Your (Apple) Computer Isn't Yours

[1_rick]

https://sneak.berlin/20201112/your-computer-isnt-yours/

"This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city."

A slow-running server not delivering timely responses caused it so that NO third-party apps could be run if you were connected to the internet. "No problem, I'll just firewall it." In Big Sur, the OS can bypass firewalls.

 

[Zarathustra[H]]

https://sneak.berlin/20201112/your-computer-isnt-yours/

"This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city."

A slow-running server not delivering timely responses caused it so that NO third-party apps could be run if you were connected to the internet. "No problem, I'll just firewall it." In Big Sur, the OS can bypass firewalls.

Jesus.

George Orwell would love it.

I'm so glad I don't use Apple products.

Not that it is likely to help. Every single goddamn program is dialing home and stealing information about you these days. Only way to avoid it is to live in the forest and drink your own piss.

This is why we need draconian regulation to ban the practice. Make all data describing a person the property of that person, and make collecting or using it it without their explicit consent a crime. Also ban the many methods of tricking users into giving consent, or holding products or features hostage in exchange for user data.

I'm essentially proposing banning the entire business model of Silicon Valley except contextual ads. I don't give a shit if they whine or how many jobs might be lost. Our privacy is worth more than that.

 

[Dudhunter]

Run for office. I'll fundraise for you.

 

[Red Falcon]

As I, and many others have stated, 2020 is the true beginning of the dark cyberpunk future, and every day this year has proven that more and more.

 

[SecretStash]

But but but but Apple is supposed to care about our privacy unlike the evils of Google and Microsoft

 

[pendragon1]

we were just talking about this at work. cant wait to see the network usage...

 

[UnknownSouljer]

If true this is a serious issue.

EDIT: So basically in short, there isn't a main stream OS that isn't spying on you. Screwed on Windows 10, screwed on macOS. Computing on Linux isn't viable for me. Can't win.

 

[pendragon1]

 

[RanceJustice]

Some of us have been warning about this for years upon years. Unfortunately, many people who don't outright dismiss for one reason or another start to think "Well, unless I either escape to the woods somewhere and live off the grid and/or operate as a cyberpunk stereotype level of op-sec , "they" will get me anyway therefore there's no point". No! Its all a form of harm reduction! Yes, most people aren't going to have the skills, patience, wherewithal, or even necessity etc.... in order to pretend a Tier 1 state level actor's TLA's are after you, but that doesn't mean there's no value in both making personal changes and pushing for a massive change to regulatory compliance. Choose Linux for you OS, seek out open source software wherever possible, reduce or eliminate your dependence on centralized proprietary social media (substitution with "fediverse" alternatives is a good option ) be wary of your buying decisions on every level (not just tech, but other areas - especially food - are equally important).

Zara's correct that this isn't ever going to be "won" on a larger scale by individual action. Its simply too big and profitable in our current system and legal status quo. As I've said time and time again, we need to entirely restructure our privacy laws from the ground up to serve the modern globalized world. I'm not going to spit out a long history lesson here, a large series of circa 2000-ish era policies became the start of things rocketing off the wrong way, such as the post 9/11 PATRIOT Act and other privacy/security elements. The mere idea that the 4th Amendment has been ruled not to apply to digital property on the Internet because A) either either not "papers and effects" or B) Its stored, even ostensibly securely only for your use on the "cloud"/a server/some other machine and therefore isn't "yours" etc... should have been a huge warning! While some gov't rules and implementations are certainly part of the problem, the bigger issue is what the corporate world has done (and financed) with them, including the rise of proprietary social media, the "shrinking of the Web" to a handful of corporate overlords a la FAANG owning/controlling services used by most, and of course the rise of the "attention economy" and "surveillance capitalism". Those from Noam Chomsky to bloody Hideo Kojima have shown this to be predictable, but for a variety of reasons it was unlikely that the average person would make the changes necessary to really fight against these developments.

This will need to take an approach from both sides, the personal and the societal. While people ideally move for better choices in their personal sphere - what software to use, what to support, what to buy, what to advocate towards etc... that can be turned into a movement to revamp society's relationships with technology (and other concepts of the status quo). Privacy by design is a good start. By law, you can only gather the minimum amount of information necessary in order to perform a requested service, keep it under maximum safeguards and for the minimum time, and purge it when it is no longer necessary. This is the only way we can avoid the "dark cyberpunk future" element we're moving towards while still making use of technological benefits. You may think I'm being alarmist, but consider something like home automation or the "AI Assistant". Its full potential is only if it benefits and focuses on the user, whereas it is a disaster when the user is treated as an impediment or worse, the "product" from which to harvest data ; and both of those technologies already exist! (Note: Some ethical alternatives to the big names are the open source projects OpenHAB and MycroftAI , respectively. ) .

