dimanche, mars 7, 2021
  • Our partners
  • Our team
  • Our editors
  • Contact
No Result
View All Result
rzo logo
Advertisement
Tech News, Magazine & Review WordPress Theme 2017
  • Home
  • RZO COIN
  • Shop
  • Magazine
    • All
    • Audio
    • Camera
    • Laptop
    • Smartphone

    Apple Watch Series 2 Is Swimproof and Comes With Built-In GPS

    National Academy of Sciences endorses embryonic engineering

    Jack Dorsey says he’ll continue running both Square and Twitter

    Fujifilm X-T2 review: The definition of a great camera

    The Warby Parker of hair color, Madison Reed, scores new funding and a CMO

    Shopify CEO attempts to defend continued hosting of Breitbart’s online store

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
    • Gaming

      To regain advertiser trust, Facebook is tracking ads by the millisecond

      National Academy of Sciences endorses embryonic engineering

      Google has been asked to take down over a million websites

      Watch Dogs 2 Update Coming This Week, Here’s What It Does

      The Analogue Nt Mini is the perfect NES console for video game lovers

      GoPro’s Karma drone is back on sale after design flaw made them fall out of the sky

  • News

    National Academy of Sciences endorses embryonic engineering

    Watch Dogs 2 Update Coming This Week, Here’s What It Does

    Fujifilm X-T2 review: The definition of a great camera

    The Analogue Nt Mini is the perfect NES console for video game lovers

    Using a mind reading device, ‘locked-in’ patients told researchers they’re happy

    Watch Cruise’s self-driving Bolt EV navigate smoothly to SF’s Dolores Park

  • Formation
  • EBOOKS
  • Trading
    • eToro
  • EXCHANGES
    • BLOCKCHAIN
  • Security

    To regain advertiser trust, Facebook is tracking ads by the millisecond

    National Academy of Sciences endorses embryonic engineering

    Google has been asked to take down over a million websites

    Watch Dogs 2 Update Coming This Week, Here’s What It Does

    The Warby Parker of hair color, Madison Reed, scores new funding and a CMO

    Shopify CEO attempts to defend continued hosting of Breitbart’s online store

    • Computers

      To regain advertiser trust, Facebook is tracking ads by the millisecond

      Google has been asked to take down over a million websites

      Watch Dogs 2 Update Coming This Week, Here’s What It Does

      Fujifilm X-T2 review: The definition of a great camera

      Shopify CEO attempts to defend continued hosting of Breitbart’s online store

      SpaceX targets February 18 for Dragon resupply mission to ISS

    • Applications

      Apple Watch Series 2 Is Swimproof and Comes With Built-In GPS

      To regain advertiser trust, Facebook is tracking ads by the millisecond

      National Academy of Sciences endorses embryonic engineering

      Google has been asked to take down over a million websites

      Watch Dogs 2 Update Coming This Week, Here’s What It Does

      Jack Dorsey says he’ll continue running both Square and Twitter

  • 🇺🇸
    • 🇨🇭
    • 🇫🇷
    • 🇬🇧
    • 🇨🇦
    • 🇷🇺
  • Home
  • RZO COIN
  • Shop
  • Magazine
    • All
    • Audio
    • Camera
    • Laptop
    • Smartphone

    Apple Watch Series 2 Is Swimproof and Comes With Built-In GPS

    National Academy of Sciences endorses embryonic engineering

    Jack Dorsey says he’ll continue running both Square and Twitter

    Fujifilm X-T2 review: The definition of a great camera

    The Warby Parker of hair color, Madison Reed, scores new funding and a CMO

    Shopify CEO attempts to defend continued hosting of Breitbart’s online store

    Trending Tags

    • Best iPhone 7 deals
    • Apple Watch 2
    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • iOS 10
    • iPhone 7
    • Sillicon Valley
    • Gaming

