Application trust is hard, but Apple does it well
security-embedded.comIf this unacceptable mess is "doing it well", perhaps the whole idea is doomed and should not be attempting to do it at all.
> It comes down to an argument of trust - do you trust Apple is acting in your best interests
No. I mean really very obviously no.
Neither Microsoft. Nor Google. Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?
It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
I'm entirely fine with people running "Trust" systems. But not when the platforms do it by force. If you want to pay McAfee, or some other service to force your computer to only run trusted code, then that's your choice. I might even be fine if Apple or Microsoft offered it as a service you have to pay extra for.
The problem is when one entity can lock down a platform entirely. Its a problem when its not a choice the user have. Its also a problem that even when the user wants all code to be verified, they cant choose who it gets verified by.
If yesterdays disaster had happen to a third party trust company, and not Apple, a lot of people would be looking for a new trust vendor today. Thats what should happen in a non-monopolistic market.
This plays into why Google is so big, doesn't it? Where by offering immensely valuable things (like trust[0], video hosting[1]) for free, people are willing to give up a host of freedoms assuming it doesn't directly impact them/the apps they use (which is most often doesn't, with the exception being Fortnite, and even then it just becomes another topic for reddit to have flame wars about).
0: https://www.marketwatch.com/press-release/global-antivirus-s...
1: https://www.theverge.com/2020/10/29/21531711/google-alphabet...
Mac market share is less than 10% in the US, even lower in other countries. I personally know at least one person who is considering not buying one next time around just because of this incident. Some people use tools that lock them onto a Mac, but most of that is just people that have to develop for Macs (and they’re stuck no matter what Apple does, because they need to test on Macs). The iOS/App Store monopoly arguments are one thing, but 10% is a monopoly now?
Just because a company sells a product that has some things one might want that no other market players bother combined with some things that they don’t like, doesn’t mean they’re “exploiting a monopoly”.
> The iOS/App Store monopoly arguments are one thing, but 10% is a monopoly now?
It goes the other direction. If you want to develop for iOS you have to get a Mac even if you don't want one.
Moreover, this behavior is objectionable regardless of market share, because a platform excluding alternative stores segregates that platform into a different market. If you're a developer whose customers use a Mac, and Apple starts operating the Mac App Store the same as the iOS one, it doesn't matter that they have 10% market share because that 10% of the PC market is 100% of your app customers and the relevant market isn't PCs, it's app distribution to a given customer base.
That argument applies to literally any product that another business wants to built their own product on. I don’t see how that doesn’t turn into every business being required to make the business model of every other business whose products are built on theirs work in perpetuity. If you make a commercial OS, are you arguing you can’t ever remove any feature in a future version if it would make another company’s product impossible to upgrade?
It's not about removing a feature, it's about keeping it there but monopolizing access to it. If the feature goes away entirely, that's fine. And then somebody else can come back and implement it themselves.
But if the company gives themselves access to that feature and not anybody else (even with the permission of the device owner), and restricts anyone else from reimplementing it, that creates a monopoly which they would then be abusing by restricting what competing app developers can do.
Security is the owner of the device controlling what runs on it. Monopoly abuse is the manufacturer of the device doing so against the will of the owner of the device.
> It goes the other direction. If you want to develop for iOS you have to get a Mac even if you don't want one.
Very annoying that you can't use an old Lisa development system like the ones Apple required for the original Macintosh.
Apple isn't just Macs. iPhone has 50% or greater market share in the USA. iPad has 65% or market share as well. Apple certainly does exploit a monopoly in various different ways. One is their monopoly on browser engines in iOS that lets them dictate web standards because if they don't implement something then the 1.5 billion iSO devices don't get it period.
You can always fashion a monopoly by adding “they have a monopoly on X on their own product” for any proprietary hardware or software vendor. If you want to argue that proprietary hardware or software shouldn’t be allowed then do that, but don’t try to tie it to monopoly. It has little to do with either the legal or economic implications usually associated with that word.
> Mac market share is less than 10% in the US, even lower in other countries
Do people on other platforms have so many security issues that Apple's measures are justified?
Windows may be better but any of us born before the 90s may still have PTSD from all the pain of troubleshooting malware infestations. 17 years ago I was the primary developer of a commercial Java web app and wanted nothing to do with support phone calls but on many I had to walk our web app users through the installation of Spybot Search & Destroy just so they could get rid of something interfering with their usage of our product!
I was traumatized a few weeks ago when my parents sent me a particularly jarring video of their Windows computer with audio playing telling them to call a number to get rid of something nefarious-sounding but quickly Googled it and realized it was a bunch of popup browser pop ups pretending to be worse than they were. I don’t run into stuff like that when using Firefox on my MacBook.
I would say no. Windows/Linux machines are generally secure.
I think it matters a lot what you consider "Secure" to mean. Most security people are focused on stopping an attacker from remotely installing and executing malicious code on your device. Huge amount of effort is dedicated by security people to adding hardware to stop buffer over runs, make memory protected, signing code and so on, to stop these types of attacks. A more locked down system like iOS/Android is at least in theory more secure then a device ruining Windows and especially Linux, that lets the user install and run what ever they want.
If you on the other hand define security as in control over your device and your data, then the Mobile devices are terrible. A lot of apps are full of "telemetry" (read spyware) that in practice makes most Mobile device leaks a huge amount of data. You have very little control over this. This is an attack vector that is mostly ignored by these companies, because they dont see it as an attack vector, but rather as a revenue stream.
I think we need regulation that any API in the OS cannot be closed and end user should be given all keys. Current situation is untenable.
People really want to believe these corporations are charitable organizations, not inhuman slow AIs optimizing for profit. The propaganda departments of these corporations really do a number on people.
I read the article and you seem to sidestep all the arguments and facts they present, instead just saying their a brainwashed by propaganda. Not as convincing an argument, sadly.
The internet is a malicious place, filled with the non-technical and uninformed.
I guess we’ll wait for you to design a better trust-based system that allows you to stop malicious software from executing on N different machines without needing N users to do anything.
Norton Antivirus will protect me
I trust in McAfee, the software is as stable as the founder
Nortan Antivirus. Download now, free 6 month trial.
It’s unfortunate that this is a response to a bulveristic comment. This really is a very important problem, indeed perhaps the most important problem in computer science today.
The real solution is a least privilege hardened operating system that limits the damage both in terms of malicious effects and data exfiltration/ surveillance. Exposing permissions to users is also a hard UI/UX problem.
Code signing and OCSP and such are band aids to cover the fact that our OSes have deeply inadequate security models. They all date back to the days when the net was far less hostile or in some cases before WANs were a common thing.
Web browsers run code from everywhere and do a decent but not perfect job of this. It’s possible.
I’d say this is only one half.
Many malicious effects involve social engineering, fraud, etc, and are not about exfiltration of files.
In that case code signing can’t do much either.
On the contrary code signing is the only current solution to this problem.
It allows fraudulent, malicious, or easily exploited code to be disabled.
How can revoking apps stop a phishing attack?
Easy: Revoke the certificate of the app doing the phishing.
To add, this is exactly what google's safe browsing is https://safebrowsing.google.com/
>If this unacceptable mess is "doing it well", perhaps the whole idea is doomed and should not be attempting to do it at all.
