Maybe it's just me but the idea that my computer lets Apple (+ any LE organizations) surveil my app launches seems so much scarier than any malware.
replies(6):
If they know the hash of (let's say) a pr0n app which you run, then I'd say that's pretty damn sensitive information Apple is getting.
Think about someone having a dating app that would out them. Or a therapy app that they don't want people to know about. And that just scratches the surface.
Linked to your identity if you have a credit card saved for say iTunes.
And anyway, when we are talking about a phone, it would be literally impossible to run an app store without recording (and personally identifying!) that information. Maybe that's one more argument to allow third-party app stores, which I'm not against (though who knows if they're more trustworthy with that data?), but nevertheless.
My point is that in the grand scheme of privacy concerns, this is a very silly hill to die on. In the grand scheme of system reliability, on the other hand, it's totally legitimate to be upset that this effectively took down thousands of expensive workstations across the world for a few minutes.
It isn't just checking for malware, its broadcasting your app opening behavior to apple and anyone else who might be listening.
> It’s not like Apple us building a database of apps you’ve launched linked to your address and social security number.
You know this how? Seriously, I don't get why you would believe that.
Take a look at the macOS App Store medical section. Doing a quick scan of the top apps there is one app to help with some diabetes pump, one for a personal ECG machine, one that says it's a "mobile lactation consultant". Those can reveal a lot about a person that they might want to keep private. Searching "therapy" or "dating" also shows many results that people might want to keep private.
This is Apple we are talking about, which has the strongest privacy commitment of any device maker, and no advertising business outside of the App Store. Linking IP addresses to app certificate requests provides them zero benefit and exposes them to substantial brand damage.
They don’t have any significant advertising business. They don’t need to collect any personally identifiable information. They’ve promoted their brand by putting their customers privacy first.
So why would you believe they would intentionally risk all of that here?
I already expect the ISP to detect my Tor traffic.
But I didn't expect Apple, of all companies, to have a detailed audit trail of every time I've ever opened it, to the nearest minute.
Proof that if you are signed into any of their cloud services they know who you are? Is this a serious question?
Do I have proof that they could be ordered by a court to store it? Of course, that's how warrants work.
Do I have proof they are currently storing it? No, nor was that ever the claim.
And whether I'm taking a long or short lunch break, or lots of breaks. Whether I stay in bed until late, or work late at night. It's enough to predict whether I'm a "good" worker.
It also reveals whenever I travel, which coffee shops and libraries I frequent and what times of day. It also reveals what time I open any of several video conferencing apps.
And the sort of thing some HR would like to browse when assessing job candidates. They wouldn't need to ask "do you know X", they could just consult the Apple log of how often I run the relevant commands. Things like "we see you ran 'git' an average of 145 times per day last month, tell us more about that".
And whether I'm running tools I "shouldn't".
All that seems quite sensitive and personal to me.
Their Services business is moving them into Google levels of data collection.
https://medium.com/sensorfu/how-my-application-ran-away-and-...
That said, "this has happened forever" is false too. These behaviors are relatively new and relatively under the radar. Many people don't know they exist to get upset about it.
If your employer is willing to be that invasive, they already have a much easier route for getting that information: forcibly installing surveillance software on your work machine.
> It also reveals whenever I travel, which coffee shops and libraries I frequent and what times of day.
How...? How would the binaries you're running have anything remotely relevant to say about this?
> They wouldn't need to ask "do you know X", they could just consult the Apple log of how often I run the relevant commands. Things like "we see you ran 'git' an average of 145 times per day last month, tell us more about that".
That's a pretty contrived use-case for a pretty significant and unscrupulous bit of data-sharing. From a PR perspective Apple would never intentionally and publicly share this data. So assuming this data is even stored anywhere after the check is complete, and assuming any personal identification is kept with it, both of which are huge ifs, that leaves a couple of possibilities:
- Hackers gain access to the data
- Government subpoenas the data
- Extremely lucrative contracts, probably from advertising companies, are enough to motivate Apple to sell the data despite the risk of a massive PR scandal
I don't see any of those falling under your proposed scenario of random employers casually perusing the logs.