      To regain advertiser trust, Facebook is tracking ads by the millisecond

      National Academy of Sciences endorses embryonic engineering

      Google has been asked to take down over a million websites

      Watch Dogs 2 Update Coming This Week, Here’s What It Does

      The Analogue Nt Mini is the perfect NES console for video game lovers

      GoPro’s Karma drone is back on sale after design flaw made them fall out of the sky

  • News

    National Academy of Sciences endorses embryonic engineering

    Watch Dogs 2 Update Coming This Week, Here’s What It Does

    Fujifilm X-T2 review: The definition of a great camera

    The Analogue Nt Mini is the perfect NES console for video game lovers

    Using a mind reading device, ‘locked-in’ patients told researchers they’re happy

    Watch Cruise’s self-driving Bolt EV navigate smoothly to SF’s Dolores Park

  • Formation
  • EBOOKS
  • Trading
    • eToro
  • EXCHANGES
    • BLOCKCHAIN
  • Security

    To regain advertiser trust, Facebook is tracking ads by the millisecond

    National Academy of Sciences endorses embryonic engineering

    Google has been asked to take down over a million websites

    Watch Dogs 2 Update Coming This Week, Here’s What It Does

    The Warby Parker of hair color, Madison Reed, scores new funding and a CMO

    Shopify CEO attempts to defend continued hosting of Breitbart’s online store

    • Computers

      To regain advertiser trust, Facebook is tracking ads by the millisecond

      Google has been asked to take down over a million websites

      Watch Dogs 2 Update Coming This Week, Here’s What It Does

      Fujifilm X-T2 review: The definition of a great camera

      Shopify CEO attempts to defend continued hosting of Breitbart’s online store

      SpaceX targets February 18 for Dragon resupply mission to ISS

    • Applications

      Apple Watch Series 2 Is Swimproof and Comes With Built-In GPS

      To regain advertiser trust, Facebook is tracking ads by the millisecond

      National Academy of Sciences endorses embryonic engineering

      Google has been asked to take down over a million websites

      Watch Dogs 2 Update Coming This Week, Here’s What It Does

      Jack Dorsey says he’ll continue running both Square and Twitter

  • 🇺🇸
    • 🇨🇭
    • 🇫🇷
    • 🇬🇧
    • 🇨🇦
    • 🇷🇺
RZO Magazine : Formation Ebooks Crypto univers
No Result
View All Result
Home Uncategorized

Mac Update Leaves Users No Room to Escape Data Collection

by
novembre 18, 2020
Mac Update Leaves Users No Room to Escape Data Collection
Share on FacebookShare on Twitter


  • Apple’s most recent update, Big Sur, makes a feature that logs device activity for offline (and online) applications practically impossible for privacy solutions to bypass. 
  • The monitoring is yet another example of Apple’s privacy-compromising design choices, despite the company’s efforts to present itself as a privacy ally.
  • VPNs and other firewalls cannot circumvent the feature. 
  • Security researchers suggest that users who care about their digital privacy explore other, open-source alternatives. 

On Nov. 12, Mac users complained their computers were acting sluggish. This sluggishness coincided with the release of Big Sur, the latest Mac update fro Apple. 

After the update was released, a technical error disrupted the servers Apple uses for OCSP requests, the packets of data that verify a computer’s SSL certificate when it accesses online applications. Apple devices were shutting down because these OCSP requests weren’t reaching Apple servers

As some users looked closer, it became very clear why the devices failed when the OCSP servers were failing: Every time a user opens an application (even an offline one), that action is being tagged and traced by Apple’s OCSP servers.

This feature was introduced in Apple’s Catalina update, but certain tools (like Little Snitch) could be used to bypass it. Now, with Big Sur, there’s no practical way for average Mac users to thwart the feature. 

Apple has touted itself as pushing privacy as the core of its mission, perhaps most publicly by rebuffing law enforcement demands to unlock one of the San Bernardino, Calif., shooter’s iPhones after the December 2015 attack.

But these new revelations demonstrate some of the inherent flaws in centralized data collection – you have to trust Apple not to share this information (or trust them to not be coerced into revealing it to a government agency). In this case, though, Apple’s siloing of data through Big Sur may not even be the primary issue because these OCSP requests are transmitted unencrypted, meaning the contents can be read by any surveilling party that intercepts them.

