Apple OSes Are Insecure By Design To Aid Surveillance

HN discussion.

1 Like

Inclined to agree despite the conspiratorial tone tbh, since we have been saying these same things for a while.

Apple committed in writing a few major versions (i.e. ~3 years ago) to providing a preference setting for disabling online OCSP checks in macOS when I made a stink about it, within one year. Not only did this not happen within a year (a rare instance of Apple actually outright lying), but someone was kind enough to write me and tell me that Apple has edited the webpage to remove this promise. Presumably there are no plans to offer users ability to disable OCSP checking, which leaks which apps are being launched on your system, when you launch them.

Noted here: macOS Overview - Privacy Guides

However, I will note that Apple did switch to encrypted OCSP checks, so while they did lie about giving you the option to disable them, this is not an example of Apple “preserving unencrypted server connections” like the introduction of this article says, so it undermines the central point they’re trying to make a bit.

Furthermore, the E2EE for iCloud Photos is not designed to preserve privacy. Even though iCloud Photos now supports E2EE for the content of the photos and videos stored, the file metadata is not E2EE, and the metadata includes the FILENAME and also a unique hash of the unencrypted file content. This means that if you make a first-of-its-kind Winnie the Pooh meme and save it to your camera roll (hooked up to an E2EE-enabled iCloud Photos account), then send it via secure means (Signal, or in-person AirDrop, or whatever) to another person who has iCloud Photos enabled (also with E2EE) and they save it, Apple can see that you both have the same file, the only two people in the world with it.

Noted here:


Don’t forget about them blocking updates of sideloaded apps outside EU (among all the other mess they’re in right now), which just nukes their “caring about user security” claim

1 Like