> It comes down to an argument of trust - do you trust Apple is acting in your best interests
No. I mean really very obviously no.
Neither Microsoft. Nor Google. Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?
It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
The problem is when one entity can lock down a platform entirely. Its a problem when its not a choice the user have. Its also a problem that even when the user wants all code to be verified, they cant choose who it gets verified by.
If yesterdays disaster had happen to a third party trust company, and not Apple, a lot of people would be looking for a new trust vendor today. Thats what should happen in a non-monopolistic market.
0: https://www.marketwatch.com/press-release/global-antivirus-s...
1: https://www.theverge.com/2020/10/29/21531711/google-alphabet...
Just because a company sells a product that has some things one might want that no other market players bother combined with some things that they don’t like, doesn’t mean they’re “exploiting a monopoly”.
I guess we’ll wait for you to design a better trust-based system that allows you to stop malicious software from executing on N different machines without needing N users to do anything.
Well, "unacceptable mess" are your words. It's totally acceptable to me that there could be issues on a feature / launch that need to be ironed out, unless we're talking about aviation software or pacemakers.
If we deemed "unacceptable" any misstep or early issue, we wouldn't even have fire, a relatively tried and tested technology, that still has its issues...
>No. I mean really very obviously no.
The question is not an absolut one.
You should read it "do you trust Apple is acting in your best interests OVER any random app you might install or website you visit?".
Not to mention they don't even do the kind of tracking the original "sky is falling" post assumed they do: https://blog.jacopo.io/en/post/apple-ocsp/
As this post says, "Now that you know the actual facts, if you think your privacy is put at risk by this feature more than having potential undetected malware running on your system, go ahead [and disable the checking via /etc/hosts]".
>It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
The author is a security specialist, not some random dude. And he made his point with technical arguments, not hand waving.
For much of the software I use, the answer is no. I don't trust that Apple is acting in my best interests over GNU software, for example, not by a long shot. I don't even trust that I could understand if Apple is acting in my interests, because massive corporations like Apple have unparalleled resources they can use to obfuscate their intentions.
Is our best shot at trusting one another to delegate that trust to a notoriously non-transparent corporation with a laundry list of conflicts of interest, obfuscated closed-source software, and that's operated out of a country well-known for surveilling its citizens and citizens of other countries?
Personally I'm not anywhere near ready to accept that that's the best we can do, nor that it's something that we even should do.
(The company that released the Apple II manual was trustworthy. That company was buried out behind the shed long ago.)
Edit: By saying this I'm not endorsing OP exact words, but the failure is not a minor, besides hours of work lost, it was a major stress, as I though I would have to take the computer to repair, or replace it, and I can still manage, but many people can't afford it right now.
In other words, an authoritarian corporate shill, just like the vast majority of others in the "security industry" whom I've had the displeasure of meeting.
But it isn't that. That would be the argument for choosing to install apps through Apple's store, not for Apple preventing you from choosing to install apps through a competing store.
Because then it's not Apple vs. literally every random shady garbage app, it's Apple vs. some specific alternative store that you might very well trust more than Apple to be acting in your interest, e.g. F-Droid.
The fact of the matter is that computers offer myriad ways to compromise your life and behave maliciously, and avoiding that is a tall challenge for any company. Apple is trying it their way, and you can try it yours. But to call it Stockholm Syndrome is an unfortunate take on these efforts.
We at HN like to hold ourselves apart from other communities, but is merely an echo chamber for what gp refers to.
Alright, let's not call it Stockholm syndrome. A "collective hypocrisy" would be more appropriate.
You mean this level of discourse?
>The privacy squad mobilised on this one - in fact, one blog post recieved a lot of attention for decrying such systems with the dogwhistle "you no longer own your computer!"
(Pretending to be able to see into the minds and motivations of people you don’t know is rarely helpful. You have no grounds to attribute users’ behavior and opinions to Stockholm Syndrome, and it doesn’t apply anyway: no one is held hostage or abused in this scenario)
But you don't need signed apps for that, only hashes. And you don't have to phone home for that, only download the latest naughty list whenever it changes so you can check against it locally.