Thus, if Mac users want out from under Apple’s eye, they’re going to need to explore alternatives.

Mac update enables offline activity logging

“On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read without a log of your activity being transmitted and stored,” hacker and security researcher Jeffrey Paul writes in a blog post.

Paul told CoinDesk in an email he doesn’t think “Apple has ill intent here,” but that its goal is to monitor malware and other illicit software on its devices. 

The problem, though, is these OCSP requests are unencrypted and so “vulnerable to passive monitoring.” This leaves the data open to collection and parsing at the hands of “large-scale passive monitoring organizations” such as the U.S. National Security Agency (NSA). 

“This is, of course, terrible practice, and despite being the industry standard, Apple should know better, as they are cryptography experts (who run their own certificate authority and regularly use relatively advanced cryptographic tools like client certificates and cert pinning),” Paul wrote over email.

Telemetry is a diagnostic process by which servers track how a device is used. Paul said the problem with Apple’s system here is that because this data is not encrypted, third parties can read it. Any entity tapping into these lines of communication can see what applications someone is using and when they use them.

“The real privacy risk here is not that Apple might be collecting this data. They’re likely not, as I believe that this is an attempt by Apple to prevent malware from being able to execute on their platform. The problem is that it serves as *inadvertent* telemetry to anyone who’s listening on the wire, which, in the United States, is every major ISP and the national military,” he continued.

These kinds of concerns have led to arguments against centralized servers for contact tracing in the European Union. They’ve also encouraged recent pushes for mixnets, which mix network traffic specifically to avoid passive metadata observation. 

Apple’s devices have always been a walled garden of sorts. Applications and software from unverified publishers, for instance, must be manually approved by users. The ostensible aim of such controls is to protect the user, but as Cory Doctorow recently emphasized to CoinDesk over email, these controls can override agency in certain scenarios (for example, when Apple removed thousands of apps from its Chinese app store). 

“I think this is a great example of what Bruce Schneier calls “feudal security,” Doctorow told CoinDesk, commenting on the activity logging feature. “The idea that our systems no longer give us the power to protect ourselves, but rather require us to surrender our destiny to one of the great techno-warlords of the age (Facebook, Google, Apple, Msft, etc.), who will protect us … from everyone except [t]hemselves.”

Data privacy solutions

For any Mac users hoping to escape the surveillance, solutions are going to have to come from outside Apple’s locus of influence. 

Before the Big Sur Mac update, VPNs or firewalls like Little Snitch would have kept your computer from leaking information. But Big Sur trumps this, said Valdas Petrulis, co-founder and lead software engineer at Mysterium Network, a decentralized VPN protocol..

“MacOS Big Sur (version 11.0) allows traffic to bypass usual routing and firewall rules. Which simply means Little Snitch won’t be able to monitor and block this, and neither can a VPN be able to help or hide you. MacOS has now simply forbidden that.”

Sean O’Brien, the principal researcher at ExpressVPN’s Digital Security Lab, said that ultimately a VPN will not “prevent Apple from being able to collect this data, but [it] “would at least protect it from other network intermediaries as it travels over the internet.”

There is a way to disable the feature, though Paul said only MacOS experts should try this. Apple changes which system services you can disable with each update, Paul said, so this may be changed in the future. 

“Really, though, the #1 thing that consumers can do to protect their privacy when using Apple devices is to *never* use iCloud, and to not use iMessage,” Paul continued. iCloud data is unencrypted, he said, allowing “the FBI or U.S. military to read pretty much everyone’s complete iMessage history without ever touching the device.”

Alternatives?

The only way to escape Apple’s panopticon, according to Paul? “Open-source software that doesn’t spy on you.” This used to mean tools like Little Snitch, Tor and VPNs, but now that Apple has a tighter grip on personal privacy, those seriously worried about their privacy can only change hardware and software providers.