Well, "unacceptable mess" are your words. It's totally acceptable to me that there could be issues on a feature / launch that need to be ironed out, unless we're talking about aviation software or pacemakers.
If we deemed "unacceptable" any misstep or early issue, we wouldn't even have fire, a relatively tried and tested technology, that still has its issues...
>No. I mean really very obviously no.
The question is not an absolut one.
You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".
Not to mention they don't even do the kind of tracking the original "sky is falling" post assumed they do: https://blog.jacopo.io/en/post/apple-ocsp/
As this post says, "Now that you know the actual facts, if you think your privacy is put at risk by this feature more than having potential undetected malware running on your system, go ahead [and disable the checking via /etc/hosts]".
>It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
The author is a security specialist, not some random dude. And he made his point with technical arguments, not hand waving.
> You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".
For much of the software I use, the answer is no. I don't trust that Apple is acting in my best interests over GNU software, for example, not by a long shot. I don't even trust that I could understand if Apple is acting in my interests, because massive corporations like Apple have unparalleled resources they can use to obfuscate their intentions.
Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software, and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?
Personally I'm not anywhere near ready to accept that that's the best we can do, nor that it's something that we even should do.
>For much of the software I use, the answer is no. I don't trust that Apple is acting in my best interests over GNU software, for example, not by a long shot.
Well, this is half-thought though.
First, most people don't use any GNU software or even know what GNU is. And they can and do trust all kinds of BS that they shouldn't (that's how computers get filled with malware crap).
Second, GNU in this context means nothing. GNU is an organization and an assorted set of licenses, not a program, and a program being associated with GNU says nothing about the safety of the program or not. The programs themselves could still be maliciously polluted with malware as have happened time and again, unbeknownst to the authors of the programs and those running the repositories.
>Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software
Well, if you're against closed-source software you shouldn't be using macOS or Windows in the first place.
>and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?
The latter is a political issue, and best solved at the political level. You don't get out of a surveillance situation just by using different programs, when the whole state apparatus, sites you visit, even ISPs, etc, is used for surveillance.
Spin, spin, spin. I learned to distrust Apple's hardware after I bought my last (i)Mac. I've see no reason to think it or its software's gotten more trustworthy.
(The company that released the Apple II manual was trustworthy. That company was buried out behind the shed long ago.)
> (The company that released the Apple II manual was trustworthy. That company was buried out behind the shed long ago.)
When Woz left.
But this thing frezzes your whole computer, it happen to me while switching internet providers, I could have worked perfectly fine offline, but I've lost hours, which I'm not getting back. I don't know if there has been an apology but I would like to see one.
Edit: By saying this I'm not endorsing OP exact words, but the failure is not a minor, besides hours of work lost, it was a major stress, as I though I would have to take the computer to repair, or replace it, and I can still manage, but many people can't afford it right now.
The author is a security specialist
In other words, an authoritarian corporate shill, just like the vast majority of others in the "security industry" whom I've had the displeasure of meeting.
> You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".
But it isn't that. That would be the argument for choosing to install apps through Apple's store, not for Apple preventing you from choosing to install apps through a competing store.
Because then it's not Apple vs. literally every random shady garbage app, it's Apple vs. some specific alternative store that you might very well trust more than Apple to be acting in your interest, e.g. F-Droid.
Apple has been leaking OCSP app launch data in cleartext for two years. This isn’t a Big Sur release glitch.
Your tone here does not seem proportionally appropriate to the level of discourse this article is attempting.
The fact of the matter is that computers offer myriad ways to compromise your life and behave maliciously, and avoiding that is a tall challenge for any company. Apple is trying it their way, and you can try it yours. But to call it Stockholm Syndrome is an unfortunate take on these efforts.
I see little to nothing in the way of discourse. Much like HN over the past few days, it's mostly a hand waving away of the reality that has always existed beneath the exterior. What doesn't help is that it's the nature of humans to fervently defend the ecosystem they've invested in.
We at HN like to hold ourselves apart from other communities, but is merely an echo chamber for what gp refers to.
Alright, let's not call it Stockholm syndrome. A "collective hypocrisy" would be more appropriate.
> Alright, let's not call it Stockholm syndrome. A "collective hypocrisy" would be more appropriate.
Apple is so awesome, they have already come up with the perfect phrase you can use to describe them. It's "Reality distortion field".
>Your tone here does not seem proportionally appropriate to the level of discourse this article is attempting.
You mean this level of discourse?
>The privacy squad mobilised on this one - in fact, one blog post recieved a lot of attention for decrying such systems with the dogwhistle "you no longer own your computer!"
Can you explain why? You've offered assertions but haven't explained why you feel that way.
It’s a form of bulverism: https://en.wikipedia.org/wiki/Bulverism
I don't follow... what did you want me to explain and what assertions are you referring to. If you mean, the assertion that Apple users are suffering Stockholm Syndrome is an inappropriate discourse, I'm not sure how to better explain that.
Maybe you could start by why you think it's inappropriate?
Because it's a "mass psychology" BS explanation based on the premise of "others are misguided/idiots/sheep/Stockholmed and I know the truth/true freedom" - as opposed to a good faith argument, understaning that it's an ideological preference and that others (including people with 10 times the degrees, career experience, computer science knowledge of the author, can think otherwise).
If that very basic thing needs to be spelt out, I'm not sure how any discussion is possible...
Perhaps we should think about this from a utilitarian perspective. There are obvious security advantages to app signing. But there are also negative implications for privacy and availability. Given tens of millions of non-technical users, is app signing likely to result in more good than bad, taking into account the fact that it can be turned off? I don’t know the answer, but I’m pretty sure those who relentlessly focus on the possible downsides don’t know either.
(Pretending to be able to see into the minds and motivations of people you don’t know is rarely helpful. You have no grounds to attribute users’ behavior and opinions to Stockholm Syndrome, and it doesn’t apply anyway: no one is held hostage or abused in this scenario)
The key is in understanding that the trade off is an illusion. App signing is de facto blacklisting. Anyone can get an app signed but Apple maintains a naughty list. It's just anti-virus by another name.
But you don't need signed apps for that, only hashes. And you don't have to phone home for that, only download the latest naughty list whenever it changes so you can check against it locally.
> There are obvious security advantages to app signing. But there are also negative implications for privacy and availability.
App signing exists elsewhere without sacrificing privacy. Most Linux packages, for example, are signed with GPG keys. The difference is that Linux only cares about installing trusted packages. It doesn't care about applications that are already installed after verification. Apple insists on having the ability to revoke something that's already installed. There are two issues here:
1. Is it reasonable to revoke permissions for an installed package? It could be argued that it will help stop malicious apps that were discovered after they were distributed. However, it could equally as well be that Apple wants more control over devices and hold developers to ransom. Their recent treatment of developers indicate that this concern is not at all misplaced. The least Apple could do is warn the user about a revoked certificate and ask if they still want to proceed (like how browsers do in the same scenario). However, it just refuses outright.
2. Apple chose a very bad method to implement online certificate revocation. OCSP is meant for server certificate validation. OCSP stapling is preferred over plain OCSP due to privacy concerns. Stapling cannot be used in this context. This method unfortunately ruins privacy and spill user information everywhere. They could have chosen some other more private method, like an updatable CRL.
> I’m pretty sure those who relentlessly focus on the possible downsides don’t know either.
