Regarding the news yesterday that apps on macOS needs to phone home

[tzm41]

The main observation there was that each app needs to phone Apple server when you open them on your Mac. Bad news is that the option to block that call is gone on Big Sur re: https://sneak.berlin/20201112/your-computer-isnt-yours/. TLDR: the daemon responsible for that has been added to an exclusion list and cannot be filtered by Little Snitch anymore.

I am not sure what the argument there is for Apple to collect all these information without an option for users to opt out, yet calling themselves a guardian of user privacy. If they are doing it on macOS I won't doubt it if somebody tells me iPhones are doing the same thing. Thus, Apple knows where you are, what IP address you have, and what apps you are using (the call sends a hash of the program, but it isn't hard for someone to hash all common programs and cross reference), all the time. And not just Apple, but ISPs and Akamai et al who can see this phoning home call that goes unencrypted.

Granted, I subconsciously hold Apple at a higher standard since they are front and foremost a hardware company that sells electronic devices, unlike Google or Facebook who sell user information. This still puts me at unease. Wondering what other Mac users think of this change.

 

[saudor]

yeah this can be a big problem potentially. I still have it blacklisted in my host file on mojave

 

[romanof]

I have come to terms that if you use the Internet, don't assume that anything is private. Encrypt it if it is really secret.

But, my concern about yesterday and the sudden realization that my apps can fail if Apple has a meltdown is much higher. If Apple really croaks or some bean counting MBA gets to be CEO then it appears that my software can be set to fail, and apparently even apps that don't come from them. Firefox was one example on the yesterday that was bouncing up and down in the dock for five minutes without loading.

Just another reason that I keep my Linux skills up to date and a Debian machine always ready to go.

 

[velocityg4]

I'm curious if MS does this as well. I know they have an activity history you may turn on/off. But not sure if that stops it totally.

While I do consider Linux. The big stumbling block for me is much of the software I use is Mac/Windows only. Nor do I want to deal with the likes of WINE.

Then again. I'm not overly concerned about privacy. If it does become an issue for me. I'll switch to Linux then. Also even if this phoning home bypasses your computers VPN. I don't see how it would bypass a router setup with a VPN.

 

[tzm41]

I have come to terms that if you use the Internet, don't assume that anything is private. Encrypt it if it is really secret.

But, my concern about yesterday and the sudden realization that my apps can fail if Apple has a meltdown is much higher. If Apple really croaks or some bean counting MBA gets to be CEO then it appears that my software can be set to fail, and apparently even apps that don't come from them. Firefox was one example on the yesterday that was bouncing up and down in the dock for five minutes without loading.

Just another reason that I keep my Linux skills up to date and a Debian machine always ready to go.

Agreed. Realizing that this isn't encrypted and yet Apple has that much control over how we use our computers is a little bit unsettling.

I'm curious if MS does this as well. I know they have an activity history you may turn on/off. But not sure if that stops it totally.

While I do consider Linux. The big stumbling block for me is much of the software I use is Mac/Windows only. Nor do I want to deal with the likes of WINE.

Then again. I'm not overly concerned about privacy. If it does become an issue for me. I'll switch to Linux then. Also even if this phoning home bypasses your computers VPN. I don't see how it would bypass a router setup with a VPN.

I made the wrong investment in switching from AirPorts to eero system. They don't have VPN support on router and it appears that the router itself might actually be a data collection hub for Amazon

 

[Benz63amg]

yeah this can be a big problem potentially. I still have it blacklisted in my host file on mojave

What address exactly needs to be blacklisted in the hosts file to to fix this issue? 0.0.0.0 ---- ?

I just went ahead and disabled Gatekeeper entirely on MacOS catalina by running the sudo spctl --master-disable script in Terminal, Is that enough to stop this data collection from Apple happening on my mac or do i still need to add some sort of an inclusion in the Hosts file as was mentioned in this thread?

Also, in the firewall settings on the Mac, there are several Apple processes that i allow incoming connections for, they are the daemons for the apple services such as sharingd, rapportd, netbiosd, mediasharind, gamed, avconferenced, Should all these that i just mentioned should have their incoming connections BLOCKED in the Apple firewall or left in the Allow list?

 

[romanof]

I'm curious if MS does this as well. I know they have an activity history you may turn on/off. But not sure if that stops it totally.

While I do consider Linux. The big stumbling block for me is much of the software I use is Mac/Windows only. Nor do I want to deal with the likes of WINE.

