Contribute
Register

Well, this is scary "Your Computer Isn't Yours"

Joined
Mar 30, 2013
Messages
124
Motherboard
Gigabyte Z170X Ultra Gaming
CPU
6600K
Graphics
RX 580
Mac
  1. iMac
  2. MacBook
  3. MacBook Air
It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slowand it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.

Source: Apple spying with BigSur
 
Joined
Nov 22, 2013
Messages
42
Motherboard
GIGABYTE GA-Z77N-WIFI
CPU
i7-3770K
Graphics
RX 580
Mac
  1. MacBook Air
  2. MacBook Pro
  3. Mac mini
Mobile Phone
  1. iOS
Apple is watching you
 
Joined
Oct 15, 2011
Messages
965
Motherboard
ASUS Gryphon Z87
CPU
i7-4770K
Graphics
HD 4600 & RX 580
Mac
  1. MacBook Pro
  2. Mac mini
Classic Mac
  1. Apple
I just about to post this here either. I thought Windows was the only software on earth with telemetry and now this. funky stuff
 
Joined
Jul 13, 2016
Messages
2,753
Motherboard
Gigabyte Z370 Gaming 5
CPU
I9 9900k
Graphics
Vega 64
Mac
  1. Mac mini
  2. Mac Pro
Mobile Phone
  1. iOS
Why is it scary, if you're older like me and were a part of the internet revolution of the 90's this was a path that Microsoft started down when they created the .net API. We as users/citizens have slowly but surely relinquished our rights to privacy with the inception of the internet. It has only gotten worse and and sped up with the advent of social media. The government has for a long time been processing every email sent looking for keywords since 97 when they first implemented Carnivore. Your ISP has been tracking your traffic always and so have the websites you have been visiting. Sure maybe the fact that apple is so blatantly tracking what you do is new but for years they have asked for your permission to send developers data about what you do. Being tracked on the internet started when Dialup was still king and Broadband was in its infancy. There is really only one option if you want to keep your stuff private and that is stay off the internet totally and all together.
 
Joined
Oct 15, 2011
Messages
965
Motherboard
ASUS Gryphon Z87
CPU
i7-4770K
Graphics
HD 4600 & RX 580
Mac
  1. MacBook Pro
  2. Mac mini
Classic Mac
  1. Apple
Why is it scary, if you're older like me and were a part of the internet revolution of the 90's this was a path that Microsoft started down when they created the .net API. We as users/citizens have slowly but surely relinquished our rights to privacy with the inception of the internet. It has only gotten worse and and sped up with the advent of social media. The government has for a long time been processing every email sent looking for keywords since 97 when they first implemented Carnivore. Your ISP has been tracking your traffic always and so have the websites you have been visiting. Sure maybe the fact that apple is so blatantly tracking what you do is new but for years they have asked for your permission to send developers data about what you do. Being tracked on the internet started when Dialup was still king and Broadband was in its infancy. There is really only one option if you want to keep your stuff private and that is stay off the internet totally and all together.
So you don't care that you no longer can block this in Big Sur ? Which was previous possible ?
 
Joined
Jul 13, 2016
Messages
2,753
Motherboard
Gigabyte Z370 Gaming 5
CPU
I9 9900k
Graphics
Vega 64
Mac
  1. Mac mini
  2. Mac Pro
Mobile Phone
  1. iOS
You mean you can no long block Apple? Sure you can you can stay off the internet. The govement, retailers, your isp, pretty much every web page you visit, they are all tracking you without any consent! The ones that ask for consent do not let you use their site unless you give consent! What does it matter if Apple does it also?

P.S. Retailers and credit card companies have been tracking your purchases long before the internet.
 
Last edited:
Joined
Oct 4, 2016
Messages
45
Motherboard
ASUS PRIME Z370M-PLUS II
CPU
i9-9900K
Graphics
Radeon VII
I dunno if you watched the almighty Tech Lead ex Google ex Facebook Engineer, but there is much more at stake.
Only programs with an Apple approved digital signature can run on all the devices.
If Apple does not like what you do, all they would have to do is to flag your signature in their DB and your programs would not run anymore.
 
Joined
Feb 16, 2013
Messages
87
Motherboard
ASUS Z370 PRIME-A - OpenCore
CPU
i9-9900K
Graphics
Radeon RX 570
Mac
  1. MacBook Pro
  2. Mac Pro
Classic Mac
  1. eMac
  2. iMac
  3. Performa
  4. Power Mac
Mobile Phone
  1. iOS

trs96

Moderator
Joined
Jul 31, 2012
Messages
19,129
Motherboard
GA-Z97X-UD3H-BK
CPU
i5-4690K
Graphics
HD4600 / RX 570
Mac
  1. MacBook Pro
  2. Mac mini
Mobile Phone
  1. Android
Edit: Apple has posted an official response to the claims that they are spying on their customers.
Apple has responded and said they will now encrypt the data transmitted during the Gatekeeper ocsp check and give end users the option to opt out of it.
See post #47 of this thread for more on this. Take home point is that the Gatekeeper certificate checks on your apps will now not be any risk to your privacy while connected to the internet.


Original Post:
No need to be scared about Apple's data collection that happens without your consent. Before doing anything you should read about the trustd process and what it does on your Mac. Here's the link:

Then read this article: https://blog.jacopo.io/en/post/apple-ocsp/

If you decide you want to block this certificate checking for personal security and privacy reasons....

There's a patch you can use to stop this activity in macOS Mojave through Big Sur.
Open up Terminal and copy and paste the following:

echo "127.0.0.1 ocsp.apple.com isrg.trustid.ocsp.identrust.com" | sudo tee -a /etc/hosts
Screen Shot 2020-11-15 at 12.37.11 PM.png

It's probably wise to revert to the default setting before installing a new piece of software and after updating any software. In the rare case that a developer id is stolen or compromised and used to create malware, you would be exposed. OCSP stands for Online Certificate Status Protocol. It's the way Apple checks if the app was notarized by them. On the postive side, they gather the info to determine how many macOS users have malicious software running on their Macs.

To undo, run this terminal command:

sudo sed -i "" "/ocsp\.apple\.com/d" /etc/hosts

Of course you can always use the Malwarebytes for Mac program to check apps before you install them. Bitdefender from the MAS is another free option you can use to scan any software first.

To better understand what the echo command does see: https://www.tonymacx86.com/threads/...omputer-isnt-yours.306141/page-4#post-2195375

For those still running High Sierra or older macOS versions you don't need to use the patch to stop this. It only started after macOS Mojave was released. Jeff Johnson had this to say back in December of 2018:

I also tested macOS 10.13.6 with yesterday's security update installed, and zero packets are sent on first launch of downloaded apps, so it's definitely a new behavior of 10.14 Mojave.
 
Last edited:

trs96

Moderator
Joined
Jul 31, 2012
Messages
19,129
Motherboard
GA-Z97X-UD3H-BK
CPU
i5-4690K
Graphics
HD4600 / RX 570
Mac
  1. MacBook Pro
  2. Mac mini
Mobile Phone
  1. Android
To verify the patch actually works, download Wireshark, it has a free trial. Open up any program on your Mac and see whether it's able to phone home to Apple servers. The seeing is believing method.

Screen Shot 20.jpg
 
Last edited:
Top