As I said, there are more private ways to push revocation status. Apple always claimed that the device lockdown was to ensure privacy. This oversight shows how hollow that claim is.
Important part to notice is the false dichotomy of freedom vs security. The argument that negligent users will screw up if given freedom. This is wrong for two reasons:
1. Defaults vs restrictions: Keep the defaults secure and slightly hard to modify for normal users. But don't restrict those who need alternatives.
2. Security can be achieved without locking everything down and remote controlling it. See web browsers for example. We run JS from all insecure sources, but cannot access sensitive resources (like camera, file access etc) without users' permission. The same can be achieved on OS with sandboxing, microkernels etc.
> no one is held hostage or abused in this scenario
Abuse is not always apparent to the abused. User rights are gradually eroded away in the name of security, giving users enough time to get accustomed to it. There may be escape hatches now, but they are slowly getting closed. For example, we considered PCs that don't allow us to install another OS as abusive. However, we don't hold mobile devices to the same standard. Unfortunately, this normalization of abuse doesn't just affect those who accept it. The rest of us are left without a choice. That criticism is definitely valid.
> Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?
I get what you're saying, but (as an Apple fanboy) I have to point out that Apple's incentives are to act in your, the customer's, interests since that is what they are selling now. They are differentiating themselves from the Googles by taking user privacy seriously.
If they act against that they lose their key advantage.
Trust but verify perhaps?
Apple is incentivized to push you towards their services—to make installing from the App Store easier than sideloading, and to make first party services more useful than third party services. Those are not my interests.
I say this not to ascribe malicious intent—I do not think Apple implemented OCSP to push people towards the App Store. But incentives are funny things, and can cause people and organizations to rationalize all sorts of decisions, and conveniently ignore some side effects and not others.
I live in a world where those incentives have created a platform where I can buy decent hardware to run the kinds of applications that aren’t available on the preferred platforms. Want a laptop that can last all day, edit 4K, and be operated as an appliance, not a passion project? You’ve got Windows and Apple. I have run Linux forever, from day one, and while it can run the services we need for the whole internet, it’s not desktop viable in the ways Windows and Linux are.
In this argument, I’m not sure that level of product development can be dismissed. I wish Apple had implemented this better, I just bought a Windows machine so I wasn’t dependent on one platform, I’m trying to move towards Linux again (to be aligned with my own values), but the engineering this community wants, and the readiness of the platform & product we can buy any day of the week at Best Buy ... doesn’t exist.
So I, personally incentivized to give Apple a bit of a pass on this one, and hope they iterate this solution in the right direction, and definitely hope they don’t turn the Mac App Store into the iOS App Store.
It's not in my interest to have Apple censors control what web browser I run on my phone or what games I can play on my phone.
This is irrelevant to the topic at hand.
You aren’t their customer.
I’m an Apple customer and their interests don’t always line up with mine.
By ‘customer’ I mean target customer in a marketing sense.
In this sense, you are not their customer.
I am not either.
> They are differentiating themselves from the Googles by taking user privacy seriously.
Then please explain how that is consistent with Apple setting Google as default search engine in Safari ( https://www.theverge.com/2020/7/1/21310591/apple-google-sear... ).
As always, Apple only aims for environmentally-friendly actions and privacy as long as they profit from it and it makes a good news article. But then they ignore privacy when you're not looking, and making it unnecessarily hard to repair your devices.
I do trust apple over a hundred different developers with random practices.
I found out not long ago that a tool I was using had no hygiene practices at all - they grabbed random versions of things they packaged up, had no meaningful audit trail at all, no means to notify (or even awareness that this might be a consideration) essentially no meaningful code review and so on. I noted this because I was investigating a bug for the project and gradually the reality became clear.
At the very least, Apple is one step above mayhem and negligence.
McDonald's food never makes me sick. One time I went to a different restaurant, and I found out that they had no hygiene practices at all. At least McDonald's is one step above mayhem, and it therefore is where I eat all my dinners.
That's the wrong analogy. The right analogy is Apple is acting as a restaurant inspector. They may miss a lot, but they accomplish _something_.
> Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?
Even without perverse incentives, why would another agent in your environment have any reason to go out of their way to have your best interest at heart?
> Neither Microsoft
I see more nuance here. I don't trust the Apple/MS licensing / code signing teams, but I do trust the MS defender team to do much better job. They're not directly connected to a source of profit.
Whether something is or isn't acceptable is completely separate from whether it is done well.
Guns can be well engineered, but that does in no way answer whether it is or isn't acceptable to own one.
Where does the author belittle those who prefer a different answer?
By posing false dichotomies: "do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?"
It's perfectly reasonable to believe that Apple is acting in Apple's best interest without attributing malevolence.
By downplaying rational arguments: "I think the privacy arguments are far-fetched (because others are worse)"
By using loaded terms: "Dogwhistles
The privacy squad mobilised"
Presenting strawmen: "if I have the code, build the code, nothing can hide in the code. This is a fallacy that people buy in to thanks to effective marketing "
Lying by omission: "It's not feasible for an individual to maintain the list of trustworthy or untrustworthy parties that Apple does."
It's perfectly feasible for a group of individuals. I'll take any group distro maintainers over Apple's word.
He really doesn't just sound like an Apple apologist; he is one.
Fair points, I should have re-read it after seeing the GP’s comment.
You’re exaggerating, and then falling into the same traps you are accusing him of.
A lot to people are claiming Apple is a malevolent entity. In context, it is reasonable for him to rebut that.
I agree with you about his use of loaded terms, and the dismissiveness.
The straw man you cite isn’t a straw man. It is a solid argument. https://www.bunniestudios.com/blog/?p=5706
The lie of omission you assert isn’t a lie.
No group of distro maintainers has solved the problem Apple is solving. The author used the word ‘feasible’. This is currently true, but doesn’t need to remain so. The fact that you are technically literate enough to know about distro maintainers, and trust them does not mean it is feasible for everyone to do so.
“He really doesn’t just sound like an Apple apologist; he is one.”
If that isn’t a loaded term, I don’t know what is.
> A lot to people are claiming Apple is a malevolent entity. In context, it is reasonable for him to rebut that.
The exclusive "or" in "do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?" still makes it a false dichotomy.
> The straw man you cite isn’t a straw man. It is a solid argument.
"if I have the code, build the code, nothing can hide in the code.":
is not something someone knowledgeable would ever claim, only that having the code and building the code will be at least as safe or safer than not having the code at all. Presenting it as "nothing can hide in the code" and then attacking that is, in my opinion, a strawman argument.
> The author used the word ‘feasible’.
And he is correct in that. No single individual can maintain the software integrity of an entire operating system, but a group of people can do so. The omission here is that that group of people need not be Apple.
The argument here is that without Apple taking control of the user's software the user would fall prey to the privacy violating practices of the likes of Google and Microsoft, which is not true. Hence the "lie by omission".
> If that isn’t a loaded term, I don’t know what is.
The term is from the article: "While I'm going to sound like an Apple apologist,"
He claims he is not X, but has given no argument why he shouldn't be considered X and has presented a lot of arguments on why he should be considered X.
He has presented no reason to assume he is not a devoted Apple user, or in his words, an "Apple apologist".
In short, I'm not sure I'm exaggerating, but that I'm willing to disagree on.
