Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
They are using an industry standard protocol. The same information is being sent out - unencrypted- every time you access any https website, on any OS and any major browser. Even more, every time you resolve an URL - that is also unencrypted.
and you appear to be a little confused between the purposes of 'gate keeper' and 'notarisation'
 
and the communication bypasses any tunnelling protocols you have in place and gives away your exact location, IP address and product you are running + plus other information. a browser honours any transport layers in operation.

The false claims that Apple somehow bypasses the firewall have been debunked multiple times. Some links to relevant discussion:



Also, where do you get the information that the location is part of Apples certificate validation request? As far as I am aware, all they send is the hash of the developers certificate.

and you appear to be a little confused between the purposes of 'gate keeper' and 'notarisation'

What does notarization has to do with any of this? We are talking about Apples use of RFC 6960 to communicate revoked software certificates.
 
The false claims that Apple somehow bypasses the firewall have been debunked multiple times. Some links to relevant discussion:



Also, where do you get the information that the location is part of Apples certificate validation request? As far as I am aware, all they send is the hash of the developers certificate.



What does notarization has to do with any of this? We are talking about Apples use of RFC 6960 to communicate revoked software certificates.
notarisation does the cert check EVERY time you call up an app
gate keeper does a single malware verification check the FIRST time you load up an app
 
The false claims that Apple somehow bypasses the firewall have been debunked multiple times. Some links to relevant discussion:



Also, where do you get the information that the location is part of Apples certificate validation request? As far as I am aware, all they send is the hash of the developers certificate.



What does notarization has to do with any of this? We are talking about Apples use of RFC 6960 to communicate revoked software certificates.
and that article points to one packet filter firewall product and is a general justification for the argument
 
notarisation does the cert check EVERY time you call up an app
gate keeper does a single malware verification check the FIRST time you load up an app

What are you even talking about. Notarization is the process of having an app tested for malicious code and verified by Apple. This is something that the developer of the app needs to do before distributing it. Notarization is done one time only and the user receives an already notarized application. There are no notarization checks when an app gets started.

Gatekeeper is the service responsible for checking whether an app is safe on runtime. I don't know too much about what components are formally parts of Gatekeeper, but I very much assume that certificate validity check is one of its core responsibilities.

and that article points to one packet filter firewall product and is a general justification for the argument

I find it hilarious how people start writing some cryptic and difficult to decipher messages after you make it clear they are in the wrong. I have no idea what your post means. I don't know what "the argument" is. The fact is: you were claiming that Apple is bypassing network transport laters and violate tunneling protocol. These claims are factually false. The links I have posted explain why they are false.

To sum it up: these false clams are based on the API misuse by some popular apps, which were using an application-level firewall to implement filtering instead of the system-level firewall. Basically, some people sued the wrong tool to do the job, suddenly discovered that the tool doesn't do the job it was never intended to do and started to blame the tool manufacturer. This is not a story of a malicious corporation trying to steal your data, this is a simple story of developer incompetence.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.