←back to thread

Catalina is checking notarization of unsigned executables

(lapcatsoftware.com)
361 points robenkleene | 3 comments | 23 May 20 09:42 UTC | HN request time: 0.001s | source
Show context
londons_explore ◴[23 May 20 14:03 UTC] No.23283004[source]
So you're telling me that every time I install a program in OSX, it pings apple to let them know what program I'm installing, my IP address, my location, and my OS version?

Sounds very Orwellian for a privacy focussed company...

replies(3): >>23283075 #>>23283270 #>>23283783 #
daneel_w ◴[23 May 20 14:36 UTC] No.23283270[source]
No, that's not what he's telling you. You're getting ahead of yourself with your question. He's telling us that macOS will consult with Apple regarding the "fingerprint" of an executable when you run it.
replies(1): >>23283313 #
londons_explore ◴[23 May 20 14:41 UTC] No.23283313[source]
But the fingerprint of photoshop is the same for everyone. If apple knows what the fingerprint of photoshop is (which they could easily find out), now they have a giant list of who installed photoshop and when, and from which IP address, and which IP location.

That data would be a wet dream for some IP lawyer looking for pirate copies of software...

replies(3): >>23283510 #>>23283999 #>>23288033 #
1. microtherion ◴[23 May 20 16:01 UTC] No.23283999[source]
The Photoshop binary is signed (presumably; it's been years since I last ran it), so this check would NOT be conducted.

Edit: What I should have said is that the binary is signed, notarized, and the notarization stapled to it, as described here: https://developer.apple.com/documentation/xcode/notarizing_m...

replies(1): >>23284621 #
2. lloeki ◴[23 May 20 17:13 UTC] No.23284621[source]
The author of the article mentioned explicitly that he signed a binary, and the check still occurred.
replies(1): >>23288230 #
3. tcoff91 ◴[24 May 20 01:20 UTC] No.23288230[source]
Did he staple the notarization though? They are 2 separate steps.