Many invalid points, and straw men in your comment. Here are the more important ones:
“The argument here is that without Apple taking control of the user's software the user would fall prey to the privacy violating practices of the likes of Google and Microsoft, which is not true. Hence the "lie by omission".”
You say it’s ‘not true’. I think it’s quite likely to be true.
But more importantly - it’s an argument. Not a fact. You just happen to disagree with him. It’s not a lie of omission to simply come to a different conclusion.
He hasn’t presented any argument why he should be considered an apologist. You are arguing that he is an apologist. That is both ad hominem, and a loaded term, and it’s you who is using it.
> He hasn’t presented any argument why he should be considered an apologist.
He _literally_ did, himself, in the article he wrote:
"I think the privacy arguments are far-fetched"
and actually acknowledging it verbatim:
"While I'm going to sound like an Apple apologist,"
as in "people who say this are Apple apologists, but I'm only like one if I state it."
> Many invalid points, and straw men in your comment.
Of course.
I see you concede that there was no lie of omission.
You just disagree with him, but are engaging in ad hominem rather than engaging with his points.
Further, GP is outright belittling those that disagree with them with the Stockholm syndrome comment.
I conclude the opposite:
Yes. I mean really very obviously yes.
And Microsoft. And Google.
I assume they're acting in my interests because they have clear incentives to increase their profits by giving me useful helpful products that I'll buy.
That's the entire premise of competition and the free market. The invisible hand gives consumers what they want. If, as a company, you don't, then you go out of business.
If this were a communist country where the Party performed validation checks? With no choice between products? Then no.
But in a competitive free market? Absolutely. In fact I'm relying on their motive to increase profits in order to trust that they'll act responsibly. What can you trust more than someone else's self-interest, at the end of the day?
Tobacco.
Comcast.
The problem with the argument given is that it basically gives up to Apple because it thinks that the situation that Apple provides is the best default experience for the majority of users. It probably is, but the problem is that 1. Apple doesn’t really explain any of this stuff anywhere so a technical user may read about it and make an informed decision nor 2. do they really provide a way to alter the process to use someone who isn’t Apple: just because they are a good default shouldn’t mean they should be the only provider that your computer will ever trust. And I think 3. is anger that a system Apple put in place failed in an entirely foreseeable fashion and essentially knocked a bunch of people’s livelihoods offline without warning or explanation and people are sick and tired of their things breaking for opaque “security” reasons.
I agree with 1 and 3 completely.
I think 2 is much more complicated and the solution is not obvious, but it’s still a very valid issue, indeed I would say it is the most important issue in the industry today.
However much of what I saw in the comments was none of these.
Most of it was intended to dishonesty brand Apple a ‘spyware’ company, or to brand anyone who uses Apple hardware or software as a participant in some great evil.
Neither of these are intellectually honest paths.
That may be true. But Apple themselves started us down the path of zero trust. This is what I was promised - https://www.youtube.com/watch?v=BZmeZyDGkQ0
This isn't what Apple is doing. If we're to take Apple's words that the govt agencies aren't 100% trustable just because they have a trustable setup today, why should we trust Apple just because they seem to be the good guys today?
Whether this is what they are doing or not, is a very good argument.
For example, not end to end encrypting iCloud backups is a major problem, especially if it is at the FBI’s request.
However, this has nothing to do with the certificate server outage.
Trust is not binary, and no matter what harmful things Apple does, nothing they do justifies intellectual dishonesty and lies from their critics.
If we want to critique them, let’s critique them for the things they are actually doing, and compare them to real alternatives or technical solutions.
> there are a lot of folks reasonably asking if they can trust Apple to be in the loop of deciding what apps should or should not run on their Macs. My argument is - who better than Apple?
... The user?
I was really torn on whether to up or downvote here...
On the one hand, no. Probably, statistically, apple will know better.
On the other hand, despite the above, if you want to call apple devices "owned" (vs "leased") then yes, the user must be the ultimate decision maker. They might want to delegate these things to apple (or someone else for that matter) most of the time. But they must have the possibility to simply run what they want.
I think we're seeing the "HN crowd" be so frustrated about this because it is a pretty transparently anti freedom thing to do, and HN folks do love themselves some freedom.
This owned vs leased analogy is not a valid one.
The user is the ultimate decision maker - the user gets to decide whether they want MacOS or not.
The only people talking about constraining this freedom are the ones asking for the government to regulate software distribution.
What you are asking for is for Apple to make a design change to their software to support your use case.
That is a very reasonable thing to want, and to reject Apple for not providing, but it has nothing to do with some ideology of what it means to ‘own’ something.
My car has software problems I don’t like - the digital speedometer only reads kph, whereas I live in a place where mph is standard. There is no facility for changing the software.
Obviously I still own the car.
> Obviously I still own the car.
Do you still own the car if it'll just turn off the engines when attempt to drive into a sketchy neighbourhood?
Let's assume the car manufacturer knows the city/town's crime rates well and they have your best intentions in mind. They want you to be safe.
Do you still own the car?
If I bought a car knowing that is how it worked, then of course I do.
Note: I agree that scenario isn’t desirable. However there is no slippery slope.
Unfortunately, there kinda is.
This is what Tim Cook said about govt agencies wanting a backdoor - https://www.youtube.com/watch?v=BZmeZyDGkQ0 - right around 4:25.
When I buy an Apple product, this is part of what I think Apple does to protect their customers' privacy - No matter what, not even if the govt says so.
Now suddenly, we're back to talking about whether we can trust Apple after they expressly told us not to trust ANYONE including Apple and why that was such a good thing.
Don't forget that Apple is a multinational megacorp, and is user centric only when it suits them. Consider Tim Cook speaking at the conference used by the Chinese government to promote internet regulation, saying that the vision of the conference is one that Apple shares, and also the handing over of user data and encryption keys to Chinese servers (encrypted, but still out of their control).
What has this got to do with a certificate revocation server performing poorly?
Well, nothing other than certificate revocation server performing poorly has got to do anything with certificate revocation server performing poorly per se. None of your comments or mine for that matter. What is your point?
We're discussing the implications of it. You're welcome to not if you think it's irrelevant.
I’m asking you how it is relevant. You seem to be avoiding giving an explanation. Is that because there isn’t a real connection?
For me, the slippery slope is exactly allowing this sort of transaction to be called "buying".
And yeah, when people lost access to their zune music, or their steam stuff, they did get upset.
Mind you, I would not outlaw the transaction. But calling it a "sale" is false advertising in my book.
I own my Mac. I can do anything I want with it.
How is that not ‘buying’?
> I can do anything I want with it.
Except run software when the server gets a little smokey.
I can’t make pizza with it either. It doesn’t mean I don’t own it.
The problem isn't that they make decisions about what the device can and can't do before the moment of purchase. As you correctly pointed out in another comment they made the implicit choice to not ship it with the ability to make pizzas and everybody thinks that's fine.
The problem is that they (have the ability to) continue to make those decisions afterwards. You could have "known" an iPhone could run Fortnite at the moment you bought it and then after you received it in the mail discovered that they had decided you were no longer allowed to do that.
You could then say "well I bought it knowing they had the ability to change anything at any time" but I'm not sure I agree that you can give informed consent to a blank check.
