macOS unable to open any non-Apple application

I don't know about you, but hashes of the binaries I run don't exactly reveal any sensitive personal information about me. That said, obviously they should have much more graceful degradation in place for when something is wrong with the service.

In this case, isn't the hash of the binary consistent across all devices, so Apples can in fact derive exactly which binary you're running (assuming they have a large database of application binary and hashes)?

It reveals how often I am running new software, it reveals what time of day I run new software, it reveals what networks I connect from

"Hey Siri, select every Tor Browser user in America for additional screening."

> assuming they have a large database of application binary and hashes

A database like an "app store"?

> I don't know about you, but hashes of the binaries I run don't exactly reveal any sensitive personal information about me.

If they know the hash of (let's say) a pr0n app which you run, then I'd say that's pretty damn sensitive information Apple is getting.

yup! and the variety of ways to leak that information along the way...Privacy(tm)!

Yes. My personal data involves what I do within those apps, not which ones they are.

That's not even close to true. Apps that you have downloaded can reveal a massive amount of potentially personal information.

Think about someone having a dating app that would out them. Or a therapy app that they don't want people to know about. And that just scratches the surface.

I don't think that's necessarily true. Meta data about your usage can be very revealing in itself. To use an analogy, if someone tracked every location you visited that'd be very invasive, regardless of whether they recorded any details about what you did at those locations.

Only if linked to personally identifiable information. Do we have any evidence this is happening?

Its what apps you’ve got, exactly when and how often you use them, and where you are at those times via network info. Casual gay pickup app, last night in a coffee shop in the red light district, while your wife thought you were at the office working late for example.

Part of it is that, when we're talking about a traditional computer (contrasted with a phone), all of that stuff happens in the web browser these days. The average user's native binaries are mostly limited to said web browser, some work communication apps, maybe a notes app, maybe some dev tools or office tools or media tools depending on the person. Nothing remotely interesting to advertising companies. Maybe that will change with the new iOS app support, but I kind of doubt it.

And anyway, when we are talking about a phone, it would be literally impossible to run an app store without recording (and personally identifying!) that information. Maybe that's one more argument to allow third-party app stores, which I'm not against (though who knows if they're more trustworthy with that data?), but nevertheless.

My point is that in the grand scheme of privacy concerns, this is a very silly hill to die on. In the grand scheme of system reliability, on the other hand, it's totally legitimate to be upset that this effectively took down thousands of expensive workstations across the world for a few minutes.

That's unrelated to my comment. I was simply responding to the astoundingly wrong claim that "My personal data involves what I do within those apps, not which ones they are."

You are moving the goal posts.

It is also trivially linked to ip address, which is usually personally identifying.

> My native binaries are mostly limited to said web browser, some work communication apps, dev tools, maybe a notes app. Nothing remotely interesting to advertising companies.

Translation: "I've got nothing to hide".

That's a bad-faith reading of what I said. I've edited it to be extra unambiguous.

What about the hash of a password cracking binary or the hash of some sort of binary used for piracy or stripping DRM off of something? Or just in general the ability to profile users based on the apps they use seems completely trivial. I imagine it would not take a particularly brilliant data scientist to correlate people who use FTP programs or developer programs or whatever else with people who buy high value items from certain e-commerce sites, for example. Seems like a marketer’s dream if they could ever get access to that. And sure Apple wouldn’t do that, today, on purpose, but are you 100% certain that could never happen? And if there was some way to tie that illegal piracy app binary hash to you personally and the government came knocking with a subpoena, seems like something Apple might be forced to comply with. It’s a very slippery slope.

So you're okay with it because at the moment you personally (or at least some vague idea of the "average user") don't have any "interesting" apps on your traditional computer? You should step back and understand why this is the wrong way to look at it.

Take a look at the macOS App Store medical section. Doing a quick scan of the top apps there is one app to help with some diabetes pump, one for a personal ECG machine, one that says it's a "mobile lactation consultant". Those can reveal a lot about a person that they might want to keep private. Searching "therapy" or "dating" also shows many results that people might want to keep private.

Do you have any proof this is happening?

This is Apple we are talking about, which has the strongest privacy commitment of any device maker, and no advertising business outside of the App Store. Linking IP addresses to app certificate requests provides them zero benefit and exposes them to substantial brand damage.

I run Tor browser occasionally. That fact alone is sensitive personal information about me. It makes me stand out. Someday it might be held against me.

I already expect the ISP to detect my Tor traffic.

But I didn't expect Apple, of all companies, to have a detailed audit trail of every time I've ever opened it, to the nearest minute.

Do I have proof they have your ip address? Of course, that's how the internet works.

Do I have proof that they could be ordered by a court to store it? Of course, that's how warrants work.

Do I have proof they are currently storing it? No, nor was that ever the claim.

The information reveals in exquisite detail what times of day I'm working, what times I'm slacking off, which days I work too.

And whether I'm taking a long or short lunch break, or lots of breaks. Whether I stay in bed until late, or work late at night. It's enough to predict whether I'm a "good" worker.

It also reveals whenever I travel, which coffee shops and libraries I frequent and what times of day. It also reveals what time I open any of several video conferencing apps.

And the sort of thing some HR would like to browse when assessing job candidates. They wouldn't need to ask "do you know X", they could just consult the Apple log of how often I run the relevant commands. Things like "we see you ran 'git' an average of 145 times per day last month, tell us more about that".

And whether I'm running tools I "shouldn't".

All that seems quite sensitive and personal to me.

