Apple OSes Are Insecure by Design to Aid Surveillance (2024)
sneak.berlinThis article is in fact from 2023, the only thing from 2024 was an update on 03-11 that confirms the detected issue was addressed in macOS 14.3.1 (and likely earlier versions).
The update is exactly why I put 2024 to the title. Also, one issue got solved and many others remain unsolved.
The plaintext TSS/ECID and the plaintext OCSP issues have been fixed, which IMO were the only meaningful security gripes of the article.
The iMessage/ADP/Metadata stuff I think is more of an implementation decision than a meaningful attempt at data collection. Using clear text file names and hashes for dealing with collisions and deduplicating is a reasonable first pass at something like this. Sure, they could probably roll some end-to-end obfuscation for this, but with how big their stack and cloud integrations are, I’m sure that’s non-trivial.