It’s pretty easy to conclude that Apple will remove software the deliberately breaches their terms of service.
Epic knew it, and the chose to breach the terms of service on purpose to cause this effect. Epic intentionally triggered a contract term that they knew would result in their software being removed from their customer’s devices.
They were given an opportunity by both Apple and the court to restore their software to compliance and still get to continue the lawsuit.
This is 100% Epic’s responsibility.
They could have sued Apple without deliberately breaching the contract, but they chose to make their customers into pawns in their legal strategy.
I don't support what Epic did but whether or not it was justified is irrelevant here. A modification was made to the functionality of your device after the moment of purchase, that remains true regardless. And you could not have foreseen that specific modification to your device unless you worked at Epic and had internal knowledge of their plans.
You effectively need to know what every company in the world is doing to have any real idea what your device is going to be able to do tomorrow. Under those conditions I don't think you can say you were informed when you purchased it.
Your standard can never be met. Even if no changes were made after the sale, no human can fully predict the behavior of even an open source modern operating system, let alone a closed source one.
But I disagree that people weren’t informed. It is common knowledge and widely advertised that Apple issues software updates, and it is widely known that Apple enforces its store rules.
The information about what changes could be made and by whom was readily available to purchasers.
You shouldn't downvote things you disagree with. This place would be a lot more interesting if less people did that.
Well I said I was torn. I opted to up+comment in the end. :)
Also, I think while we're exchanging meaningless and besides-the-point platitudes: "fewer people" ;)
So, if they started leasing their hardware to users, it would be fine?
I can see the argument, but at the same time, if they really did, I’m not sure I would agree.
I also am not sure that’s completely theoretical. Apple (almost?) has the money to do so (yearly revenues about $260 billion, cash reserves about $190 billion), and I think ‘the world’ is getting used to not owning stuff more and more. Many users already pay per month for their phones, anyways.
Personally I'd be very much more fine with them honestly stating: you get a compute resource, don't expect to control it, pay a monthly fee.
Would I sign up for that? Certainly not. But if that sounds unattractive, then they should just accept that when you sell something and the buyer owns it, you don't control over anymore.
I keep pushing this distinction in DRM contexts, too. It's kinda my personal soapbox. :)
The issue I have with this, is that anyone who is technical enough to install an operating system from source, must necessarily have an understanding what hardware they will be able to install it on. I’m curious if you have ever done this.
No such person would have any illusion about what Mac hardware they could use.
Everyone else, reasonably expects Apple to take care of the OS for them. Indeed that is arguably the selling point and key differentiator of the Mac.
Nobody is misled.
See elsewhere where I respond to the distinction you are making about ownership: https://news.ycombinator.com/item?id=25093873
It's not about freedom it's about the fact that those computers cost thousands of dollars and every year Apple wants more and more control after I already gave them a huge wad of money. I am not upgrading to Big Sur, I didn't upgrade to Catalina either, but not upgrading creates its own complications in the long term.
I don't think the price was anything to do with it, we would be having the same discussions if it was Microsoft instead of Apple.
> ... The user?
As someone who works in IT: not for most users. Certainly not for any of my relatives, as successful/smart as they may be in other fields.
Certainly have manual overrides for Alpha Geeks (to use O'Reilly's term), but even if a person is on the right-hand side of the Bell curve generally, that doesn't necessarily mean they can make informed software decisions specifically.
I'm fine with automatic seatbelts as long as there's a Terminal.app command I can run to disable them on an as-needed basis.
Then the fake tech support call center scammers just add having the user enter that command to their script. This is why 1TR became a thing, I imagine.
How many users would have the ability to do something about this: https://www.theverge.com/2019/7/10/20689644/apple-zoom-web-s...
yes, because at least the user is trying to act in their own best interest, even if they fail
Anyone who has programmed or developed anything....knows that the end user can never be trusted.
I have programmed and developed things. I am also a user.
I want to run the apps I want to run, thank you very much. No one else should have any say in that. It's my computer.
Likewise, I am a developer, a user, and I have fond memories of the old days of 2003 when I could download and run whatever I wanted on my Mac without any fear or security concerns.
Unfortunately, that world is no longer the one we live in.
One of the things I’ve learned about software security is the need to minimise the attack surface of your systems — don’t keep a database running on your web server unless you actually need it, don’t keep ports open unless they’re important, don’t install packages or dependencies you can do without — because everything has the potential for a zero-day exploit. Likewise for my own productive output: the only code guaranteed to be bug free is the absence of code.
For any computer not attached to the public internet, I agree that you should be free to run whatever you want. For anything networked? That’s anarchy, and although I would like the freedom of anarchy I experienced in 2003, unfortunately I don’t like the consequences of everyone else having the freedoms of anarchy in 2020.
I don’t have any fun, easy, side-effect free, solutions.
So many serious, power user-ish Mac users will just put up with SO much. That’s it.
Don’t buy a Mac.
That alone isn't a justification to take away the user's rights and responsibilities. Let people make mistakes, they'll learn from it.
If they want to make painful mistakes and learn from them, they can buy a Linux box.
If they don’t, they can buy a Mac.
Don’t force them to choose an unsafe tool when they don’t want to.
Should we also get rid of photoshop because users could lack practice drawing and feel frustrated while trying to improve? After all they could just google a couple nice images and be done with it.
We learn from mistakes, not from success.
A mistake in securing your personal data and ending up the victim of fraud or blackmail is very different from a mistake learning to draw.
But, more importantly - people use photoshop because they want to edit images.
Most people do not buy computers because they want to learn how to defeat cyberattacks.
You know what some users learn after dealing with insecure systems? They learn to buy a Mac.
Mistakes in the modern world can have devastating consequences. It’s not as simple as your computer freezing up and becoming part of a bot net. Your files will be stolen, your accounts hacked, you will lose money. Most users would gladly take protection from that as opposed to “learning” by making mistakes (getting infected).
Users will never have the vast operational knowledge that most organizations do, and are generally very unsophisticated.
This is why there is no 'File Access' API in the browser, because it'd be like giving guns to teenagers, even with 'safety training' it would get out of hand.
So the issue then becomes one of 'power' as much as 'knowledge' of security, and of course all the peripherial abuse surrounding the 'security rules' that have nothing to do with security.
Involving 3rd parties, giving proper security notifications but still letting users have the final say etc. etc. there are definitely middle paths and reasonable choices we coudl make.
But there's just too much money on the table for the powers that be to look the other way, they will continue to infringe until they are stopped.
I agree that app signing is good, but I disagree that we have to give in and accept the potential risks of fully trusting Apple. I think there is a practical middle way that protects non-technical users without usurping their privacy, and also a way to give same extra control to power users. I think it's fairly straightforward:
- instead of OCSP use CRLs or a better technique that allows MacOS to verify locally if a certificate is valid. This would preserve user privacy and wouldn't risk slowing down the user's computer in case things go wrong. It would also introduce slightly bigger risk because of the increase in the validity window, but I think that's a price worth paying. Regarding the size of the CRL's, there should be some cryptographic techniques like accumulators, bloom filters etc. that could improve the size.
- allow power users to add separate trust anchors in cases where they deem appropriate. The same way you go to Control Center to allow an app that was downloaded from the Internet to run, you could also be allowed to add another certificate from a developer you trust.
