for that), Macs slow down to a crawl, as there is no hard connection failure when applications try to contact OCSP.APPLE.com. This happens quite often. Apple needs to address this, maybe have it time out quicker or something. It's infuriating when it happens.
 
Last edited:
  • Like
Reactions: planteater
This is being blown out of proportion. Apple is doing this to validate applications. That is a good thing from a security perspective.

You can be guaranteed that Apple is working on a fix so that it will not cause slowdown issues in the future.


 
I partially agree. But they should be encrypting outbound traffic to ocsp.apple.com.

If it is technically feasible and would actually help (I mean, wouldn't encrypting a known certificate hash with a known key just yield a different known hash?), sure, why not. I just don't see what the big fuss is. This is not sensitive data.

P.S. Found this https://stackoverflow.com/questions/13336695/ocsp-over-ssl-tls

The other problem is, unless Apple do something about fixing this, whenever an ISP has an issue with intermittent connectivity (Comcast is known for that), Macs slow down to a crawl, as there is no hard connection failure when applications try to contact OCSP.APPLE.com.

I think this is something we can all agree upon.
 
Last edited:
The exact type of rule would depend on your firewall. But basically you would need to set up an outbound rule (Lan to WAN) that would deny traffic to OCSP.APPLE.COM. I have it deployed on my SonicWall, and it works great. You can test the rule by pinging OCSP.APPLE.COM from any computer on the Local Area Network. If the rule works, the pings will be squelched; if the rule is not set up correctly, the pings will be answered.
Thanks.
 
Last edited:
  • Like
Reactions: leman
Have a look at this article


Gatekeeper checks apps on first launch to verify they are legit, a new OS install will trigger this when launch apps launch for the first time. This is not done at every app launch like the original article suggested.

I have no issue with this behavior and its how Apple positioned Gatekeeper.

I am happy to know that there are voices of reason out there. Thank you.
 
Does anyone know what rules to use in an external firewall to block this?
you can't, it has some internal exceptions that prevent it. you will need to block externally, PI_hole to block all calls. External VPN to obfuscate your location. the communication is unencrypted, is hashed but contains location, app details, time and date information, possibly a couple of other things (can't remember). the whole policy around 'data privacy' and Apple has to be debated, personally I feel very let down by the whole process. their processes simply aren't up to scratch. software testing, design, stuff simply 'just doesn't work' anymore. the hardware teams are great, silicon superb.. the software teams are $hite... adding a fresh layer of varnish simply isn't good enough, all the cracks are still showing.
 
you can't, it has some internal exceptions that prevent it. you will need to block externally, PI_hole to block all calls. External VPN to obfuscate your location. the communication is unencrypted, is hashed but contains location, app details, time and date information, possibly a couple of other things (can't remember). the whole policy around 'data privacy' and Apple has to be debated, personally I feel very let down by the whole process. their processes simply aren't up to scratch. software testing, design, stuff simply 'just doesn't work' anymore. the hardware teams are great, silicon superb.. the software teams are $hite... adding a fresh layer of varnish simply isn't good enough, all the cracks are still showing.

They are using an industry standard protocol. The same information is being sent out - unencrypted- every time you access any https website, on any OS and any major browser. Even more, every time you resolve an URL - that is also unencrypted.
 
They are using an industry standard protocol. The same information is being sent out - unencrypted- every time you access any https website, on any OS and any major browser. Even more, every time you resolve an URL - that is also unencrypted.
and the communication bypasses any tunnelling protocols you have in place and gives away your exact location, IP address and product you are running + plus other information. a browser honours any transport layers in operation.
 
  • Like
Reactions: AndyMacAndMic
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.