Then again. I'm not overly concerned about privacy. If it does become an issue for me. I'll switch to Linux then. Also even if this phoning home bypasses your computers VPN. I don't see how it would bypass a router setup with a VPN.

I could move back to Linux today. I have been an open-source guy since open-source began. But... As a Linux fanboy, it pains me to say that MacOS is much more polished and smooth than any GUI available for Linux. The apps... programs by themselves are as good as any on Apple, but their integration with each other is not. Data from one may have to be converted to be used in another, the control for the same function is in the same place on all Apple apps, but may be anywhere for an Linux program. And so forth. My PC is even more powerful than my really good iMac, but where the Apple machine is totally quiet, the Linux box fans are like a 747 in takeoff mode.

The one app that I could not leave right now is Scrivener, although they have a Linux version that is free and does work the same way and apparently, so far, without bugs. Don't quite trust it enough yet to actually write real stuff with it. If I did bite the bullet and move permanently, I would keep my MBA just for Scrivener.

 

[macdos]

What address exactly needs to be blacklisted in the hosts file to to fix this issue? 0.0.0.0 ---- ?

0.0.0.0 ocsp.apple.com

 

[saudor]

What address exactly needs to be blacklisted in the hosts file to to fix this issue? 0.0.0.0 ---- ?

I just went ahead and disabled Gatekeeper entirely on MacOS catalina by running the sudo spctl --master-disable script in Terminal, Is that enough to stop this data collection from Apple happening on my mac or do i still need to add some sort of an inclusion in the Hosts file as was mentioned in this thread?

Also, in the firewall settings on the Mac, there are several Apple processes that i allow incoming connections for, they are the daemons for the apple services such as sharingd, rapportd, netbiosd, mediasharind, gamed, avconferenced, Should all these that i just mentioned should have their incoming connections BLOCKED in the Apple firewall or left in the Allow list?

no i've always had gatekeeper disabled and it still did that yesterday. I added 127.0.0.1 ocsp.apple.com to my host file but in catalina it's a bit harder to edit it because of how the system volume is read only.

 

[Nermal]

I added 127.0.0.1 ocsp.apple.com to my host file but in catalina it's a bit harder to edit it because of how the system volume is read only.

I'm on 11.0.1 and I was able to edit it via 'sudo nano /etc/hosts', which is how I've been doing it since the PowerPC days. I can no longer ping ocsp.apple.com so it seems that the file is still respected.

 

[macdos]

no i've always had gatekeeper disabled and it still did that yesterday. I added 127.0.0.1 ocsp.apple.com to my host file but in catalina it's a bit harder to edit it because of how the system volume is read only.

/etc is really /private/etc, and so not part of the locked file system. /private also holds /tmp and /var, places that must be writable for any flavor if Unix to work properly.

You can also install Lulu and block it there.

 

[Xanderhoff]

Anyone recommend using Little Snitch for this - in Catalina?

 

[saudor]

I'm on 11.0.1 and I was able to edit it via 'sudo nano /etc/hosts', which is how I've been doing it since the PowerPC days. I can no longer ping ocsp.apple.com so it seems that the file is still respected.

/etc is really /private/etc, and so not part of the locked file system. /private also holds /tmp and /var, places that must be writable for any flavor if Unix to work properly.

You can also install Lulu and block it there.

Oh interesting and good to know. I use nano on ubuntu all the time but for some odd reason didnt even come to mind i could also do it on macOS.

 

[DimaVR]

With Big Sur you need to disabled that file SIP protection BS and other crap and I bet it will still phone back to apple server or your apple computer will run slow. Welcome to having almost OS running in the cloud ⛅️ lol

 

[steve62388]

The main observation there was that each app needs to phone Apple server when you open them on your Mac. Bad news is that the option to block that call is gone on Big Sur re: https://sneak.berlin/20201112/your-computer-isnt-yours/. TLDR: the daemon responsible for that has been added to an exclusion list and cannot be filtered by Little Snitch anymore.

I am not sure what the argument there is for Apple to collect all these information without an option for users to opt out, yet calling themselves a guardian of user privacy. If they are doing it on macOS I won't doubt it if somebody tells me iPhones are doing the same thing. Thus, Apple knows where you are, what IP address you have, and what apps you are using (the call sends a hash of the program, but it isn't hard for someone to hash all common programs and cross reference), all the time. And not just Apple, but ISPs and Akamai et al who can see this phoning home call that goes unencrypted.

