Shortly after macOS Big Sur officially launched for all users, there were reports of extremely slow download times, download errors, and, in cases where the download was performed, an error at the end that prevented installation.
At the same time, Apple’s developer website went down, followed by outages on iMessage, Apple Maps, Apple Pay, Apple Card, and some developer services. Then the reports flooded into third-party apps on Macs that Catalina and earlier wouldn’t start or hang, and other sluggish performances.
What was going on? One problem with Macs connecting to an Apple server: OCSP. Then developer Panic realized it had something to do with it
Hey Apple users:— Jeff Johnson (@lapcatsoftware) November 12, 2020
If you're now experiencing hangs launching apps on the Mac, I figured out the problem using Little Snitch.
It's trustd connecting to https://t.co/FzIGwbGRan
Denying that connection fixes it, because OCSP is a soft failure.
(Disconnect internet also fixes.) pic.twitter.com/w9YciFltrb
🤔 FYI, seems to be something going on with super sluggish app launching right now. It doesn’t seem to be just us. We are looking into it! https://t.co/RZduhcBwiX— Panic (@panic) November 12, 2020
Now security researcher and hacker Jeffry Paul has published a detailed overview of what he has seen and the privacy and security concerns associated with it in his “Your computer is not yours” post.
In modern versions of macOS, you simply cannot turn on your computer, start a text editor or eBook reader, and write or read without a log of your activity being transmitted and saved.
It turns out that in the current version of macOS, the operating system sends Apple a hash (unique identifier) of every program you run when you run it. A lot of people haven’t noticed this because it is silent and invisible, and instantly and properly goes down when you are offline. However, today the server got really slow and failed to hit the failsafe code path and all apps failed to open when connected to the internet.
He goes on to explain what Apple sees from the process:
Since this is done over the Internet, the server naturally sees your IP address and knows when the request was received. An IP address enables rough geolocation at the city and ISP level as well as a table with the following headings:
Date, Time, Computer, ISP, City, State, Application Hash
This means that Apple knows when you are home. When you are at work. Which apps do you open there and how often? They know when to open Premiere at a friend’s home on their wifi, and they know when to open Tor Browser in a hotel while traveling to another city.
Paul goes on to elaborate the argument that many readers might think: “Who cares?” He replies by stating that OCSP requests are unencrypted and that not only Apple has access to the data:
1. These OCSP requests are transmitted unencrypted. Anyone who can see the network can see it, including your ISP and anyone who has bugged their cables.
2. These requests go to a third-party CDN operated by another company, Akamai.
3. Apple has been a partner in the US Military Intelligence Community’s PRISM spy program since October 2012, which grants the US Federal Police and the military unrestricted access to this data at all times without a warrant. They did this more than 18,000 times in the first half of 2019 and more than 17,500 times in the second half of 2019.
This data represents a tremendous amount of data about your life and habits and enables someone with all the data to identify your movement and activity patterns. For some people, this can even pose a physical threat to them.
Paul mentions a few workarounds to prevent this tracking but points out that they may be gone with macOS Big Sur.
To date, it has been possible to block such things on your Mac using a program called Little Snitch (the only thing that is currently stopping me from using macOS). In the standard configuration, it allows all communication between the computer and Apple. However, you can turn off these default rules and approve or deny any of these connections and your computer will still work fine without bothering you Apple.
The version of macOS 11.0, also known as Big Sur, released today has new APIs that prevent Little Snitch from working the same way. With the new APIs, Little Snitch cannot check or block any processes at the operating system level. In addition, the new rules in macOS 11 even limp VPNs, so Apple apps simply bypass them.
trustdThe daemon responsible for these requests is in the new one
ContentFilterExclusionListIn macOS 11, this means that it cannot be blocked by a user-controlled firewall or VPN. Its screenshot also shows that CommCenter (for making phone calls from your Mac) and Maps can also get by your firewall / VPN and potentially affect your voice traffic and future / planned location information.
Paul points out that Apple’s new M1 Macs won’t run any earlier than macOS Big Sur and says it’s a choice:
You can have a fast and efficient machine, or you can have a private one. (Apple mobile devices have been like that for several years.) Without the use of an external network filtering device like a travel / VPN router that you have complete control, there is no way to boot an operating system on the new Apple Silicon Macs won’t call home and you can’t change the operating system to prevent it (or they won’t start at all because of the hardware-based cryptographic protection).
He updated the post to say that there might be a workaround via the bputil tool but that he will need to test it to confirm it.
Paul concludes, “Your computer is now serving a remote master who has decided it has permission to spy on you.
Given that Apple considers privacy and security to be two of its core beliefs, time will tell if Apple makes changes to the issues that were exposed when Big Sur launched.
You can find the full article by Jeffry Paul here.
FTC: We Use Income Earning Auto Affiliate Links. More.
For more Apple news, check out 9to5Mac on YouTube:
These were the details of the news Potential Mac privacy concerns emerge after server outages for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at de24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.