Regarding the news yesterday that apps on macOS needs to phone home

[Benz63amg]

Exact.

If Apple relaxes on security, Wired and a billion other smoke-and-mirrors scaremongerers just pounce on the first exploit with gotcha clickbait articles that stay up forever without correction. These articles add friction to selling Apple hardware.

Apple may be miscalculating whether the flimsiness of network-based app checking will generate more negative brand image than not using it, but they didn't put themselves into this particular catch-22.

---

As for the OP question of what it signifies that Apple knows what apps we use, that's... totally small fries. If they look, they know you use a pencil, not what you are writing with it. (I could throw in that anyone opening an app to create something is presumably going to put that straight onto social media, but more important is that those in the exception have nothing to worry about).

I agree but what is the reason for one to NOT add ocsp.apple.com to the hosts file? Why would anyone want that data transmitted at all times potentially causing the Mac to experience issues such as the one that happened on Thursday on the big sur release day?

 

[brianmowrey]

I agree but what is the reason for one to NOT add ocsp.apple.com to the hosts file? Why would anyone want that data transmitted at all times potentially causing the Mac to experience issues such as the one that happened on Thursday on the big sur release day?

A user that trusts their own judgement on apps would naturally prefer to disable trustd. I'm not defending the inconvenience of such a user having to fight the OS on this but rather directing the blame to the pressures Apple faces, which result from an ecosystem of knowingly misleading clickbait generators.

 

[Benz63amg]

A user that trusts their own judgement on apps would naturally prefer to disable trustd. I'm not defending the inconvenience of such a user having to fight the OS on this but rather directing the blame to the pressures Apple faces, which result from an ecosystem of knowingly misleading clickbait generators.

trustd? isnt the address ocsp.apple.com?

 

[brianmowrey]

trustd? isnt the address ocsp.apple.com?

trustd is the deamon that blips to ocsp upon app opening (if I'm being sloppy it's because I'm not bothered to disable it)

 

[Benz63amg]

trustd is the deamon that blips to ocsp upon app opening (if I'm being sloppy it's because I'm not bothered to disable it)

so trustd is a process that runs in the background and is part of MacOS right?

 

[brianmowrey]

Yes. If you open Activity Monitor, go to Network, search/filter to trustd, you will see the packet count ratchet up each time you open a 3rd party App. But you'll also get a sense of how microscopically this is "slowing" anything down.

 

[SpiritSoul1008]

I've already added ocsp.apple.com to the hosts file. I haven't seen any noticeable issues. I think I will keep it this way until Apple convinces me otherwise.

 

[Benz63amg]

I've already added ocsp.apple.com to the hosts file. I haven't seen any noticeable issues. I think I will keep it this way until Apple convinces me otherwise.

I think im going to do the same, Did you keep Gatekeeper enabled or did you disable that as well? So basically the only change to MacOS is the addition of ocsp.apple.com to the hosts file to prevent the data collection from happening, Correct?

 

[SpiritSoul1008]

I think im going to do the same, Did you keep Gatekeeper enabled or did you disable that as well? So basically the only change to MacOS is the addition of ocsp.apple.com to the hosts file to prevent the data collection from happening, Correct?

Yes, I kept Gatekeeper enabled, and that's all I've done at this point until more news comes. Now I can no longer ping ocsp.apple.com, and activity monitor shows trustd is no longer sending any bytes when opening an application.

 

[bsmr]

Apple still remains the lesser of two evils being Google/Android and Microsoft/Windows.

Hm... For me it's a big issue. Apple says it's a privacy orientated company and did things like this... one does not know who to believe or not.

 

[SpiritSoul1008]

Hm... For me it's a big issue. Apple says it's a privacy orientated company and did things like this... one does not know who to believe or not.

That's why its important that Apple comment on the issue. They have been pretty good about addressing these things like after we found out contractors were listening in when Siri was used, and all the way back when they were accused of cooperating with Prism.

 

[Benz63amg]

Yes, I kept Gatekeeper enabled, and that's all I've done at this point until more news comes. Now I can no longer ping ocsp.apple.com, and activity monitor shows trustd is no longer sending any bytes when opening an application.