I certainly trust that they are better than Facebook or Google on the privacy axis. I don't blindly trust that they are innocent.
Since maybe 2016-ish? https://en.wikipedia.org/wiki/FBI–Apple_encryption_dispute
The question was whether the information gathered is personal and sensitive.
The fact there is another way it could be gathered doesn't make the information less personal or sensitive.
> How...? How would the binaries you're running have anything remotely relevant to say about this?
Because your temporary IP address is part of the hash request, and that's usually enough to identify which major organisation's network you are on, not counting any geolocation.
Thus, coffee shop (which brand), library (government network), home or mobile, at least.
I expect the websites and services I'm using to have this when I'm using them. That's reasonable, I'm reaching out to them.
Apple itself is not a service I'm using constantly, so I don't expect it to be sent a minute-by-minute update of my movements whenever I'm doing work in a CLI, and happen to have wifi on.
(I don't use iCloud, btw. Perhaps people using iCloud expect activity to be streamed constantly.)
> From a PR perspective Apple would never intentionally and publicly share this data.
Again, the question was whether the information is personal and sensitive. That's a property of the information itself.
Not whether Apple intends to store it and share it.
Why would private company not utilize leverage? You have no source, you can't even turn off these checks without hacks. Privacy first is open source and audit. It is removing feature people don't want.
Okay. You realize that you literally have to turn off the network connection completely to prevent dozens of companies from getting this information every waking moment? Windows and even Ubuntu constantly send back basic telemetry, not to mention the many more less-trustworthy apps that are refreshing in the background, the websites you interact with (even with ads/tracking blocked, the site itself still knows your IP address and time of access!), and so on.
Maybe it's not the exact point I was making originally, but my point now is that this is a ridiculous thing to focus on in the grand scheme of privacy concerns. It might be the single least-privacy-significant network request that any of your devices ever makes. Personally, if that's the only cost, I'll take the tradeoff for the security benefits. But even if I didn't feel that way, it's not what I would be spending my energy worrying about.
You could easily see knowing how often an app is used on an OS to be useful business information if apple wanted to create software to get into a trend before it gets to big.
Of course that doesn't require fine grained time data just daily would be more than good enough.
However you could also see the business use of knowing if two pieces of software are often used together or sequentialy which could inform creating an all in one/integrated experience that would do well in a market. So you need that finer application timing.
Of course that doesn't require tying it to a particular user account,not even a device ID, just a sessionID that changes each time the device restarts would probably be granular enough.
However since we've got that other stuff in place per device wouldn't it be great to see if there's a correlation between people using an app on there Mac and using it or another App on there iphone, ipad, or watch. What piece of data can we include to match up a user across all their devices? Maybe some kind of obfuscated or derived userID.
Of course you'd hope that other interests such as a commitment to privacy would rule out the use of such a dataset. If Apple did have such a dataset then you'd hope they'd be doing whatever processes (social, business, and technical) it can to obfuscate and seperate how that dataset is tied to a specific user.
The only real argument against Apple not having it is the balance between the cost of creating/exploiting such a data set, the expected profit, and the legal and reputational costs of such behaviour.
A corporation's nature is determined by their business model.
If you want to apply that fable to, say, Apple's relationship with independent repair shops, I'd 100% agree.
> They don’t have any significant advertising business.
This refutes that they're the scorpion in this relationship.
I do. (A look at my comment history would show I know quite a bit about networking.)
Again, the question being addressed, or actually the assertion being challenged, was: "hashes of the binaries I run don't exactly reveal any sensitive personal information about me"
I replied to show that those hashes do reveal that information.
But I threw in that how the hashes are sent (revealing the IP constantly) also reveals sensitive and personal information.
You might think that's inevitable, maybe so trivial it doesn't merit a mention. But in fact it isn't. It's purely a consequence of a technical decision. There are many ways Apple could perform the hash check without revealing your ephemeral IP to Apple.
Still, you asked what I thought was "how does sending your hash to Apple reveal where you go?".
Since you asked, I answered.
But perhaps I misunderstood your question, and you were asking how does Apple having the hash reveal where you are, not the act of sending it to them.