Of course we'll run into opposition. The entire industry right now is predicated on "out of sight, out of mind" big data collection exploitation. Its too easy to give tacit consent for huge amounts of near-limitless data mining in order to use any bit of software or hardware. Data and metadata from this can be extrapolated, correlated, exchanged, sold, traded and weaponized in ways that even a highly technical much less an average person would not be able to track! Existing laws on privacy are appreciated as most of the market operates without them, but projects in the EU and California are bandages on a more grievous wound - definitely beneficial, but not enough. None of what I propose is some technical impossibility, but we'll run into all sorts of screaming and attempts to blight both laws/projects to do so and those asking for them because frankly its too much easy money status quo. However, what worries me the most is that they'll weaponize the very data-gathering and analysis powers they have in order to defeat the threat to their bottom line; this is nothing new, just disappointing and frustrating.

If you want this to change, then start supporting those working for it. Back the Electronic Frontier Foundation, the American Civil Liberties Union, and the Free Software Foundation. Read works by Chomsky, Zuboff, and Snowden (among many others) about the dangers and what to do about them ; get friends and family to watch the Netflix documentary "The Social Dilemma", and similarly more accessible elements. When that came out, suddenly people who I've tried to talk about online privacy, the dangers of proprietary social media etc..for years suddenly came to me like they just figured out a great truth - which I of course encouraged them to share.. Also, be wary of attempts to divide and conquer - the industry laughs at you if you will be willing to stop supporting lots of legislators and activists who are most interested and likely to push for actual policies like those above when shouting talking heads (often industry funded "new media" ) call them "SJWs" et al, for instance. There's a road forward here, but it won't be easy or smooth. It will take multiple paths both personal and in terms of legislation in order to make real progress, while the "enemies" in this case are - as in most "good for the people, but not profitable for those exploiting them" situations - are extremely well funded and ready to manipulate the conversation. Be ready.

 

[UltraTaco]

Mates, it's safer for the society. For example, if the terrorists use apple iPhones, which they probably would; all their information is stored. When government needs information, they simply ask google or apple for it nd they know everything about the terrorists!

You have to give up some privacy for the greater good nd safety of the society. there is no other way.

 

[Nytegard]

if the terrorists use apple iPhones

Apple doesn't allow villains in media to use Apple products (iPhones, Macs, etc.). Little did we know it was because they care about presenting a realistic depiction of their products, because they spy on you so much, you couldn't possibly be committing those types of crimes without them knowing everything about the person (name, location, etc.).

 

[Bowman15]

FFS...

 

[SunnyD]

Waiting for the Microsoft Haters to come in here and... wait. This isn't a "Windows 10 is spyware" thread? I thought Apple was supposed to be our privacy savior. I'm officially confused now!

 

[[21CW]killerofall]

Apple is telling China to hold its beer.

 

[SecretStash]

Mates, it's safer for the society. For example, if the terrorists use apple iPhones, which they probably would; all their information is stored. When government needs information, they simply ask google or apple for it nd they know everything about the terrorists!

You have to give up some privacy for the greater good nd safety of the society. there is no other way.

Wouldn't say greater good. Apple doesn't want to share and doesn't help law enforcement crack open phones of criminals.
Greater good would be finding ways to avoid becoming like what China strives to be.

 

[Master_shake_]

Mates, it's safer for the society. For example, if the terrorists use apple iPhones, which they probably would; all their information is stored. When government needs information, they simply ask google or apple for it nd they know everything about the terrorists!

You have to give up some privacy for the greater good nd safety of the society. there is no other way.

I know you are being funny.

But the Paris shooters used no encryption and a stock sms app to plan a mass killing.

 

[Soulstorm brew]

"Your holding it wrong", I wonder how many would openly embrace the m1 with big sur if this news was plastered across MSM?

 

[UltraTaco]

I know you are being funny.

But the Paris shooters used no encryption and a stock sms app to plan a mass killing.

What?!?!??!taco didn't know!! how was this opportunity missed?! Where is AI? Where is all this surveillance?