I think these 2 improvements could go a long way in restoring goodwill for Apple.
It all comes down to configuration/choice. Its not bad to have OSCP to improve security, but there should be a simple way to turn it off (without those /etc/hosts or similar hacks).
But I don't want to turn it off. I want to benefit from checking the revocation list without sending my data to Apple on every app start, even if I am vulnerable for a few hours, until my computer syncs the revocation list. I want a middle way, not an ON or OFF button.
As this article here: https://blog.jacopo.io/en/post/apple-ocsp/ showcases, Apple doesn't send "my data" on every app start.
It sends a hash of the certificate in use to Apple, which happens to be an Apple certificate that is used to sign many applications running on your system.
None of your data is being sent to Apple.
Mapping developer certificates to apps is trivial. If you’re launching a Guardian Project app, for example, it’s almost certainly Tor.
Given the presence of the NSA and their ability to send NSLs or FISA warrants, this information should not be hitting the Apple network. A CRL would have been a perfectly acceptable solution.
Even the fact that I opened an app is my data.
Responses were cached for 5 minutes.[1] That's effectively checking every time.
So it’s slightly less worse than sending the hash of the app. Still very bad. And as I said previously, depending on a network call to start any app is not ideal.
The article goes over the horrors of X.509, pulls the typical open source cliche that I actually don't see anybody spreading around, contrary to the article's claim, then argues that the privacy part is fine so long as there is a third-party audit. If the best thing the security community can do is install a global mass surveillance network of devices that come at every expense of users' computing freedoms, then I think these guys need to go back to the drawing board.
It's not even that. This is a distraction from the real issue which is this technology exists not to improve the security posture but to enforce market control.
So go back a few weeks and you buy a copy of Fortnite, Apple and Epic lock horns on a dispute and they revoke Epic's certificate. Next thing you get a shiny new M1 equipped Mac and go to install it and it's gone from the app store. Slightly deflated, you go back to your Mac and copy the files off it onto your new one, thinking you circumvented this slyly, it does an OCSP check and refuses to run the binary. Eventually the OCSP check will be done, probably after an OS upgrade on your old Mac and that's gone too. So you're deprived of something you paid for and have no control over the hardware you paid for.
This is an example of what could happen.
If it improved security posture the signing infrastructure wouldn't be used to sign any old shit from millions of developers doing all sorts of nefarious things that Apple didn't pick up during the review process...
Edit: this has already been demonstrated if you refer to the Flappy Bird mess a few years back.
Yes, thanks for the reply. I was giving the author the benefit of the doubt, but their arguments just have no solid grounds. And like you said, this is about market control, not security, the latter just being a distraction.
Another thing in line with what you mentioned is the ability for the company to squash competition. Not only do they have the last word to veto programs from running, they also get a global view of what everyone is running that nobody else has. This kind of information has been abused by Amazon to drive out competition in favour of their own "Amazon essentials" products, for example.
Yeah, if looked at in the larger context of them booting iOS apps from the app store that don't pay the 30% Apple tax for any in app payment - it's clear where they're going. It's just a boil the frog slowly strategy of making every major OS update more restrictive and trying to placate (with amazing hardware) those who complain.
Personally I drew the line at Catalina, and I think an order of magnitude more will draw the line at Big Sur.
It’s about security:
https://www.zdnet.com/article/apple-update-kills-off-zoom-we...
As for Epic. They lied about the content of the software they uploaded to the store, and knowingly breached a contract they had signed. If that isn’t fraud, I don’t know what is.
They could have sued Apple without the fraud. The certificate revocation was only about the fraudulent software update.
Yes Epic are bastards too. And Zoom. In fact these days it's wall to wall bastards.
But the end user doesn't care. They bought something and they want to keep it and use it. And that's where the buck stops.
> these days it's wall to wall bastards.
Sometimes I really wish I owned a T-shirt printing business. Thanks!
Agreed, and furthermore the article calls the privacy arguments "far-fetched" and "dogwhistles", while only tackling a strawman version of the other side's view. The article doesn't for instance investigate the fact that the OCSP requests go over port 80 (i.e. unencrypted HTTP), or discuss the reliability issues that come into play when everyone's computers depend on a single service to have 100% uptime.
Finally, I think the writer should be more careful with their use of the term "dogwhistle". It's a politically-loaded term that isn't used correctly in this piece.
>It comes down to an argument of trust - do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?
No, that's a completely false dichotomy. These are not alternatives at all. I can absolutely trust Apple to act in my best interests in some regards while distrusting them in others.
I do trust Apple to make a good effort to keep malware off my device, a better effort than I could ever hope to make myself. I do trust them not to spy on me to target ads.
But I also know that Apple has a business interest in keeping software off my device that is not malware. I don't trust them to act in my best interest where it conflicts with their best interest.
I also know that their interest in tightly controlling what software goes on my devices creates an opening for authoritarian governments to take control. If and and when end-to-end encryption gets banned, who decides whether or not I can still use Signal? Is it going to be me or is it going to be Apple?
This is definitely not a simple question of trusting Apple or not trusting Apple.
"I always advocate against opt-outs for security features like this"
The author conveniently overlooks the fact that customers pay literally thousands of dollars for Apple computers. We're not talking about a free online service here. This is why "you no longer own your computer" has so much traction. Shouldn't we own the devices that we buy?
The tech companies are trying to destroy the very concept of product ownership, and consumers ought to fight to the end over this. It's why "right to repair" is so important too.
I pay extra money for Apple computers is specifically due to these security controls.
I spent decades building and running my own computers and I’m not interested in doing so anymore. I own the device that I buy, I knew how to turn off these controls and didn’t bother during the outage, and I generally refuse to do so. In return, I don’t have to deal with all the weaknesses of the liberated computing approach that you frame as the only optimal outcome.
Apple’s restrictions liberate me from having to spend time on fully-liberated computing. I’m glad liberated computing exists, but the idealistic view that all computing should be that way is harmful to my life’s priorities.
> Apple’s restrictions liberate me from having to spend time on fully-liberated computing.
This seems to conflate restrictions with defaults.
It's reasonable for Apple to configure Macs to be safe "out of the box". But it's not clear why it helps you to prevent other Mac users from changing the defaults.
If you are someone who wants and understands how to use a machine with disabled security features, it obviously doesn’t help to have the defaults be unchangable.
For everyone else, it is a very important safeguard against social engineering attacks.
You’re right, “Apple’s out-of-the-box restrictions” is a better phrasing.
I don’t understand your final sentence about “prevent”, and it doesn’t seem to be connected to anything I said. I apologize but as a result I can’t consider or reply to it as stated.
How would that be better than all the freedom but with good default settings? You're not forced to tinker with all controls, and if you don't agree with a default you can actually do something about it instead of saying "well, that multi-billion dollar company probably knows better what I need".
What settings are you unable to tinker with in macOS Big Sur?
Are we discussing generic theoreticals or are there actually specific settings you think you don’t have the freedom to modify?
I haven’t seen anyone say “I can’t modify this setting on Big Sur” and have that inability remain unsolved for more than an hour, yet there’s a huge ruckus about lost freedoms, so I’d love to understand where the rubber meets the road here.
How about this whole thread's topic? Can you just turn off OCSP so the Mac doesn't ask Apple servers before running any executable? And I don't mean turning off wifi.