Can the blocking of this address in the hosts file cause apps to stop launching altogether after an X amount of time in MacOS?

 

[Apple_Robert]

https://twitter.com/i/web/status/1327441733605597185

I haven’t scanned the queries myself but according to this, sounds like app launches (since signature has to be checked) and ips would be worst case?

it’s not being “collected” perse, tho could be saved. It’s use is to protect against malware.

I think this entire thing is getting blown out of proportion by a lot of people. I don’t see anything nefarious going on.

 

[Benz63amg]

I think this entire thing is getting blown out of proportion by a lot of people. I don’t see anything nefarious going on.

How so? You don’t think your ip and which app you open and at which time during the day being transmitted to Apple without your knowledge at all times in the background isn’t an issue?

 

[sashavegas]

Business as usual. 99.9999% will ignore it and after several hundreds angry forum discussion posts it will be forgotten and everybody will be moving on until the next time. Than cycle will repeat.

 

[SpiritSoul1008]

Can the blocking of this address in the hosts file cause apps to stop launching altogether after an X amount of time in MacOS?

I have not had any issues in this regard. I assume that trustd checks if there is a connection, and then ends its phone home when it cannot send out. This is the same behavior it exhibits when the the user is actually disconnected from the internet.

 

[romanof]

Everyone on this thread (well, 99% anyway) are talking about privacy. If you are using anything more powerful than an Etch-a-Sketch you don't have any despite usage of Little Snitch and VPNs and such, and it will only get worse. Use the old sneaker-net if you want more privacy, although the recipient will probably just enter your information into their computer and so much for that. Time to move on.

But,has anybody noticed that Apple can turn off usage of (apparently) any app on a Mac, including stuff that didn't come from them in the first place? That seems to be scarier than an issue of privacy that you and a hundred lawyers can't effect anyway. I was on Mojave during the Apple hosing of their network, with only a passive connection to the net at the time, and nothing would load with any speed, or at all - Firefox, Gimp, Scrivener, etc. Notice, these are not Apple Store products.

So, lets say that some troll company decides that Firefox has blatantly used a patent for the movement of a mouse sideways to access the scroll bar and convinces some clueless judge of the horrible damage being caused by the theft. So a DMCA is issued to Apple requiring them to kill all usage of a product they have nothing do do with. See the problem here? Can't do that? Baloney. Someone can issue a DMCA takedown because your mailbox is painted in a color that I have patented. Will it succeed? No, but in the next weeks you can't get your snailmail until you have spent many thousand of dollars in the legal sector. Many, many thousands.

Or Tim Cook leaves and some bean counter MBA takes over and the first thing he brings up in a meeting, in the Big Round Circle, is the terrible problem of all of these third party programs being used on Macs all over the world that are not doing anything for the stockholders. "I need you to work on that, immediately." Guess what some of the suggestions will be...

Hmmmm.

 

[Benz63amg]

I have not had any issues in this regard. I assume that trustd checks if there is a connection, and then ends its phone home when it cannot send out. This is the same behavior it exhibits when the the user is actually disconnected from the internet.

I see, How can we verify whether gatekeeper is still doing its job with blocking malware after adding that change in the hosts file to prevent the unnecessary home calling?

 

[SpiritSoul1008]

I see, How can we verify whether gatekeeper is still doing its job with blocking malware after adding that change in the hosts file to prevent the unnecessary home calling?

Download a pirated app and run it. If it makes you authorize it in security pane of System Preferences, then it’s still working. It’s still working on my end.

 

[SpiritSoul1008]

Everyone on this thread (well, 99% anyway) are talking about privacy. If you are using anything more powerful than an Etch-a-Sketch you don't have any despite usage of Little Snitch and VPNs and such, and it will only get worse. Use the old sneaker-net if you want more privacy, although the recipient will probably just enter your information into their computer and so much for that. Time to move on.

