Contribute
Register

Well, this is scary "Your Computer Isn't Yours"

Status
Not open for further replies.
slam2019 said:
could someone kindly explain what the command means and does? Thanks!
Click to expand...

If you're talking about the command from post #13, it looks like it just adds the URL to your host file and blocks it from connecting. The only thing this will do is prevent the built-in malware protection of macOS from working, nothing else.
 
Would be interesting is this is the only call to apple or if there are other endpoints which receive telemetry data and what payload they have
 
slam2019 said:
Is there a built-in malware protection? Or you mean the message saying that the program is not downloaded from the App Store?
Click to expand...

No, I mean built-in malware protection.

www.howtogeek.com

XProtect Explained: How Your Mac's Built-in Anti-malware Software Works

Your Mac has built-in anti-malware (or antivirus) functionality.
www.howtogeek.com www.howtogeek.com
apple.stackexchange.com

What does XProtect protect/secure on Mac OS X?

My research so far has found XProtect appears at first glance to be a basic AV engine that scans DMG & apps through Safari, Chrome and Firefox. I'm looking to understand what does it actually d...
apple.stackexchange.com apple.stackexchange.com

The BS from the link from post #1 is just that, BS. It's fear mongering click bait. Worst of all, it's all wrong.
 
Last edited:
slam2019 said:
could someone kindly explain what the command means and does? Thanks!
Click to expand...
First you'll need some background info about networking and the domain name system so read this article.

computer.howstuffworks.com

How Domain Name Servers Work

When you type a URL into your web browser's address bar, the correct page appears as if by magic (provided you typed it correctly). Is it the work of sorcery? Nope! Domain name servers are handling all the data behind the scenes.
computer.howstuffworks.com computer.howstuffworks.com

After that learn about the loopback address 127.0.0.1

www.lifewire.com

What Is the 127.0.0.1 IP Address?

In computer networking, 127.0.0.1 is a special purpose IP address conventionally used as a computer's loopback address.
www.lifewire.com www.lifewire.com

The domain ocsp.apple.com is owned by Apple obviously and it's purpose is to check the apps you open for a valid certificate. This started happening with Sierra and continues through to Big Sur. You used to be able to stop this phoning home with apps like Little Snitch. It doesn't work anymore in Big Sur. All the echo command does is redirect that cert check to your hack's hosts file /etc/hosts instead of it being sent directly to ocsp.apple.com to check the app you just opened. Whether you or anyone should do this or not is the main issue here.

What has gotten everyone's feathers ruffled is that your computer's IP address is associated with this check. It's sent via HTTP and is not encrypted, meaning anyone can see this transmitted over the internet in clear text. All that is explained in the write up by Jeffrey Paul. Is this "spying on you" by Apple a bad thing ? I don't think they are doing this to notify the FBI that you're using a torrenting app on your computer to download copyrighted content illegally, for example. (hope you're not doing that) Is this something they should have the right to be doing without your consent ? You'll have to decide that for yourself.
 
Last edited:
slam2019 said:
Thank you. Guess I've never seen "... will damage your computer". So whenever an App is opened, it will automatically phone home? Or it only phone home once at the start, then never again?
Click to expand...

I don't know about that... I have never monitored to see...
 
Here's another article on this topic of "Your Computer is not Your own" which is getting a lot of attention here and all over the internet. Somewhat more objective than the one by Jeffrey Paul.

TL;DR

  • No, macOS does not send Apple a hash of your apps each time you run them.
  • You should be aware that macOS might transmit some opaque information about the developer certificate of the apps you run. This information is sent out in clear text on your network.
  • You probably shouldn’t block ocsp.apple.com with Little Snitch or in your hosts file.
As you probably have already learned during Apple’s OCSP responder outage, you can block OCSP requests in several ways, the most popular ones being Little Snitch and editing your /etc/hosts file. Personally, I wouldn’t suggest doing that as it prevents an important security feature from working.
Click to expand...
Now that you know the actual facts, if you think your privacy is put at risk by this feature more than having potential undetected malware running on your system, go ahead. Otherwise, don’t bother.
Click to expand...

Here's the full article by Jacopo Jannone

Does Apple really log every app you run? A technical look – Jacopo Jannone - blog

blog.jacopo.io

Here is the terminal command to undo the patch if you want to do that:

sudo sed -i "" "/ocsp\.apple\.com/d" /etc/hosts

I hope this has helped you learn more about what goes on "behind the desktop" when running your Mac or hackintosh. I know it's all rather complicated but the more informed you are the better decisions you'll make to stay safe in this high tech world of 2020 we now live in.
 
Last edited:
bern047 said:
Apple is watching you
Click to expand...
Great video and thanks for the info. Very strangely I use vypr vpn, it has worked great up until Big Sur came along. Now if I try launch the program the computer reboots. I have been talking to the people at vypr and they have updated the app but it still has issues. After watching your video I decided to try launch the app with internet disconnected, and bingo! it worked and runs and functions fine! A coincidence? Very strange.... any thoughts from some of you people more in the know?
 
Status
Not open for further replies.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top