Most active commenters
  • Wowfunhappy(3)

←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 15 comments | 20 Oct 20 15:51 UTC | HN request time: 0.874s | source | bottom
Show context
3pt14159 ◴[20 Oct 20 16:03 UTC] No.24838967[source]
This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

replies(19): >>24838993 #>>24839043 #>>24839086 #>>24839126 #>>24839194 #>>24839419 #>>24840315 #>>24841406 #>>24841984 #>>24842961 #>>24843115 #>>24843241 #>>24844017 #>>24844287 #>>24844319 #>>24844636 #>>24845405 #>>24845660 #>>24845932 #
Wowfunhappy ◴[20 Oct 20 16:05 UTC] No.24838993[source]
If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

replies(3): >>24839030 #>>24839084 #>>24842512 #
1. threatofrain ◴[20 Oct 20 16:12 UTC] No.24839084[source]
If you don’t trust Apple then you need something more than little snitch. Apple is responsible for both hardware and OS. What delta in security or trust is little snitch going to offer over Apple?
replies(2): >>24839186 #>>24842154 #
2. addicted ◴[20 Oct 20 16:20 UTC] No.24839186[source]
In this situation the question isn’t about whether or not Apple can be trusted.

Apple has clearly betrayed users’ trust in this situation.

People don’t install Little Snitch only to prevent nefarious third party activity. Some may want to know what traffic is going to and from their computers. Other may want to block all traffic for testing and/or research purposes.

I can trust that Apple is not doing something nefarious and still see that Apple is blatantly betraying the fact that people trusted when switching stuff like firewalls away from kext that it wouldn’t build backdoors for itself.

Also, any backdoors Apple builds for its own apps and services are simply an additional attack vector that could potentially be used by non Apple malicious actors.

replies(2): >>24839406 #>>24839483 #
3. threatofrain ◴[20 Oct 20 16:35 UTC] No.24839406[source]
> any backdoors Apple builds for its own apps

Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.

The question absolutely is whether Apple can be trusted. Little Snitch works for other apps, just not Apple's apps. The remaining slice of the pie you're arguing for is whether or not we can trust Apple.

So what delta in security and trust over Apple are we getting by asking for this change, and how much insecurity and brittleness are we inviting to all other users with our ineffective software based firewall?

replies(3): >>24839460 #>>24839619 #>>24842479 #
4. Wowfunhappy ◴[20 Oct 20 16:39 UTC] No.24839460{3}[source]
> Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.

I'd consider poking a hole in firewalls to be providing "a secret way in", particularly in the context of Little Snitch. This isn't some antivirus bloatware that comes preinstalled, or a firewall imposed by corporate networks. The entire pitch of Little Snitch is that it enables you, the user, to monitor and control any bit of traffic that leaves your machine. No one was asking for Apple to bypass that.

replies(1): >>24841801 #
5. CharlesW ◴[20 Oct 20 16:40 UTC] No.24839483[source]
> Apple has clearly betrayed users’ trust in this situation.

That's a perfectly reasonable opinion to hold, but 99.9% of macOS users won't know the difference and will be safer for it.

Some of the folks who know the difference will also be fine with it. FWIW, I've used Little Snitch (only to prevent nefarious third party activity), and its biggest UX problem is that it treats legitimate OS traffic no differently than untrusted traffic.

6. _qulr ◴[20 Oct 20 16:51 UTC] No.24839619{3}[source]
> The question absolutely is whether Apple can be trusted.

This is a false dichotomy. I choose to use a Mac, but I also choose not to let my Mac phone home to Cupertino unless I allow it. Why can't I have that choice? Why does it have to be all or nothing? I'm only interested in the Mac, I have zero interest in Apple "services". It's a fine computing device, but I see no reason why the device has to continue to talk to Apple after I purchase it, except to download software updates — which I manually trigger.

It's not about trust, it's about choice.

EDIT: Now if Apple provided a way to easily disable all of those "services" that phone home, there would be a lot fewer complaints about this issue. But they don't.