But,has anybody noticed that Apple can turn off usage of (apparently) any app on a Mac, including stuff that didn't come from them in the first place? That seems to be scarier than an issue of privacy that you and a hundred lawyers can't effect anyway. I was on Mojave during the Apple hosing of their network, with only a passive connection to the net at the time, and nothing would load with any speed, or at all - Firefox, Gimp, Scrivener, etc. Notice, these are not Apple Store products.

So, lets say that some troll company decides that Firefox has blatantly used a patent for the movement of a mouse sideways to access the scroll bar and convinces some clueless judge of the horrible damage being caused by the theft. So a DMCA is issued to Apple requiring them to kill all usage of a product they have nothing do do with. See the problem here? Can't do that? Baloney. Someone can issue a DMCA takedown because your mailbox is painted in a color that I have patented. Will it succeed? No, but in the next weeks you can't get your snailmail until you have spent many thousand of dollars in the legal sector. Many, many thousands.

Or Tim Cook leaves and some bean counter MBA takes over and the first thing he brings up in a meeting, in the Big Round Circle, is the terrible problem of all of these third party programs being used on Macs all over the world that are not doing anything for the stockholders. "I need you to work on that, immediately." Guess what some of the suggestions will be...

Hmmmm.

Maybe it is time for Apple to be broken up. All this “integration” is not always good for the customer.

 

[Wowfunhappy]

See arn post: it's a standard OCSP message https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

Anyway, it's nothing new, this has been know for years…

This particular check was only introduced in Catalina, so it quite literally cannot have been known for "years", plural. (But you're correct it has been known for many months, there were a series of posts on Hacker News some time back.)

There have been quite a few examples of people who have downloaded a cracked or patched version of a commercial app or a freeware app that contained keystroke loggers that stole passwords and financial information from user’s computers. We also have the problem of company and government department systems being jacked for ransomware.

If an app can dial home to check the app’s checksum and developer signature haven’t been tampered with then you should be welcoming it.

This isn’t the 90s anymore. People do banking and purchasing on their computers more and more. Instead of trying to banish or cancel this new security feature, rationally suggest ways it could be better....if you can.

I see this as a matter of disclosure and user choice. Apple should have told users about this feature in Catalina's release notes, and provided a clear mechanism for turning it off that doesn't involve blocking a domain in your hosts file. If a broken server can prevent me from opening just about every app on my machine, that's something I need to know!

I help with tech support at a small design studio where everyone uses Macs. When this all went down on Thursday evening, a bunch of designers were unable to open Adobe apps and get work done. I knew exactly what was going on because I keep up on Mac internals stuff, but because we're all working remotely, I didn't have a good solution beyond toggling wifi and crossing your fingers. I couldn't effectively walk them through modifying a Hosts file, and I wasn't going to make them turn off Gatekeeper.

 

[haralds]

This is a red herring. Please read discussions other places.
The greatest danger to your privacy is your cell phone monitored by amoral cell companies who openly admitted to selling tracking info. Your location is known to cell towers, data is not encrypted.

 

[Benz63amg]

Maybe it is time for Apple to be broken up. All this “integration” is not always good for the customer.

So basically to summarize, we can confirm that by adding the address to the hosts file fully takes care of this major privacy issue of data transmission about how many times a day any given app is launched, what time etc and that gatekeeper continues to function properly with protecting MacOS from malware right?

 

[SpiritSoul1008]

So basically to summarize, we can confirm that by adding the address to the hosts file fully takes care of this major privacy issue of data transmission about how many times a day any given app is launched, what time etc and that gatekeeper continues to function properly with protecting MacOS from malware right?

Until there is more information, it’s probably the best we can do at the moment without introducing pi-holes and router VPNs.

 

[romanof]

Maybe it is time for Apple to be broken up. All this “integration” is not always good for the customer.

That cure might be worse than the disease. We have shipped much of our manufacturing overseas, then companies that make their bottom line from cheap crap made in China found they could fire their office employees and replace them with dollar-an-hour servant-farms in the third world. Apple and Amazon and Facebook and such are about the only thing we still dominate with. If they go, we are down to Mom and Pop merchants and they are going out of business daily for lack of customers.