App signing exists elsewhere without sacrificing privacy. Most Linux packages, for example, are signed with GPG keys. The difference is that Linux only cares about installing trusted packages. It doesn't care about applications that are already installed after verification. Apple insists on having the ability to revoke something that's already installed. There are two issues here:
1. Is it reasonable to revoke permissions for an installed package? It could be argued that it will help stop malicious apps that were discovered after they were distributed. However, it could equally as well be that Apple wants more control over devices and hold developers to ransom. Their recent treatment of developers indicate that this concern is not at all misplaced. The least Apple could do is warn the user about a revoked certificate and ask if they still want to proceed (like how browsers do in the same scenario). However, it just refuses outright.
2. Apple chose a very bad method to implement online certificate revocation. OCSP is meant for server certificate validation. OCSP stapling is preferred over plain OCSP due to privacy concerns. Stapling cannot be used in this context. This method unfortunately ruins privacy and spill user information everywhere. They could have chosen some other more private method, like an updatable CRL.
> I’m pretty sure those who relentlessly focus on the possible downsides don’t know either.
As I said, there are more private ways to push revocation status. Apple always claimed that the device lockdown was to ensure privacy. This oversight shows how hollow that claim is.
Important part to notice is the false dichotomy of freedom vs security. The argument that negligent users will screw up if given freedom. This is wrong for two reasons:
1. Defaults vs restrictions: Keep the defaults secure and slightly hard to modify for normal users. But don't restrict those who need alternatives.
2. Security can be achieved without locking everything down and remote controlling it. See web browsers for example. We run JS from all insecure sources, but cannot access sensitive resources (like camera, file access etc) without users' permission. The same can be achieved on OS with sandboxing, microkernels etc.
> no one is held hostage or abused in this scenario
Abuse is not always apparent to the abused. User rights are gradually eroded away in the name of security, giving users enough time to get accustomed to it. There may be escape hatches now, but they are slowly getting closed. For example, we considered PCs that don't allow us to install another OS as abusive. However, we don't hold mobile devices to the same standard. Unfortunately, this normalization of abuse doesn't just affect those who accept it. The rest of us are left without a choice. That criticism is definitely valid.
I get what you're saying, but (as an Apple fanboy) I have to point out that Apple's incentives are to act in your, the customer's, interests since that is what they are selling now. They are differentiating themselves from the Googles by taking user privacy seriously.
If they act against that they lose their key advantage.
Trust but verify perhaps?
I say this not to ascribe malicious intent—I do not think Apple implemented OCSP to push people towards the App Store. But incentives are funny things, and can cause people and organizations to rationalize all sorts of decisions, and conveniently ignore some side effects and not others.
Then please explain how that is consistent with Apple setting Google as default search engine in Safari ( https://www.theverge.com/2020/7/1/21310591/apple-google-sear... ).
As always, Apple only aims for environmentally-friendly actions and privacy as long as they profit from it and it makes a good news article. But then they ignore privacy when you're not looking, and making it unnecessarily hard to repair your devices.
I found out not long ago that a tool I was using had no hygiene practices at all - they grabbed random versions of things they packaged up, had no meaningful audit trail at all, no means to notify (or even awareness that this might be a consideration) essentially no meaningful code review and so on. I noted this because I was investigating a bug for the project and gradually the reality became clear.
At the very least, Apple is one step above mayhem and negligence.
Even without perverse incentives, why would another agent in your environment have any reason to go out of their way to have your best interest at heart?
I see more nuance here. I don't trust the Apple/MS licensing / code signing teams, but I do trust the MS defender team to do much better job. They're not directly connected to a source of profit.
Guns can be well engineered, but that does in no way answer whether it is or isn't acceptable to own one.
It's perfectly reasonable to believe that Apple is acting in Apple's best interest without attributing malevolence.
By downplaying rational arguments: "I think the privacy arguments are far-fetched (because others are worse)"
By using loaded terms: "Dogwhistles
The privacy squad mobilised"
Presenting strawmen: "if I have the code, build the code, nothing can hide in the code. This is a fallacy that people buy in to thanks to effective marketing "
Lying by omission: "It's not feasible for an individual to maintain the list of trustworthy or untrustworthy parties that Apple does."
It's perfectly feasible for a group of individuals. I'll take any group distro maintainers over Apple's word.
He really doesn't just sound like an Apple apologist; he is one.
Yes. I mean really very obviously yes.
And Microsoft. And Google.
I assume they're acting in my interests because they have clear incentives to increase their profits by giving me useful helpful products that I'll buy.
That's the entire premise of competition and the free market. The invisible hand gives consumers what they want. If, as a company, you don't, then you go out of business.
If this were a communist country where the Party performed validation checks? With no choice between products? Then no.
