Jeffrey Paul: your computer isn’t yours

Some privacy concerns about Apple Silicon and MacOs Big Sur.

The latest features added by Big Sur in combo with the Silicon M1 processor have some dirty little secrets. A path started some time ago and now completed with a dual purpose, according with a really interesting post by security researcher Jeffrey Paul:

On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. 

[…]

Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.


“Who cares? I use a VPN!”

Well, it’s not that easy:

Now, it’s been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch [1] (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple.

The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don’t permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them [2].

@patrickwardle lets us know that trustd, the daemon responsible for these requests [3], is in the new ContentFilterExclusionList in macOS 11, which means it can’t be blocked by any user-controlled firewall or VPN. In his screenshot, it also shows that CommCenter (used for making phone calls from your Mac) and Maps will also leak past your firewall/VPN, potentially compromising your voice traffic and future/planned location information.

And, finally:

Those shiny new Apple Silicon macs that Apple just announced, three times faster and 50% more battery life? They won’t run any OS before Big Sur.

These machines are the first general purpose computers ever where you have to make an exclusive choice: you can have a fast and efficient machine, or you can have a private one.


References

  1. Little Snitch
  2. Apple apps on macOS Big Sur bypass firewall and VPN connections
  3. https://twitter.com/patrickwardle/status/1327034191523975168
  4. CAN’T OPEN APPS ON MACOS: AN OCSP DISASTER WAITING TO HAPPEN

Related posts

  1. Privacy Roundup #18
  2. Cybersecurity Roundup #17
  3. How to extract sysdiagnose logs for forensic purposes on iOS
  4. Technology Roundup #16
  5. Technology Roundup #15