Fair enough.
Yes... now. Can you say that with certainty 10 years from now? 15? 20? Would you want an evil Apple 10 years from now having that? Or one that a 3-letter agency forced to collect it and they could never tell anyone because National Security Letter? Is that a bet you want to take? One you NEED to take? Is it truly unavoidable, sufficient to justify such a thing?
The best bulwark against overreach is to not create the capacity for it in the first place. Power will only ever do 1 thing, and that's amass more power.
1. Do you need an apple account to use the app store?
2. Do you need to provide personal information to use an apple account (I'm thinking at least enough to get a credit card working for app purchases/subscriptions)?
3. Is the data sent to this anti-malware service linked to your Apple account or an apple hardware id? (Has someone wiresharked the data to confirm/deny)
Big Sur prevents Little Snitch from blocking these system level connections, and these OS apps will also bypass any configured VPN.
2. Yes
3. I doubt it
But regardless of 3, simply by using the App Store at all (similarly to any other App Store out there) you're already giving them more information than they get from these hashes (at least for the apps that come from the store). I know for a fact that they keep a record of which apps you've downloaded there, associated with your account, because they check for updates and let you re-download them. As does the Android store. As does the Windows store.
Presumably something changed, but so far I haven't heard an explanation that makes sense of it.
Android, yes playstore requires an account but you can install an alternative store without signing in.
They have a couple: https://searchads.apple.com, https://support.apple.com/en-gb/guide/adguide/apda0878bbd9/i....
They cover ads in Apple News, the App Store Search ads and promotions, and there's the results of Siri search I suppose too. But all of these are internal Apple products and marketplaces. They are not running advertising auctions to any bidder on the basis of guaranteed user groups or targeting strategies.
If you are in fact suggesting that they sell ads beyond their internal marketplaces I'd consider that motivation to move away from them myself, and I converted away from OSS when I got bored fixing my workstation more than my work.
It's hilarious: most of the journalism I'm finding via DDG search is anti-Apple from the advertisers perspective. All these bloggers and Forbes writers decrying the fact that Apple keep making it harder for third parties to exfiltrate user data. Outraged that Apple would use this data internally making the marketplace non-competitive to both "tiny ad networks" and "Apple's corporate rivals" alike.
This is bogus. It seriously strangles the capabilities of the rival giants to get hold of that trove of data, but the small ad networks, representing businesses with whom Apple has a formal supplier relationship (the Apple Developer Program) and no direct competition are really no worse off.
Shock and awe.
The big change that caused this flurry of self-serving smear? Making 3rd party advertising opt-in. Forgive me if don't swoon with relief that they are now holding off on this user-empowering, privacy focussed change until next year: "to give advertisers and publisher more time to prepare" and come up with ways to subvert the new order.
Throughout this whole discussion users are talking about "ecosystems" and buying in to one or the other, and the effort of changing. The original issue in this thread was serious, reasonably short-lived, and an infrequent screw up (though that frequency is increasing if you ask me). The issue of Apple's ads is moot. They protect their right to be custodians of the user data they hold (or own, I'm still kind of unclear on that) and they continue to shore up the fences that keep the wolves at bay.
Point me to another major hardware/software/data vendor who shares those values.
Anecdotally, I'm using Mojave and experienced this issue, a person I was trying to have a Zoom call with was experiencing the same issue on their Mojave.
I think there are enough comments scattered across Hacker News to safely conclude that it affected Mojave too - although it's possible the timeout behaviour / error handling is different to Catalina.
[1] https://gs.statcounter.com/macos-version-market-share/deskto...
Ubuntu uploads (at least it did couple years ago) your data to Amazon.
The Ubuntu Amazon fiasco is, if anything, evidence of extreme resistance to this kind of thing. The Linux community rejected Canonical's opt-out ad partnership with Amazon collectively and almost unanimously. The program was relatively benign, but it went against ideals of both users and developers, and there have been no repeats.
Did it happen? Yes. And that is enough information.
You have been called out for multiple falsehoods in your comments here and you've still failed to provide any evidence.
