Update: August 28, 2021 – After Apple announced they would be scanning your photos on device for CSAM content, Apple lied to us all and is spying on you. I am leaving this article here, however. Just beware, I don’t recommend that you use Apple products. They are spyware.
Yesterday, November 12, 2020, Apple released macOS Big Sur. However, it became apparent that Apple was having some problems. Big problems.
Apparently, Apple was having some problems keeping themselves online. It became obvious that people were having issues, not just with Big Sur, but Mojave and even Catalina. Apple’s Online Certificate Status Protocol (OCSP) URL (ocsp.apple.com) started rejecting connections and throwing errors which caused macOS to have issues. The most common was applications taking a long time to open up. This caused some concern, and some apparently took it to a whole 1984-esque level.
No, Apple isn’t going to censor apps
This is by far the most absurd claim I’ve heard.
Apple is going to tell you what software you can’t run!
These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.
Well, yes. Cryptography is complex – it’s a bunch of math that is way over my head. But let’s get one thing straight, if the CA signs the OCSP request, it’s a little bit like this:
And if OCSP has to check if a certificate is revoked, even if it’s signed, it still knows what site you opened. So why waste the CPU cycles?
These requests go to a third-party CDN run by another company, Akamai.
Akamai is Apple’s CDN provider. I’ve used them at a former employer to help ease the strain on our servers. There’s nothing wrong with this. Heck, CloudFlare is pretty much trusted and they provide the same services.
trustd, the daemon responsible for these requests, is in the newContentFilterExclusionListin macOS 11, which means it can’t be blocked by any user-controlled firewall or VPN.
This is just pure ignorance as to what trustd is and does. This is the daemon that is part of the Apple Notorizing service. It reports to Apple to check if the software is malware, not if you’re authorized to use it. This service is supposed to fail open, but clearly that didn’t happen yesterday. I expect a patch by Apple in the near future.
Also, if you blocked trustd, that would mean a piece of malware would be able to disable the security system meant to keep it from running. This is the equivelant of a theif cutting your phone lines to keep your alarm system from calling the police. Now, alarm systems communicate over cellular networks which is like protecting trustd.
So we’re going to ignore Windows, I guess
I’m going to wrap it up with this. Apple earned my trust when I saw how they stood up to the FBI in the San Bernardino shooting. The FBI wanted Apple to break their encryption and unlock a shooter’s iPhone. Apple, rightfully, told the FBI to get lost and if you want in, you need to find your own way in.
I’ll gladly pay over $600 for a iPhone and over $1200 for a computer because I know Apple has my back. First, they’re going to protect my data. Second, I’m not going to see a single ad in the OS. And any data about me, isn’t going to go to the advertisers if I don’t want it to. There’s a reason why Mark Zuckerburg is begging Apple to not go all privacy heavy.
Speaking of data…
“But muh data!” you scream as your MacBook Pro is unreparable and you’ve just lost all your data. I’m all for right to repair, but security isn’t meant to be convenient and if it’s convenient, it’s not secure. Using an iPhone or a MacBook is like operating entirely in Fort Knox. If someone could pull the data off my device, then that data was not secured to begin with.
“BUT MUH DATA,” you continue to scream into the void. “MUH WEDDING PHOTOS! MUH TAXES!”
Buy a hard drive, and run Time Machine. And anything extremely critical, encrypt it and back it up to the cloud. Or rotate Time Machine hard drives. And then place one in a bank safety deposit box, or a fire proof safe. Backups are insurance – you hope you never need it, but when you do, you’re glad you have it.