But in a competitive free market? Absolutely. In fact I'm relying on their motive to increase profits in order to trust that they'll act responsibly. What can you trust more than someone else's self-interest, at the end of the day?
I think 2 is much more complicated and the solution is not obvious, but it’s still a very valid issue, indeed I would say it is the most important issue in the industry today.
However much of what I saw in the comments was none of these.
Most of it was intended to dishonesty brand Apple a ‘spyware’ company, or to brand anyone who uses Apple hardware or software as a participant in some great evil.
Neither of these are intellectually honest paths.
This isn't what Apple is doing. If we're to take Apple's words that the govt agencies aren't 100% trustable just because they have a trustable setup today, why should we trust Apple just because they seem to be the good guys today?
... The user?
On the one hand, no. Probably, statistically, apple will know better.
On the other hand, despite the above, if you want to call apple devices "owned" (vs "leased") then yes, the user must be the ultimate decision maker. They might want to delegate these things to apple (or someone else for that matter) most of the time. But they must have the possibility to simply run what they want.
I think we're seeing the "HN crowd" be so frustrated about this because it is a pretty transparently anti freedom thing to do, and HN folks do love themselves some freedom.
The user is the ultimate decision maker - the user gets to decide whether they want MacOS or not.
The only people talking about constraining this freedom are the ones asking for the government to regulate software distribution.
What you are asking for is for Apple to make a design change to their software to support your use case.
That is a very reasonable thing to want, and to reject Apple for not providing, but it has nothing to do with some ideology of what it means to ‘own’ something.
My car has software problems I don’t like - the digital speedometer only reads kph, whereas I live in a place where mph is standard. There is no facility for changing the software.
Obviously I still own the car.
I can see the argument, but at the same time, if they really did, I’m not sure I would agree.
I also am not sure that’s completely theoretical. Apple (almost?) has the money to do so (yearly revenues about $260 billion, cash reserves about $190 billion), and I think ‘the world’ is getting used to not owning stuff more and more. Many users already pay per month for their phones, anyways.
As someone who works in IT: not for most users. Certainly not for any of my relatives, as successful/smart as they may be in other fields.
Certainly have manual overrides for Alpha Geeks (to use O'Reilly's term), but even if a person is on the right-hand side of the Bell curve generally, that doesn't necessarily mean they can make informed software decisions specifically.
I'm fine with automatic seatbelts as long as there's a Terminal.app command I can run to disable them on an as-needed basis.
I want to run the apps I want to run, thank you very much. No one else should have any say in that. It's my computer.
This is why there is no 'File Access' API in the browser, because it'd be like giving guns to teenagers, even with 'safety training' it would get out of hand.
So the issue then becomes one of 'power' as much as 'knowledge' of security, and of course all the peripherial abuse surrounding the 'security rules' that have nothing to do with security.
Involving 3rd parties, giving proper security notifications but still letting users have the final say etc. etc. there are definitely middle paths and reasonable choices we coudl make.
But there's just too much money on the table for the powers that be to look the other way, they will continue to infringe until they are stopped.
- instead of OCSP use CRLs or a better technique that allows MacOS to verify locally if a certificate is valid. This would preserve user privacy and wouldn't risk slowing down the user's computer in case things go wrong. It would also introduce slightly bigger risk because of the increase in the validity window, but I think that's a price worth paying. Regarding the size of the CRL's, there should be some cryptographic techniques like accumulators, bloom filters etc. that could improve the size.
- allow power users to add separate trust anchors in cases where they deem appropriate. The same way you go to Control Center to allow an app that was downloaded from the Internet to run, you could also be allowed to add another certificate from a developer you trust.
I think these 2 improvements could go a long way in restoring goodwill for Apple.
So go back a few weeks and you buy a copy of Fortnite, Apple and Epic lock horns on a dispute and they revoke Epic's certificate. Next thing you get a shiny new M1 equipped Mac and go to install it and it's gone from the app store. Slightly deflated, you go back to your Mac and copy the files off it onto your new one, thinking you circumvented this slyly, it does an OCSP check and refuses to run the binary. Eventually the OCSP check will be done, probably after an OS upgrade on your old Mac and that's gone too. So you're deprived of something you paid for and have no control over the hardware you paid for.
This is an example of what could happen.
If it improved security posture the signing infrastructure wouldn't be used to sign any old shit from millions of developers doing all sorts of nefarious things that Apple didn't pick up during the review process...