 

[Dan_D]

Technically, the hardware is yours when you purchase it. However, the OS has never been owned by the consumer. Licensing agreements across the two plus decades I've been professionally involved with computers have always stated this clearly. This affords companies like Apple and Microsoft a lot of latitude in what they do with data as well as protecting their ability to harvest it.

 

[1_rick]

What?!?!??!taco didn't know!! how was this opportunity missed?! Where is AI? Where is all this surveillance?

AI and mass surveillance doesn't work too well when you avoid technology. How do you think Osama kept hiding so long? #1 thing his people did was to not use cell phones.

 

[UltraTaco]

Technically, the hardware is yours when you purchase it. However, the OS has never been owned by the consumer. Licensing agreements across the two plus decades I've been professionally involved with computers have always stated this clearly. This affords companies like Apple and Microsoft a lot of latitude in what they do with data as well as protecting their ability to harvest it.

Mate, that brings us to a other argument...if apple is your hardware, cn you install another operating system on it?

+++++

Mate 1_rick but SMS?? AI should've taken them out autonomously

Look hear!! Their surveillance is hard, and it's not even recent video!!

 

[1_rick]

AI should've taken them out autonomously

Skynet smiles.

 

[Aurelius]

Can I be a voice of caution here?

This has the whiff of the classic overhyped security issue, where people latch on to one story that makes unsupported assumptions about malice or overstates the severity. We've already seen people leap from "Apple is collecting more data than it really needs" to "omg Apple is spying on everything you do all the time." Is Gatekeeper grabbing too much info, or handling it in an insecure way? Quite possibly. Is Apple trying to track the habits of every single user? Not likely. This sounds more like an oversight (if a potentially serious one) than a sinister plot.

Besides, there's a tremendous irony to people who blast Apple for this yet eagerly chain themselves to Google and Microsoft, which collect plenty of data (and often more) on their own. If you're actually that worried about privacy, move every computer you use to Linux. And if you respond with "but I need Windows/Android/G Suite/etc. to run X..." then phoning home clearly isn't that much of a problem.

 

[Ur_Mom]

Waiting for the Microsoft Haters to come in here and... wait. This isn't a "Windows 10 is spyware" thread? I thought Apple was supposed to be our privacy savior. I'm officially confused now!

Windows has gone a bit overboard on it's data collection at times, and they've backed off on some of it. Microsoft really did take Windows 10 and make it very active when it comes to communicating back to Microsoft. Usage patterns, BSOD's, etc.. It's supposedly to make the product better, and it really has. But, it's definitely not a very quiet and easy to hide with OS. Apple is trying the same. Facebook... well, Facebook gets your info whether or not you have an account and just visit a site that has a Facebook module installed. Throw in some of the required (ish) Microsoft ID, Apple ID, etc. and they know all about your personal usage. They say they don't have ways to personally identify you as that information is scraped, but it's possible to still get it. I'm a Microsoft fan. Love them. But, yes, Windows 10 is leagues ahead in spyware type of activity vs. their previous editions. I'm personally fine with it and even run the much more spyware enabled Insider editions. Hell, I even submit feedback and communicate with the Insider team. I can't hide from them!

If you're on the internet, your information is being taken and compiled along with many others. Some personally identifiable.

I like the suggestion above - shut it all off, need to give explicit permission to use it, and cannot withhold the service if you say no.

 

[sfsuphysics]

So some years back when there was one of those "terrorist shootings" and the FBI was asking Apple to unlock the persons phone and Apple was like "Nope, we stand for privacy," that was just a ruse?

 

[Deleted whining member 223597]

So some years back when there was one of those "terrorist shootings" and the FBI was asking Apple to unlock the persons phone and Apple was like "Nope, we stand for privacy," that was just a ruse?

I would suggest looking into this instead of just reading headlines.

 

[cybereality]

This is even worse than Windows 10. And Linux has not been perfect either (remember Ubuntu sending desktop search data to Amazon?).

I guess you can't win. I used to love cyberpunk fiction, but now that it is real, it's not so fun anymore.

 

[LukeTbk]

That a bit of a deception, the I cannot boot any program if apple server is down without disconnecting from the Internet (and for how long it will permit offline usage....) at the same time you can feel the appeal, if you are a company using only signed by Apple application anyway, having your computer running only signed and unmodified application do sound extremely safe.