Perhaps as testament to users making a change, Mysterium CMO Sharmini Ravindran said the service has experienced “8 to 10 times as much interest” in its Windows application versus its Mac version.

Of course, Microsoft is no privacy saint either, meaning the free and open-source Linux software, long the choice of most privacy advocates, could be the safest bet.

But that’s only going to work if your typical Mac user cares enough about the privacy-leaking feature. And if he or she does care, there’s also the matter of knowing enough about computers to boot and maintain Linux. One of Apple’s key selling points is that it’s user friendly for even the most tech-averse individuals, which can be appealing given privacy tech is sometimes full of friction for people who are used to logging into everything using Face ID. 

Then again, Apple has also been praised as a privacy-conscious company, and public perception is always changing. 

“Not only is Apple exposing its customers to risk from the company’s own executives and corporate decisions, but it’s also creating a moral hazard for governments, inviting them to coerce Apple into (ab)using this facility to harm – not help – its users,” said Doctorow.



Source link

Tags: CollectionDataEscapeLeavesMacRoomUpdateUsers

Laisser un commentaire Annuler la réponse

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Recommended.

Cosmos Set to Take Lead in Blockchain Interoperability With February’s Stargate Release

Cosmos Set to Take Lead in Blockchain Interoperability With February’s Stargate Release

janvier 28, 2021
Bitcoin Bulls Face $750m in Liquidations During Latest Selloff

Bitcoin Bulls Face $750m in Liquidations During Latest Selloff

novembre 26, 2020

Trending.

Bitcoin Chartists See Price Hitting $70,000 After Tesla Crypto Purchase

Bitcoin Chartists See Price Hitting $70,000 After Tesla Crypto Purchase

février 9, 2021
Multiple Analysts Look at $400,000 as Bitcoin’s Ultimate Bull Stop

Multiple Analysts Look at $400,000 as Bitcoin’s Ultimate Bull Stop

février 10, 2021

Passwords for social media accounts could be required for some to enter country

octobre 20, 2020
Bitcoin Eyes $20K-Breakout as Morgan Stanley Predicts Dollar Crash

Bitcoin Eyes $20K-Breakout as Morgan Stanley Predicts Dollar Crash

décembre 3, 2020
Developers Implicated in Alleged Smart Contract ‘Rug Pull’

Developers Implicated in Alleged Smart Contract ‘Rug Pull’

décembre 2, 2020
RZO Magazine : Formation Ebooks Crypto univers

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

Follow Us

Catégories

  • Apple
  • Applications
  • Audio
  • Camera
  • Computers
  • Gaming
  • Gear
  • Laptop
  • Microsoft
  • Photography
  • Review
  • Security
  • Smartphone
  • Uncategorized

Étiquettes

AllTime Analyst Analysts Apple Watch 2 Bank Best iPhone 7 deals Bitcoin Bitcoins Blockchain BTC Bull Bullish Buying Guides CEO CES 2017 Coinbase crypto Data DeFi Digital Ether Ethereum Exchange fund Heres high Highs Hit Hits investors iOS 10 iPhone 7 Litecoin Market Mining Mover Options Playstation 4 Pro Price Rally Record Sillicon Valley Trading Wrap XRP

Recent News

Grayscale adds $120 million worth of Bitcoin to its coffers amid continued institutional interest

Why is Grayscale’s Bitcoin Trust (GBTC) trading at a discount?

mars 6, 2021
Ripple says no trouble in Asia despite SEC lawsuit

Ripple says no trouble in Asia despite SEC lawsuit

mars 5, 2021
  • Our partners
  • Our team
  • Our editors
  • Contact

© 2020 All rights reserved RZO COIN Website created by Olivier Obé with Wordpress

No Result
View All Result
  • Home
  • Review
  • Apple
  • Applications
  • Computers
  • Gaming
  • Gear
    • Audio
    • Camera
    • Smartphone
  • Microsoft
  • Photography
  • Security

© 2020 All rights reserved RZO COIN Website created by Olivier Obé with Wordpress

en English
nl Dutchen Englishfr Frenchde Germanes Spanish