Edit: this has already been demonstrated if you refer to the Flappy Bird mess a few years back.
Another thing in line with what you mentioned is the ability for the company to squash competition. Not only do they have the last word to veto programs from running, they also get a global view of what everyone is running that nobody else has. This kind of information has been abused by Amazon to drive out competition in favour of their own "Amazon essentials" products, for example.
Personally I drew the line at Catalina, and I think an order of magnitude more will draw the line at Big Sur.
https://www.zdnet.com/article/apple-update-kills-off-zoom-we...
As for Epic. They lied about the content of the software they uploaded to the store, and knowingly breached a contract they had signed. If that isn’t fraud, I don’t know what is.
They could have sued Apple without the fraud. The certificate revocation was only about the fraudulent software update.
Finally, I think the writer should be more careful with their use of the term "dogwhistle". It's a politically-loaded term that isn't used correctly in this piece.
No, that's a completely false dichotomy. These are not alternatives at all. I can absolutely trust Apple to act in my best interests in some regards while distrusting them in others.
I do trust Apple to make a good effort to keep malware off my device, a better effort than I could ever hope to make myself. I do trust them not to spy on me to target ads.
But I also know that Apple has a business interest in keeping software off my device that is not malware. I don't trust them to act in my best interest where it conflicts with their best interest.
I also know that their interest in tightly controlling what software goes on my devices creates an opening for authoritarian governments to take control. If and and when end-to-end encryption gets banned, who decides whether or not I can still use Signal? Is it going to be me or is it going to be Apple?
This is definitely not a simple question of trusting Apple or not trusting Apple.
The author conveniently overlooks the fact that customers pay literally thousands of dollars for Apple computers. We're not talking about a free online service here. This is why "you no longer own your computer" has so much traction. Shouldn't we own the devices that we buy?
The tech companies are trying to destroy the very concept of product ownership, and consumers ought to fight to the end over this. It's why "right to repair" is so important too.
I spent decades building and running my own computers and I’m not interested in doing so anymore. I own the device that I buy, I knew how to turn off these controls and didn’t bother during the outage, and I generally refuse to do so. In return, I don’t have to deal with all the weaknesses of the liberated computing approach that you frame as the only optimal outcome.
Apple’s restrictions liberate me from having to spend time on fully-liberated computing. I’m glad liberated computing exists, but the idealistic view that all computing should be that way is harmful to my life’s priorities.
This seems to conflate restrictions with defaults.
It's reasonable for Apple to configure Macs to be safe "out of the box". But it's not clear why it helps you to prevent other Mac users from changing the defaults.
There are a few people who bring it up, and then use manipulative rhetoric:
“Shouldn’t we own the devices we buy?”
Of course, who would disagree with that! But this is manipulative because you are affirming the consequent. I.e. leading the reader into accepting the conclusion that you don’t own your computer.
“The tech companies are trying to destroy the very concept of product ownership”
This is an ideological claim with no factual basis, there are no memos or recordings supporting that anyone is trying to do this. It’s just you claiming to know the plans of ‘the tech companies’.
It could just be that Apple is trying to stop malware. Perhaps not a secret plot! Maybe there is no conspiracy!
It’s also a laughable exaggeration, as well as black and white thinking . Do you own your house? Presumably not since there are many legal restrictions on what you can do with it. Do you own your car? Presumably not, since you can’t install your own software on its computers. Do you own your toaster oven? Presumably not since you can not reprogram the microcontrollers.
Perhaps the conspiracy is deeper than I realized!
“Consumers ought to fight to the end over this”
More manipulative language. Frame things in terms of a fight between corporations and consumers, and a ‘fight to the end’.
Are you a ‘consumer’?
But more importantly, what is ‘this’? It seems like you are asking to fight over the belief that ‘Tech companies are trying to destroy the concept of product ownership’. I.e. divide people and exhort them to fight over an ideological claim you are making about intentions that you haven’t substantiated.
How about examining some of the technical issues instead of ideological rhetoric?
Here’s one: If the security features can be disabled, how can I trust a Mac I haven’t maintained custody of the whole time?
Here’s another: If people don’t want their computer software to come from Apple, they can buy something else. What is wrong with that?
I have to assume you neither own nor lease any Apple devices. Why are you trying to control what other people do?
Way ahead of you: https://news.ycombinator.com/item?id=25074959 https://news.ycombinator.com/item?id=25076588
> I have to assume you neither own nor lease any Apple devices.
