←back to thread

Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur

(twitter.com)
1183 points robenkleene | 2 comments | 20 Oct 20 15:51 UTC | HN request time: 0.001s | source
Show context
3pt14159 ◴[20 Oct 20 16:03 UTC] No.24838967[source]
This is one of those tough cases where software cuts both ways.

Some people are smart, informed developers that install a trusted tool to monitor their traffic and have legitimate reasons to want to inspect Apple traffic. They're dismayed.

Most people are the opposite and this move protects the most sensitive data from being easily scooped up or muddled in easily installed apps, or at least easily installed apps that don't use zero days.

Is the world better or worse due to this change? I'd say a touch better, but I don't like the fact that this change was needed in the first place. I trust Apple, but I don't like trusting trust.

replies(19): >>24838993 #>>24839043 #>>24839086 #>>24839126 #>>24839194 #>>24839419 #>>24840315 #>>24841406 #>>24841984 #>>24842961 #>>24843115 #>>24843241 #>>24844017 #>>24844287 #>>24844319 #>>24844636 #>>24845405 #>>24845660 #>>24845932 #
Wowfunhappy ◴[20 Oct 20 16:05 UTC] No.24838993[source]
If I install Little Snitch, it's because I trust Little Snitch to be responsible for my computer's network traffic, over and above anyone else.

I recognize that this won't necessarily apply to all users or all apps, but there needs to be a way for the user to designate trust. Apple services and traffic should not get special treatment.

replies(3): >>24839030 #>>24839084 #>>24842512 #
threatofrain ◴[20 Oct 20 16:12 UTC] No.24839084[source]
If you don’t trust Apple then you need something more than little snitch. Apple is responsible for both hardware and OS. What delta in security or trust is little snitch going to offer over Apple?
replies(2): >>24839186 #>>24842154 #
addicted ◴[20 Oct 20 16:20 UTC] No.24839186[source]
In this situation the question isn’t about whether or not Apple can be trusted.

Apple has clearly betrayed users’ trust in this situation.

People don’t install Little Snitch only to prevent nefarious third party activity. Some may want to know what traffic is going to and from their computers. Other may want to block all traffic for testing and/or research purposes.

I can trust that Apple is not doing something nefarious and still see that Apple is blatantly betraying the fact that people trusted when switching stuff like firewalls away from kext that it wouldn’t build backdoors for itself.

Also, any backdoors Apple builds for its own apps and services are simply an additional attack vector that could potentially be used by non Apple malicious actors.

replies(2): >>24839406 #>>24839483 #
threatofrain ◴[20 Oct 20 16:35 UTC] No.24839406{3}[source]
> any backdoors Apple builds for its own apps

Apple hasn't weakened the security of their devices to provide a secret way in, in fact, they made their systems even more robust.

The question absolutely is whether Apple can be trusted. Little Snitch works for other apps, just not Apple's apps. The remaining slice of the pie you're arguing for is whether or not we can trust Apple.

So what delta in security and trust over Apple are we getting by asking for this change, and how much insecurity and brittleness are we inviting to all other users with our ineffective software based firewall?

replies(3): >>24839460 #>>24839619 #>>24842479 #
addicted ◴[20 Oct 20 21:24 UTC] No.24842479{4}[source]
Bottom line is that Apple made software like Little Snitch switch away from kexts and then built in behavior that was unexpected, which would not have been possible for them to do while Little Snitch was based on kexts.

Whether this is malicious, not malicious, secure, insecure etc. is irrelevant to whether this is an untrustworthy action. It’s not what one would reasonably expect and is therefore a betrayal of users’ trust.

If Apple switched gatekeeper on MacOS to completely remove the option and the workarounds to run unsigned apps, it would certainly be more secure. It would also be a huge betrayal of users’ trust in Apple and the MacOS platform.

replies(1): >>24844110 #
dpkonofa ◴[21 Oct 20 01:46 UTC] No.24844110{5}[source]
>is therefore a betrayal of users’ trust.

I would disagree with that statement. The user bought an Apple computer so they clearly trust Apple already. If anything, the new frameworks make the system more secure which strengthens that trust for users. The only people really affected by this change are users who want granular control over everything whether it comes from Apple or not.

replies(2): >>24845087 #>>24846147 #
1. simion314 ◴[21 Oct 20 09:32 UTC] No.24846147{6}[source]
>The user bought an Apple computer so they clearly trust Apple

This is false, maybe I bought X because it was the least shitty choice.

replies(1): >>24864905 #
2. dpkonofa ◴[23 Oct 20 00:31 UTC] No.24864905[source]
That's fine but you bought it. When it comes down to it, America and capitalism run on the premise that you vote with your dollar. You voted with your dollar regardless of the mental gymnastics you did or didn't do to make that decision.