The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.
Robert Morris
IMO:
If your computer is connected to a network it isn’t secure. There is a reason that people who want to keep secrets use air gapped computers. And now it appears that “security researchers at Ben Gurion University in Israel have found a way to retrieve data from an air-gapped computer using only heat emissions and a computer’s built-in thermal sensors”
If you’ve ever used a credit card, your purchases are known. If you’ve ever made a phone call, cellular or hard line, who you called and the length of the call is known. Merchants know about you, your service providers knows, the government knows, and so does anyone willing to spend a few dollars to get a report gleaned from public records. Some on this forum are probably tired of me repeating this but I agree with Scott McNealy “You have zero privacy anyway . . .”
So, why get excited about some trivial information that Apple may or may not be gathering from your Mac? It’s not like we can do anything about it except move to a cabin off the grind on some mountain top.
Trivia: Robert Tappan Morris, the son of Robert Morris, released the Morris worm in November 1988, one of the first computer worms on the Internet. Just to see if it would work.
There are a lot of adversaries on the web targeting us. 98% of computer users don’t know what to do or even have an interest in protecting their privacy.
They need a big brother to protect them. I am rather in the Apple then in Microsoft or Google family.
Spreading conspiracy clickbait articles only does harm.
If you are knowledgeable study it, learn and educate people in your personal circle to empower them to be more savvy.
If you distrust Apple that much I suggest you read my fist reply and stop using social media like this forum.
During the installation/update process it would not be difficult to include an opt-out for Gatekeeper along with the appropriate “scary language” to dissuade the naive from doing so.
My lack of enthusiasm for how Apple is doing this is motivated both by a lack of transparency on the part of Apple (which weakens their “We care about privacy” message, whether or not it actually results in a net reduction of privacy), and by the fact that a failure such as we saw reveals a pretty serious implementation (and possibly design) flaw.
However, the title of the article is pretty inflammatory as well. Your computer is yours as long as you can install and run alternate operating systems. Lack of transparency aside, it’s unreasonable to dictate to Apple the operation of the software that they supply.
All Gatekeeper is doing is asking the Apple server to confirm that the signature on the app you downloaded and are running for the first time matches the signature generated when Apple Notarized the app (and that the signature hasn’t been revoked in the meantime).
Again, you DON’T need all of the information Apple is collecting to do that. There are TONS of examples of doing this without collecting the other information. At BEST this is a poor implementation.
Please be specific about what information you think Gatekeeper is sending to Apple beyond what’s cryptographically necessary to confirm the application’s signature on first launch.
I think it’s one of the better decisions Apple’s made. There’s long been concern among hardcore Mac users that Apple might lock down macOS they way iOS and iPadOS are (by making the Mac App Store the only way to install software on the Mac, for instance). Gatekeeper seems to exemplify Apple’s willingness to chart a middle ground on this, providing a level of security by default while still giving users the ability to override it and install unsigned apps either on a case by case basis or by turning it off entirely (or to choose to lock a machine down even further by limiting it to App Store apps only).
The issue in my view is not whether Apple is evil or ill-intentioned. Any reasonable individual must assume that this information is or can be gathered by domestic and foreign governments and bad actors. Bit by bit small pieces of information are being hoovered up, collected, and cross referenced to create profiles of individuals and their daily habits and personal life. Either Apple is a net contributor to this torrent of information or it is not. It is the principle of the thing. We either value personal autonomy and true freedom or we shrug our shoulders go back to playing with with our shiny toys.
The article has been picked up my MacRumors, so we can expect the usual explosion of drama. Which, in this case, is a good thing: it might force Apple to react, like it did with the Siri programs.
Wouldn’t you agree, though, that the implementation needs, ummm, refinement? I mean, c’mon, Macs crashing worldwide (yes, I know they didn’t really crash)?
Definitely. The Apple engineers designing this clearly didn’t consider a situation where the internet (presumably DNS) is reachable but the verification server isn’t. They obviously need to account for that. Of course, at the same time you don’t want a situation where an attacker could block you from reaching the verification server in order to get you to unknowingly run an unsigned app.
I’m sure some smart folks within Apple were handed just that assignment today.