This was a ludicrously bad assumption.
Stallman had a lot to say about this[1] over a decade ago.
It protects users, and it works well 99.9% of the time (actually, I am not aware of a previous outage of this system). So, why bother? It's been like this for a while, it is actually very useful to the vast majority of users, and Apple being Apple, even if they collected data, it wouldn't be up for sale like it would on a Google machine.
All the people saying they need to look for alternatives now that they found out that Apple is sending information about applications to its servers will need to think about this post. It's not like Apple is doing this to track users.
It should be at least five nines, preferably six nines. Anything less than that is absolutely inexcusable.
Can I please have a reference confirming this number
>"...It's not like Apple is doing this to track users."
And you of course have reliable inside source who can confirm this.
So no, they don't do it well.
Apple used this same argument when talking about security agencies - https://www.youtube.com/watch?v=BZmeZyDGkQ0.
You may trust them now. But what's to say they'll remain the good guys forever?
By that logic, what's to say Apple will remain the good guys forever?
If it's not astrptufing, I don't think I can understand the mindset of a consumer who feels the need to defend the world richest corporation from criticism.
It's the same as that Clinton comment about Trump voters being deplorables.
Insulting people won't change their mind, rather it entrenches their views.
Plenty of criticism of Apple itself, but that is not a criticism of their customers.
I agree fully with the author's characterizations of the dangers of disabling features or ignoring warnings, but I can't possibly agree with the conclusion that users should not be given a choice. So what if the user cannot understand the technical terms of a popup warning them about malware risk? How does that justify taking away their freedom to proceed anyway and run the program? The author's attitude is patronizing (and also intellectually dishonest as explained already by another commenter [1]).
There are lots of domains in life where we're out of our depth and make decisions anyway that might be dangerous, and we don't have anyone trying to hold or hand or to stop us altogether. Imagine you get into your Apple Car and plot a course on the GPS. The computer's voice says "there is a dangerous stretch of road on the plotted itinerary; please wait for your assigned Formula 1 driver to drive you to your destination". The car refuses to move no matter what you do. Half an hour later a small guy with a thick neck shows up, enters the car (because they've got the keys apparently) unlocks it so it can finally move and explains to you "oh yeah, a car fell down a cliff on that road back in 93". You complain about them not even apologizing for the delay. "You accepted the Terms and Conditions, didn't you?"
I get that the lack of freedom to run potentially malicious programs might be a feature, not a bug of Apple's systems. But I don't see them advertising it as what it is in practice. The notion of "false advertising" is well known and understood, but what about the notion of absence of advertising for a feature that might be unwanted to the point of making at least some potential buyers balk? Is there even a name for that?
Whether before the purchase of an Apple system or later at program startup time, the user should be able to make a decision as to whether to give Apple control of their computer in the fashion we've seen. All the necessary information and data should be provided to them. Whatever choice they make should be respected and they should not be judged for it, even if they did not understand the provided information. But the decision should not be made by some security nerd on a massive ego and power trip, imparting their enlightened guidance to "the lowest common denominator".
I'll just leave this here - https://stallman.org/apple.html
On my firefox browser both on the desktop and mobile it looks like a rather light grey on white background. That is just plain difficult to read and is just terrible UX.
By installing Candy Crush in every home user Windows hasnot made any amazing strides. In fact I would say windows 7/8/8.1 was far far better. What we have now? Candy Crush, Dumb Antivirus taking 20% CPU wasting unnecessary cpu time, Telemetry which sends data even if you opt out.
"I think the privacy arguments are far-fetched" Really?? Just because there are other bad players in market. Just because apple rivals/friends are doing bad thing doesn't mean you have to go and say privacy arguments are far-fetched. Clearly the article is just white washing of apple
No, but you can modify the code, add your own code..
My argument: sod off and let me decide what I want with my own hardware. Luckily I have no business case to deal with Apple products and as a private person I do not care what they do as I am not in their "ecosystem" or whatever they call it.
Since I only use Windows and Linux as desktop / server OS I am lucky not to be a victim of such tactics (at least for now). I know MS does collect telemetry but it is not known to be down to this level.
“ On November 12, 2020 Apple released macOS Big Sur. In the hours after the release went live, somewhere in Apple's infrastructure an Online Certificate Status Protocol (OCSP) responder cried out in pain, dropping to its knees, begging for mercy as load increased beyond what it could handle.”
