Most active commenters
  • astrange(4)
  • saagarjha(4)

←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
398 points djoldman | 12 comments | 06 Nov 24 13:48 UTC | HN request time: 2.273s | source | bottom
1. jasongill ◴[06 Nov 24 16:03 UTC] No.42064335[source]
The core of this article, if I understand it correctly, is that macOS pings Apple to make sure that apps you open are safe before opening them. This check contains some sort of unique string about the app being opened, and then there is a big leap to "this could be used by the government"

Is this the ideal situation? No, probably not. Should Apple do a better job of communicating that this is happening to users? Yes, probably so.

Does Apple already go overboard to explain their privacy settings during setup of a new device (the pages with the blue "handshake" icon)? Yes. Does Apple do a far better job of this than Google or Microsoft (in my opinion)? Yes.

I don't think anyone here is claiming that Apple is the best thing to ever happen to privacy, but when viewed via the lens of "the world we live in today", it's hard to see how Apple's privacy stance is a "scam". It seems to me to be one of the best or most reasonable stances for privacy among all large-cap businesses in the world.

replies(2): >>42065776 #>>42070799 #
2. max_ ◴[06 Nov 24 17:27 UTC] No.42065776[source]
Have you read the linked article?
replies(2): >>42067961 #>>42070534 #
3. jasongill ◴[06 Nov 24 19:32 UTC] No.42067961{3}[source]
Yes, that's why I commented, because the article's core complaint is about the fact that the OS'es Gatekeeper feature does an OCSP certificate validation whenever an app is launched and there's no way to disable it, and that supposed calling home could leak data about your computer use over the wire.

However, it also has a LOT of speculation, with statements like "It seems this is part of Apple’s anti-malware (and perhaps anti-piracy)" and "allowing anyone on the network (which includes the US military intelligence community) to see what apps you’re launching" and "Your computer now serves a remote master, who has decided that they are entitled to spy on you."

However, without this feature (which seems pretty benign to me), wouldn't the average macOS user be actually exposed to more potential harm by being able to run untrusted or modified binaries without any warnings?

4. pertymcpert ◴[06 Nov 24 22:29 UTC] No.42070534{3}[source]
Did you?
5. astrange ◴[06 Nov 24 22:50 UTC] No.42070799[source]
> This check contains some sort of unique string about the app being opened,

It's not unique to the app, the article is just wrong. It's unique to the /developer/, which is much less specific.

replies(1): >>42073631 #
6. saagarjha ◴[07 Nov 24 05:18 UTC] No.42073631{3}[source]
Yeah, no. This is a stupid argument. If you’re opening an app signed by Mozilla Corporation it’s probably Firefox. If you’re opening an app from [porn app publisher] guess what, it’s a porn app. Nobody cares which one.
replies(1): >>42073947 #
7. astrange ◴[07 Nov 24 06:19 UTC] No.42073947{4}[source]
The difference is that it happens much less often because it's cached.
replies(1): >>42074643 #
8. saagarjha ◴[07 Nov 24 08:12 UTC] No.42074643{5}[source]
Again, how does this help the "I opened app from porn developer now my computer broadcasts that I did that" case?
replies(1): >>42074990 #
9. astrange ◴[07 Nov 24 09:07 UTC] No.42074990{6}[source]
I just checked my Steam library and none of them use codesigning so I guess that solves that. Video playing apps do though, so depends on plausible deniability.

It does seem like this could be fixed using the private relay system. It certainly doesn't need to be unencrypted.

replies(1): >>42075064 #
10. saagarjha ◴[07 Nov 24 09:20 UTC] No.42075064{7}[source]
Who would run the intermediate hop, though? Other Macs?
replies(1): >>42084845 #
11. astrange ◴[08 Nov 24 07:04 UTC] No.42084845{8}[source]
Randomly selected CDN companies.

https://security.apple.com/documentation/private-cloud-compu...

replies(1): >>42093704 #
12. saagarjha ◴[09 Nov 24 10:48 UTC] No.42093704{9}[source]
I guess it would be nice if they added that then :)