For security too (outside robbery and reselling of device), it feel like the packet sign didn't need to be IP/device signed too.

 

[tangoseal]

Jesus.

George Orwell would love it.

I'm so glad I don't use Apple products.

Not that it is likely to help. Every single goddamn program is dialing home and stealing information about you these days. Only way to avoid it is to live in the forest and drink your own piss.

This is why we need draconian regulation to ban the practice. Make all data describing a person the property of that person, and make collecting or using it it without their explicit consent a crime. Also ban the many methods of tricking users into giving consent, or holding products or features hostage in exchange for user data.

I'm essentially proposing banning the entire business model of Silicon Valley except contextual ads. I don't give a shit if they whine or how many jobs might be lost. Our privacy is worth more than that.

I am really trying to not be political and remain on topic, however, Tim Cook is a blow hard Chinese Communist supporter. Im not making an erroneous false claim. He literally attends Bilderberg and has been implicated by whistleblowers to be involved with Epstein and his monster girlfriend Ghislaine. Apple is so deep into the CC Party, Apple should have been legislated already in order to maintain national security. Since it is tech related be prepared for eternal global police state and lockdowns. Apple tech is a key player in bringing the Chinese social credit score (tyranny) system to the west. Unless your company requires you use Apple I dont see why anyone would want such a draconian 1984 Orwellian company's stuff.

And Z since were using the word draconian, I dont think the preservation of speech and personal privacy is draconian at all, and I agree with you. It would be draconian to pass legislation protecting the likes of Apple and Google. Elections have consenquences, its just too bad I cant voice my opinion here because that would cross the line of breaking the no politics rule.

 

[LukeTbk]

Tim Cook is a blow hard Chinese Communist supporter. Im not making an erroneous false claim. He literally attends Bilderberg

That sound like opposite (Bilderberg is quite the capitalist affair no ?), the kind of meeting the Margaret Thatcher, Stephen Harper, Clinton, Jared Kushner, Lindsay Graham, Pompeo, etc... type goes.

 

[Aurelius]

This is even worse than Windows 10. And Linux has not been perfect either (remember Ubuntu sending desktop search data to Amazon?).

I guess you can't win. I used to love cyberpunk fiction, but now that it is real, it's not so fun anymore.

First, let's see how Apple answers this. I have a feeling that article isn't telling the whole story, or if it is that Apple will address Gatekeeper's issues. I've just seen too many of these "everybody panic" stories fall flat to trust this one without a response.

Beyond that, Apple is still a big advocate of privacy, so claiming this is some giant spying effort is at odds with much of what we know it's doing in practice. I'd rather go with the company pitching privacy as a major focus than ones that not only don't focus on it as much, but have clearer incentives to violate my privacy.

 

[Mazzspeed]

Under Linux it's all my decision, my choice. I allow some data collection as I feel it's the least I can do to give back to the community for making such a great OS.

I don't feel limited by Linux in the slightest, there's a huge ecosystem of software available including Win32 titles via Wine/Proton/DXVK that are as easy to install as native Windows, and I'm not limited to certain titles due to muscle memory - I understand I have the capability to learn new things and ignore the naysayers.

 

[schoolslave]

Technically, the hardware is yours when you purchase it. However, the OS has never been owned by the consumer. Licensing agreements across the two plus decades I've been professionally involved with computers have always stated this clearly. This affords companies like Apple and Microsoft a lot of latitude in what they do with data as well as protecting their ability to harvest it.

The hardware won't be yours much longer either if Apple decides (maybe already does?) to lock down the TPM chip for verifying bootloader + kernel binary blobs.

 

[Dan_D]

The hardware won't be yours much longer either if Apple decides (maybe already does?) to lock down the TPM chip for verifying bootloader + kernel binary blobs.

Well that kind of crap is one of the many reasons why I dislike Apple as a company. This is the same shitty company that wants to sell you a monitor for several thousand dollars and then have the audacity to charge an additional $1,500 for a monitor stand. The company can fuck right the hell off. This is what happens when a company has a cult like following and no one calls the company out on their shit, or stops buying their bullshit.

 

[Aurelius]

Well that kind of crap is one of the many reasons why I dislike Apple as a company. This is the same shitty company that wants to sell you a monitor for several thousand dollars and then have the audacity to charge an additional $1,500 for a monitor stand. The company can fuck right the hell off. This is what happens when a company has a cult like following and no one calls the company out on their shit, or stops buying their bullshit.