Sure, add it to /etc/hosts, ds flush, done. Everyone knew that half an hour into the event, thanks to lap’s tweet, and some knew it years prior to the outage, too.
Or if the loss of Mac App Store access that results bothers you, write a simple http filter proxy that only rejects gatekeeper OCSP and place it into your Network preferences Proxy section.
macOS won’t stop you. This is all basic decades-old Linux admin knowledge, and the only Mac-specific command is know how to flush the DNS resolver cache without rebooting. I am not yet persuaded of your argument.
What other specific instances do you know of where you think macOS won’t let you do something to your own device?
“You no longer own your computer” has no traction outside of ideology.
There are a few people who bring it up, and then use manipulative rhetoric:
“Shouldn’t we own the devices we buy?”
Of course, who would disagree with that! But this is manipulative because you are affirming the consequent. I.e. leading the reader into accepting the conclusion that you don’t own your computer.
“The tech companies are trying to destroy the very concept of product ownership”
This is an ideological claim with no factual basis, there are no memos or recordings supporting that anyone is trying to do this. It’s just you claiming to know the plans of ‘the tech companies’.
It could just be that Apple is trying to stop malware. Perhaps not a secret plot! Maybe there is no conspiracy!
It’s also a laughable exaggeration, as well as black and white thinking . Do you own your house? Presumably not since there are many legal restrictions on what you can do with it. Do you own your car? Presumably not, since you can’t install your own software on its computers. Do you own your toaster oven? Presumably not since you can not reprogram the microcontrollers.
Perhaps the conspiracy is deeper than I realized!
“Consumers ought to fight to the end over this”
More manipulative language. Frame things in terms of a fight between corporations and consumers, and a ‘fight to the end’.
Are you a ‘consumer’?
But more importantly, what is ‘this’? It seems like you are asking to fight over the belief that ‘Tech companies are trying to destroy the concept of product ownership’. I.e. divide people and exhort them to fight over an ideological claim you are making about intentions that you haven’t substantiated.
How about examining some of the technical issues instead of ideological rhetoric?
Here’s one: If the security features can be disabled, how can I trust a Mac I haven’t maintained custody of the whole time?
Here’s another: If people don’t want their computer software to come from Apple, they can buy something else. What is wrong with that?
I have to assume you neither own nor lease any Apple devices. Why are you trying to control what other people do?
> How about examining some of the technical issues instead of ideological rhetoric?
Way ahead of you: https://news.ycombinator.com/item?id=25074959 https://news.ycombinator.com/item?id=25076588
> I have to assume you neither own nor lease any Apple devices.
This was a ludicrously bad assumption.
It was also a tongue in cheek assumption.
However the question I have is given your views, why?
> However the question I have is given your views, why?
I came to the Mac almost 20 years ago. It was very different back then. The first decade of Mac OS X was brilliant. I felt it was the best consumer OS ever made. It was also a fairly "open" system: Mac UI on top, UNIX underneath.
The second decade of Mac OS X (now macOS), has been a disaster IMO. It just keeps getting worse and worse. All of the restrictions we see now were added in the past 8 years or so.
In short, I was already fully committed to the Mac before it started to get locked down, but I'm becoming increasingly uncomfortable with it as time goes on. There's not a great alternative, however.
It was only like that in the first ten years because it wasn't common enough to become a malware target.
There's not a great alternative, however.
I don’t think waging ideological war on Apple is doing anything to help us get one, especially not if you dismiss the real security benefits of their approach as part of some conspiracy to undermine the concept of ownership.
What would help is some analysis of how technically to achieve both security and openness. Nobody has achieved this yet.
Apple’s security strategy does place them as a trusted party in the system. I don’t see them changing this any time soon, since it’s an unsolved research problem, and they need to keep shipping.
I am curious what a system with no centrally trusted authority would actually look like.
> It comes down to an argument of trust - do you trust Apple is acting in your best interests
Stallman had a lot to say about this[1] over a decade ago.
This is exactly my point of view on this. I've seen people complain about Apple on HN about this in all the other posts, but to be fair, this is actually a really good thing.
It protects users, and it works well 99.9% of the time (actually, I am not aware of a previous outage of this system). So, why bother? It's been like this for a while, it is actually very useful to the vast majority of users, and Apple being Apple, even if they collected data, it wouldn't be up for sale like it would on a Google machine.
All the people saying they need to look for alternatives now that they found out that Apple is sending information about applications to its servers will need to think about this post. It's not like Apple is doing this to track users.
Besides the privacy implications, 99.9% means per definition that it does not work for 8.77 hours per year. This is way too much. It is my computer and it should just work how it is meant to be without any external dependencies.
Computers haven’t worked well without external dependencies in a very long time. How long can you perform useful work without DNS?
Extraordinary amounts of work are done without DNS. And even if it weren't, this is nothing like DNS because you can choose your own DNS servers and most people have a primary and a fallback.
Where can I set trustd to use a different OCSP server? What is Apple's recommended secondary OCSP server?
This is a more important point than those of us talking about working offline.
A single point of failure, whether local or remote is an unfortunate design decision.
> How long can you perform useful work without DNS?
Month's on end. Is this a serious question?
> How long can you perform useful work without DNS?
Is this a serious question? My entire dev toolchain works without internet...
Without DNS a lot of my workflows would stop workong since they include various machines/services which all communicate though hostnames/URLs rather than IP addresses, yet almost all are local to my network. So for me this is a valid question.
Could you switch DNS providers if one fails? Could you have a fallback?
What's the parallel here?
The original statement I was objecting to was this:
> It is my computer and it should just work how it is meant to be without any external dependencies.
DNS is an external dependency, regardless of the level of redundancy.
Yes. Verbatim that's what it says. But I think we can safely assume from context that the author meant external dependencies mandated by Apple.
Is this even serious question?
You really think I need DNS to edit my photos, videos, write some music, compile / build my products etc. etc ? And if needed for many things I can use my own DNS services. To post my freshly built product I do not need Apple's DNS. Can do with my own.
This is an extremely reasonable criticism.
Quite unlike most of the critiques we saw on the original post.
Wait, how is “information on which apps you are using can be determined by Apple and/or the government” not valid criticism?
Where did I say it isn’t?
I have agreed with that criticism elsewhere. I also think unencrypted iCloud backups are a very serious problem.
99.9% is far too unreliable for something so fundamental as whether you can run programs on your own computer, especially when the downtime is unscheduled and occurs in the middle of the day.
It should be at least five nines, preferably six nines. Anything less than that is absolutely inexcusable.
It's indeed interesting how on one side cloud computing is supposed to be reliable and scalable, but then one of the largest and richest corporations which also runs their own cloud storage fails to keep such an essential service running. I don't claim to understand every part of such an OCSP system, but I expect a reliable fallback when millions of devices worldwide assume a 100% uptime.
>"...and it works well 99.9%..."
Can I please have a reference confirming this number
>"...It's not like Apple is doing this to track users."
And you of course have reliable inside source who can confirm this.
And of course downvote without having shred of evidence supporting the original claims.
You're getting downvoted because your comment seems like trolling.
The reason it seems like trolling is that the information you're demanding "evidence" for is:
- the number of elapsed hours since October 7, 2019, when Catalina was released and OCSP became mandatory
- the number of hours of outage the other day
- how division works
None of these seem to be fairly in dispute.