Granted, I subconsciously hold Apple at a higher standard since they are front and foremost a hardware company that sells electronic devices, unlike Google or Facebook who sell user information. This still puts me at unease. Wondering what other Mac users think of this change.

Macrumors published an article about this just the other day. In it they quoted a Twitter user who says to fix the OCSP problem they used Little Snitch to deny the connection. So either that Twitter user is wrong, or your information is out of date.

Mac Apps Not Opening or Slow Due to Apple Server Issues: How to Fix For Now

If you are seeing long delays in launching apps or being unable to open Mac Apps at all, this may be due to Apple having significant problems right...

www.macrumors.com

 

[tzm41]

Macrumors published an article about this just the other day. In it they quoted a Twitter user who says to fix the OCSP problem they used Little Snitch to deny the connection. So either that Twitter user is wrong, or your information is out of date.

I was referring to the exact article you mentioned. I think the point is you can’t use Little Snitch to block it anymore with Big Sur.

Granted, other users have mentioned above that editing hosts file is still a viable way to block its connection.

Bigger question is, what does this mean for average users who don’t mess around with their hosts file? They are provided no way to opt out of this.

 

[PinoRavvit]

And I had preordered a new Macbook too... I'm starting to regret my purchase.

 

[steve62388]

I was referring to the exact article you mentioned. I think the point is you can’t use Little Snitch to block it anymore with Big Sur.

Granted, other users have mentioned above that editing hosts file is still a viable way to block its connection.

Bigger question is, what does this mean for average users who don’t mess around with their hosts file? They are provided no way to opt out of this.

Actually, I might have made a mistake in my thinking. I have no idea if that Twitter user was using Big Sur.

I checked Little Snitch”s blog because I thought it might have been something they would mention. Nothing as yet.

 

[romanof]

And I had preordered a new Macbook too... I'm starting to regret my purchase.

Yeah. I was going to self-give a Christmas present of an MBA but now I think I will wait and let this episode play out to see what is accurate and what is not. I have learned not to allow the blood pressure to skyrocket from an item seen on the 'net until it is verified. Although... That being said, the failure of non-Apple programs to load and run on my non-T2 equipped iMac, yesterday, because of a gotcha at Apple is a fact, not a BS post from a troll.

 

[junkw]

I will not install this OS

 

[ondioline]

I'm curious if MS does this as well.

Yes. MSIX packages are signed, and have to check against a CA for revocation.

That is literally all thats happening here. OCSP is an open standard for TLS certificates and such.

And not just Apple, but ISPs and Akamai et al who can see this phoning home call that goes unencrypted.

Your ISP can also see all of your DNS queries, as well.

 

[Puonti]

Thus, Apple knows where you are, what IP address you have, and what apps you are using (the call sends a hash of the program, but it isn't hard for someone to hash all common programs and cross reference), all the time.

Ignoring the rest of it for the moment, doesn't Apple already know these things (in bold) through other functions of their operating systems, such as the push notifications? Those go through Apple's servers, and I imagine when delivering notifications to your device its IP address (and thus geolocation) is known.

 

[sashavegas]

Objective Development - Help Center

Get all the help you need for Little Snitch Mini, Little Snitch, LaunchBar and Micro Snitch.

obdev.at

that what little snitch cannot block anymore. From their site

 

[Benz63amg]

no i've always had gatekeeper disabled and it still did that yesterday. I added 127.0.0.1 ocsp.apple.com to my host file but in catalina it's a bit harder to edit it because of how the system volume is read only.

What i dont get is this and id like some clarification(This is regarding Catalina by the way, Not Big Sur as we already know Big Sur is pretty much immune to disabling this setting), if i was to add that address to my hosts file WITHOUT turning off gatekeeper using the simple Terminal command (sudo spctl --master-disable) , Does gatekeeper still function in protecting the mac from malware or once that address is blocked in the Hosts file then gatekeeper is pretty much useless whether its turned on or off? (Which means the mac is now prone to Malware, Right?)

So basically, the ONLY way to stop this transmission of data going back and forth on what apps any individual uses is by insert that address into the Hosts file? Simply disabling gatekeeper in the terminal using the Command i mentioned above does NOT stop the transmission of data to ocsp.apple.com.

 

[Mr.Blacky]

Please can someone clarify, what data exactly Apple is collecting and what they do with that data?