$1,000, not $1,500. Still not great, but that's an iPhone's worth of price difference!

Also, I don't think it has anything to do with Apple's devotees or a lack of criticism (remember, the redesigned Mac Pro exists precisely because of criticism). The display is explicitly aimed at pros who'll frequently have their own VESA arms and wall mounts; not including the stand saves some money and resources. And when the stand is not only a niche product but strictly optional, there isn't much of an economy of scale. Apple may be pricing it at $1K because the company might only ever sell a small batch regardless of cost.

As it is, Gatekeeper is designed to proactively stamp out malware without requiring AV tools running constantly on your system. That doesn't excuse any excessive or insecure data collection on Apple's part, but there's no evidence to suggest Apple is using the info to serve ads or aid spies.

 

[schoolslave]

$1,000, not $1,500. Still not great, but that's an iPhone's worth of price difference!

Also, I don't think it has anything to do with Apple's devotees or a lack of criticism (remember, the redesigned Mac Pro exists precisely because of criticism). The display is explicitly aimed at pros who'll frequently have their own VESA arms and wall mounts; not including the stand saves some money and resources. And when the stand is not only a niche product but strictly optional, there isn't much of an economy of scale. Apple may be pricing it at $1K because the company might only ever sell a small batch regardless of cost.

As it is, Gatekeeper is designed to proactively stamp out malware without requiring AV tools running constantly on your system. That doesn't excuse any excessive or insecure data collection on Apple's part, but there's no evidence to suggest Apple is using the info to serve ads or aid spies.

Apple is the one tech company which still values user privacy and does _not_ just function as a data broker.
However, spyware isn't even the problem here, it's even worse: Apple is essentially controlling what you can and cannot do on physical hardware that you purchased. This is literally the slow eradication of "general purpose" computing - and that should scare everyone.

 

[1_rick]

That a bit of a deception, the I cannot boot any program if apple server is down without disconnecting from the Internet (and for how long it will permit offline usage....) at the same time you can feel the appeal, if you are a company using only signed by Apple application anyway, having your computer running only signed and unmodified application do sound extremely safe.

For security too (outside robbery and reselling of device), it feel like the packet sign didn't need to be IP/device signed too.

From what I've read, it was "you can't run any signed non-apple program while the server was not responding and you are online." Also, apparently, on Big Sur you simply can't run unsigned programs at all--but I might be wrong about that, and there might be exceptions like "if you have your own developer cert you can sign anything on your own machine" and you can't run an older OS on the new AS Macs.

 

[1_rick]

there's no evidence to suggest Apple is using the info to serve ads or aid spies.

I don't think anyone said they were. But with the information they collect, as the article mentioned, they can know where you are and what you're running when. Whistleblowers (for example) could be found by this--it's simply a higher-tech version of the way Reality Winner was discovered. Also, apparently the data is sent unencrypted to Akamai servers, so anyone between the end user and said server who can see the network data has access to it, not just Apple and Akamai.

 

[GoodBoy]

The fact that the destination server having issues causes apps to refuse to run is bad enough. But if they can block apps without option to override, yeah that's BS.

Data being sent unencrypted: huge fail.

The above is assuming its just for marketing use and nothing nefarious. But chances are it is part of the way in which they really can spy on you, give the data to the govt whenever they want it.
The telemetrics in Windows can be turned off pretty sure, and I've never heard of applications refusing to run due to them in any event.

Glad I've never owned a Mac or iPhone(home).

 

[Aurelius]

The fact that the destination server having issues causes apps to refuse to run is bad enough. But if they can block apps without option to override, yeah that's BS.

Data being sent unencrypted: huge fail.

The above is assuming its just for marketing use and nothing nefarious. But chances are it is part of the way in which they really can spy on you, give the data to the govt whenever they want it.
The telemetrics in Windows can be turned off pretty sure, and I've never heard of applications refusing to run due to them in any event.

Glad I've never owned a Mac or iPhone(home).

The funny thing: 1_rick just said he didn't see anyone making claims about Apple using this for ads or spying... and sure enough, you wander in making unsupported claims about ads and spying.

The larger issue, if this holds up, is that Apple is collecting more info than it likely needs and transmitting it without encryption. There's no evidence to suggest anything else. In fact, here's a piece noting that Apple doesn't send a hash every time you run apps, and that it might send some "opaque" data.