7. mlindner ◴[20 Oct 20 20:03 UTC] No.24841801{4}[source]
ANY firewall inherently trusts the OS of the device it's running. They have to in order to function. The firewall sits on top of the OS, not underneath it. Even on Linux if you're running ipfw, the traffic first goes through the OS and then to your firewall.
replies(2): >>24842170 #>>24845430 #
8. kbenson ◴[20 Oct 20 20:42 UTC] No.24842154[source]
You're overloading "trust". I think most people trust Apple not to be malicious, but that doesn't mean they trust apple to omniscient and perfect.

A back-channel that you can't inspect but Apple can use is a back-channel that you can't inspect but malicious actors have found a way to use waiting to happen. Preventing you from seeing that traffic doesn't protect you, only protects Apple at your expense, since you have no way of detecting whether something fishy is going on.

9. Wowfunhappy ◴[20 Oct 20 20:43 UTC] No.24842170{5}[source]
Yes, but as a user, I expect the OS to behave in a transparent manner. If the OS provides a firewall API, I expect it to send all traffic through firewalls that use that API, not selectively redirect traffic from certain apps or domains.
10. addicted ◴[20 Oct 20 21:24 UTC] No.24842479{3}[source]
Bottom line is that Apple made software like Little Snitch switch away from kexts and then built in behavior that was unexpected, which would not have been possible for them to do while Little Snitch was based on kexts.

Whether this is malicious, not malicious, secure, insecure etc. is irrelevant to whether this is an untrustworthy action. It’s not what one would reasonably expect and is therefore a betrayal of users’ trust.

If Apple switched gatekeeper on MacOS to completely remove the option and the workarounds to run unsigned apps, it would certainly be more secure. It would also be a huge betrayal of users’ trust in Apple and the MacOS platform.

replies(1): >>24844110 #
11. dpkonofa ◴[21 Oct 20 01:46 UTC] No.24844110{4}[source]
>is therefore a betrayal of users’ trust.

I would disagree with that statement. The user bought an Apple computer so they clearly trust Apple already. If anything, the new frameworks make the system more secure which strengthens that trust for users. The only people really affected by this change are users who want granular control over everything whether it comes from Apple or not.

replies(2): >>24845087 #>>24846147 #
12. nitrogen ◴[21 Oct 20 05:45 UTC] No.24845087{5}[source]
This conflating of purchasing with trusting is harmful. It's an ongoing trend I've seen with large tech companies, with arguments of the form "You accept a tiny X, therefore your rejection of the giant Y is invalid."

We buy things from companies we don't implicitly trust all the time, because we can isolate and verify those things.

I don't always trust the supermarket to sell me non-moldy produce, but I can look at the produce and see whether it's moldy.

I don't trust oil companies not to destroy the environment, but if they sell me bad fuel it will be very clear.

I don't trust OS makers, but I can run firewalls and network sniffers to verify that the OS is behaving reasonably, and isolate it when it isn't. Until I can't.

13. saagarjha ◴[21 Oct 20 07:08 UTC] No.24845430{5}[source]
There is trust and there is visibility. Here’s an alternative example I actually do quite often: I attach debuggers and such to system processes. Not because I don’t trust them to not do something malicious, but knowing what they are doing is always useful to me. If Mail is randomly reading files from my Documents folder, perhaps something is wrong with it. Maybe I should just tell it that I can’t look there and see why it might be doing so. These are things that give me more control over my system, not things I engage in because of a lack of trust.
14. simion314 ◴[21 Oct 20 09:32 UTC] No.24846147{5}[source]
>The user bought an Apple computer so they clearly trust Apple

This is false, maybe I bought X because it was the least shitty choice.

replies(1): >>24864905 #
15. dpkonofa ◴[23 Oct 20 00:31 UTC] No.24864905{6}[source]
That's fine but you bought it. When it comes down to it, America and capitalism run on the premise that you vote with your dollar. You voted with your dollar regardless of the mental gymnastics you did or didn't do to make that decision.