> It's enough to predict whether I'm a "good" worker.

If your employer is willing to be that invasive, they already have a much easier route for getting that information: forcibly installing surveillance software on your work machine.

> It also reveals whenever I travel, which coffee shops and libraries I frequent and what times of day.

How...? How would the binaries you're running have anything remotely relevant to say about this?

> They wouldn't need to ask "do you know X", they could just consult the Apple log of how often I run the relevant commands. Things like "we see you ran 'git' an average of 145 times per day last month, tell us more about that".

That's a pretty contrived use-case for a pretty significant and unscrupulous bit of data-sharing. From a PR perspective Apple would never intentionally and publicly share this data. So assuming this data is even stored anywhere after the check is complete, and assuming any personal identification is kept with it, both of which are huge ifs, that leaves a couple of possibilities:

- Hackers gain access to the data

- Government subpoenas the data

- Extremely lucrative contracts, probably from advertising companies, are enough to motivate Apple to sell the data despite the risk of a massive PR scandal

I don't see any of those falling under your proposed scenario of random employers casually perusing the logs.

I think that for some users, the applications they run and the frequency they run them at would be enough to identify them across time and accounts. I could change my identifier, even my name, but at the end of the day, I've been using the same apps for at least a decade more or less.

> If your employer is willing to be that invasive, they already have a much easier route for getting that information: forcibly installing surveillance software on your work machine.

The question was whether the information gathered is personal and sensitive.

The fact there is another way it could be gathered doesn't make the information less personal or sensitive.

> How...? How would the binaries you're running have anything remotely relevant to say about this?

Because your temporary IP address is part of the hash request, and that's usually enough to identify which major organisation's network you are on, not counting any geolocation.

Thus, coffee shop (which brand), library (government network), home or mobile, at least.

I expect the websites and services I'm using to have this when I'm using them. That's reasonable, I'm reaching out to them.

Apple itself is not a service I'm using constantly, so I don't expect it to be sent a minute-by-minute update of my movements whenever I'm doing work in a CLI, and happen to have wifi on.

(I don't use iCloud, btw. Perhaps people using iCloud expect activity to be streamed constantly.)

> From a PR perspective Apple would never intentionally and publicly share this data.

Again, the question was whether the information is personal and sensitive. That's a property of the information itself.

Not whether Apple intends to store it and share it.

> Because your temporary IP address is part of the hash request, and that's usually enough to identify which major organisation's network you are on, not counting any geolocation.

Okay. You realize that you literally have to turn off the network connection completely to prevent dozens of companies from getting this information every waking moment? Windows and even Ubuntu constantly send back basic telemetry, not to mention the many more less-trustworthy apps that are refreshing in the background, the websites you interact with (even with ads/tracking blocked, the site itself still knows your IP address and time of access!), and so on.

Maybe it's not the exact point I was making originally, but my point now is that this is a ridiculous thing to focus on in the grand scheme of privacy concerns. It might be the single least-privacy-significant network request that any of your devices ever makes. Personally, if that's the only cost, I'll take the tradeoff for the security benefits. But even if I didn't feel that way, it's not what I would be spending my energy worrying about.

That's scary. What if you set it up inside a Virtual Machine?

> You realize that you literally have to turn off the network connection completely to prevent dozens of companies from getting this information every waking moment

I do. (A look at my comment history would show I know quite a bit about networking.)

Again, the question being addressed, or actually the assertion being challenged, was: "hashes of the binaries I run don't exactly reveal any sensitive personal information about me"

I replied to show that those hashes do reveal that information.

But I threw in that how the hashes are sent (revealing the IP constantly) also reveals sensitive and personal information.

You might think that's inevitable, maybe so trivial it doesn't merit a mention. But in fact it isn't. It's purely a consequence of a technical decision. There are many ways Apple could perform the hash check without revealing your ephemeral IP to Apple.

Still, you asked what I thought was "how does sending your hash to Apple reveal where you go?".

Since you asked, I answered.

But perhaps I misunderstood your question, and you were asking how does Apple having the hash reveal where you are, not the act of sending it to them.

Fair enough.

I'm not an Apple user so forgive my ignorance here.

1. Do you need an apple account to use the app store?

2. Do you need to provide personal information to use an apple account (I'm thinking at least enough to get a credit card working for app purchases/subscriptions)?

3. Is the data sent to this anti-malware service linked to your Apple account or an apple hardware id? (Has someone wiresharked the data to confirm/deny)

Don’t forget that client IP geolocation gives coarse location, so they have your timestamped track log, too.

Big Sur prevents Little Snitch from blocking these system level connections, and these OS apps will also bypass any configured VPN.

1. Yes

2. Yes

3. I doubt it

But regardless of 3, simply by using the App Store at all (similarly to any other App Store out there) you're already giving them more information than they get from these hashes (at least for the apps that come from the store). I know for a fact that they keep a record of which apps you've downloaded there, associated with your account, because they check for updates and let you re-download them. As does the Android store. As does the Windows store.

I think this is more analogous to someone tracking what models of car you drive.

Ironically, if tor was already running, the check would run over tor and not be traceable. But to start it in the first place it would be traceable. Damn.

Correction: You don't need to login to install apps from Microsoft store and software control on Linux.

Android, yes playstore requires an account but you can install an alternative store without signing in.

The connection would run over tor, but the app you're running and any other PII could/would still be sent regardless.

And where you drive it since they track IP numbers.

Then the claim is ridiculous. Apple isn’t keeping any of this info, because it would have no purpose.