Yup. I am wrong on 1st point. Did not think it through. Sorry. Still 99.9% is too much as the others have already pointed out. The other point (tracking users) I think still stands.
Apple uses their authority to revoke certificates on macOS to further their own business interests in direct conflict with those of their users [1]. They have already demonstrated that they will abuse this trust, and use it to control what software people will use on their macs in a similar way as they do on iOS.
So no, they don't do it well.
I have trusted Apple with my phone for basically forever, but my work and personal computer going on the fritz made me seriously reconsider this relationship. I do not want my laptop to be like my cell phone. I frequently write crappy programs on my computer, and I've been totally fine with the earlier implementation of warnings unless you navigate to the application directory and explicitly open it and accept the warnings. As per the question, "Who better than Apple?", I wanna do bad all on my own. I do not have the technical ability to make a Linux laptop as good in terms of industrial design or hardware responsiveness (the touchpad on the laptop and the desktop version are the best user input devices ever for me), and that is what keeps me on their products. Otherwise, I'd be full time Linux again. I'm so confused as to whether or not to jump ship, and I feel like if I do I will be walking the plank
This argument assumes that companies are unchanging. Apple will never become greedy and use their increased control to raise prices, never stop caring about security and only use the system for market control, etc.
Honestly, THIS!
Apple used this same argument when talking about security agencies - https://www.youtube.com/watch?v=BZmeZyDGkQ0.
You may trust them now. But what's to say they'll remain the good guys forever?
By that logic, what's to say Apple will remain the good guys forever?
The Apple defenses are all over HN today. Honestly feels like astroturfing after the OCSP fiasco.
If it's not astrptufing, I don't think I can understand the mindset of a consumer who feels the need to defend the world richest corporation from criticism.
It's not surprising when those customers are repeatedly criticised and insulted for buying a product they like.
It's the same as that Clinton comment about Trump voters being deplorables.
Insulting people won't change their mind, rather it entrenches their views.
Woah. Is there much if any criticism of Apple customers? I can't recall a single instance in all the Apple threads I've read here.
Plenty of criticism of Apple itself, but that is not a criticism of their customers.
>I always advocate against opt-outs for security features like this [...] Because most users are not capable of evaluating the impact of opting out of a security process.
I agree fully with the author's characterizations of the dangers of disabling features or ignoring warnings, but I can't possibly agree with the conclusion that users should not be given a choice. So what if the user cannot understand the technical terms of a popup warning them about malware risk? How does that justify taking away their freedom to proceed anyway and run the program? The author's attitude is patronizing (and also intellectually dishonest as explained already by another commenter [1]).
There are lots of domains in life where we're out of our depth and make decisions anyway that might be dangerous, and we don't have anyone trying to hold or hand or to stop us altogether. Imagine you get into your Apple Car and plot a course on the GPS. The computer's voice says "there is a dangerous stretch of road on the plotted itinerary; please wait for your assigned Formula 1 driver to drive you to your destination". The car refuses to move no matter what you do. Half an hour later a small guy with a thick neck shows up, enters the car (because they've got the keys apparently) unlocks it so it can finally move and explains to you "oh yeah, a car fell down a cliff on that road back in 93". You complain about them not even apologizing for the delay. "You accepted the Terms and Conditions, didn't you?"
I get that the lack of freedom to run potentially malicious programs might be a feature, not a bug of Apple's systems. But I don't see them advertising it as what it is in practice. The notion of "false advertising" is well known and understood, but what about the notion of absence of advertising for a feature that might be unwanted to the point of making at least some potential buyers balk? Is there even a name for that?
Whether before the purchase of an Apple system or later at program startup time, the user should be able to make a decision as to whether to give Apple control of their computer in the fashion we've seen. All the necessary information and data should be provided to them. Whatever choice they make should be respected and they should not be judged for it, even if they did not understand the provided information. But the decision should not be made by some security nerd on a massive ego and power trip, imparting their enlightened guidance to "the lowest common denominator".
One of the reasons Apple has been so successful is because they make these decisions for the users. Customers were tired of their system breaking and getting malware because of confusing options and too much flexibility.
The low contrast gray font is obnoxious; the font should really be about twice the size if they're really committed to using the color.
> It comes down to an argument of trust - do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?
I'll just leave this here - https://stallman.org/apple.html
Can this site maybe consider specifying a better contrasting font colour between the text and the background?
On my firefox browser both on the desktop and mobile it looks like a rather light grey on white background. That is just plain difficult to read and is just terrible UX.
Luckily it works with Firefox reader mode. I use that for nearly all sites that try and be different or have too many sidebars, etc.
Thanks to uMatrix, this site just renders as a completely blank page. Fortunately Reader Mode can pull the text out in a perfectly readable format.
Agreed, the entire article text looks like what you’d use for a greyed out option to de-emphasize it.
yeah, it's not sufficient for accessibility, ran lighthouse and outside of the title it's not ok
"Windows has made amazing strides, bounding past controls afforded by other OSes, providing a great deal of simplicity for users while focusing on verifying who compiled code that is running on a user's PC"
By installing Candy Crush in every home user Windows hasnot made any amazing strides. In fact I would say windows 7/8/8.1 was far far better. What we have now? Candy Crush, Dumb Antivirus taking 20% CPU wasting unnecessary cpu time, Telemetry which sends data even if you opt out.
"I think the privacy arguments are far-fetched" Really?? Just because there are other bad players in market. Just because apple rivals/friends are doing bad thing doesn't mean you have to go and say privacy arguments are far-fetched. Clearly the article is just white washing of apple
Irony that this shares the front page with Apple's firewall sploit today.
This reminds me of Stripe, which logs every action of a user on any webpage (even non-checkout pages), in the name of fraud detection. Not sure what to think of it, but I would turn it off if I could.
>Finally, there's the open source argument - if I have the code, build the code, nothing can hide in the code
No, but you can modify the code, add your own code..
> "there are a lot of folks reasonably asking if they can trust Apple to be in the loop of deciding what apps should or should not run on their Macs. My argument is - who better than Apple?"
My argument: sod off and let me decide what I want with my own hardware. Luckily I have no business case to deal with Apple products and as a private person I do not care what they do as I am not in their "ecosystem" or whatever they call it.
So, basically, you have nothing useful to add to this conversation. You're just here to let everyone know you don't use Apple products. Cool.
My point was that I am very much against of such control disregarding of who implements it.
Since I only use Windows and Linux as desktop / server OS I am lucky not to be a victim of such tactics (at least for now). I know MS does collect telemetry but it is not known to be down to this level.
This article must have been written before this week's spectacular meltdown in Big Sur, which resulted because Apple emphatically did not handle application trust well.
I’m not sure how you could come to that conclusion given the first paragraph acknowledges the meltdown.
“ On November 12, 2020 Apple released macOS Big Sur. In the hours after the release went live, somewhere in Apple's infrastructure an Online Certificate Status Protocol (OCSP) responder cried out in pain, dropping to its knees, begging for mercy as load increased beyond what it could handle.”
I stand by my statement. The article itself was clearly written before Big Sur. Adding one paragraph at the beginning doesn't change when the rest of it was written.
They read the headline and all of the article except for the starting paragraph.