Apple, macOS 개인 정보 보호 문제에 대응하고 앱 실행 속도가 느린 이유 설명

newsroom 11/17 '20 posted 뉴스 IT

• Apple은 이제 'Mac에서 안전하게 앱 열기'지원 문서에 대한 업데이트에서 이러한 주장을 해결했습니다.

• 당사는 이러한 검사의 데이터를 사용하여 개별 사용자가 자신의 장치에서 무엇을 시작하거나 실행하는지 파악하지 않습니다.

• 공증은 서버 장애에 강한 암호화된 연결을 사용하여 응용 프로그램에 알려진 악성 코드가 포함되어 있는지 여부를 확인합니다.

• 소프트웨어가 손상되었거나 악성 소프트웨어에 서명하는 데 사용되는 개발자 인증서와 같은 이벤트로 인해 앱에서 사용하는 개발자 ID 인증서가 취소되었는지 확인합니다.

• 현재 Apple에서 사용하는 OCSP 프로세스 외에도 macOS Catalina 이상에는 맬웨어를 확인한 후 Apple에서 모든 앱을 공증하는 또 다른 프로세스가 있습니다.

• "이러한 검사의 데이터를 Apple 사용자 또는 장치에 대한 정보와 결합하지 않습니다.

Apple addresses Mac privacy concerns, promises new encrypted protocol [www.imore.com]

Potential Mac privacy concerns surface after server outages [9to5mac.com]

MacOS Big Sur Launch Overwhelmed Apple's CDN, Which in Turn Triggered a Bug in 'trustd' That Ground App Launching to a Halt [daringfireball.net]

Apple Responds to macOS Privacy Concerns, Explains Why Apps Were Slow to Launch [www.iphoneincanada.ca]

Apple defends the role of Gatekeeper after users canâ€™t open Mac apps [thenextweb.com]

Apple responds to Gatekeeper server issue with upcoming fixes [macdailynews.com]

Apple responds to privacy concerns over Mac software security process [www.theverge.com]

In wake of server outage, new Apple support doc details Gatekeeper privacy [sixcolors.com]

Apple addresses macOS privacy concerns, says better controls are coming in 2021 [mashable.com]

Apple promises to up security game following Gatekeeper issues [www.techradar.com]

Apple responds to Gatekeeper issue with upcoming fixes [techcrunch.com]

newest replies popular replies

Open Wiki - Feel free to edit it. -

11/17 '20 answered

OCSP facts, for the curious. After reading this, I’m unblocking https://t.co/f76WjC79JP. https://t.co/DwwTYPbjjv
— Coraline Ada Ehmke (@CoralineAda) November 15, 2020

This is the best writeup I’ve seen so far regarding the recent MacOS Big Sur concerns. TLDR: It seems fine.

Keeping an eye out for updates from others. Article here:https://t.co/mJ9JyBFUz8
— Techlore (@techloreistaken) November 15, 2020

I don’t see how this makes anything better? Sending a global unique hash of the developer certificate in the clear still allows both Apple to keep a log and anyone the power to snoop. This is fundamentally busted. Apple should send ban lists to the user. https://t.co/2gjIjHsAq8
— DHH (@dhh) November 15, 2020

It’s dangerous because it encourages people to abandon Apple’s malware prevention systems, which are VITAL. The pretext is some bullshit about “not owning your computer”, i.e. not having total control over everything the computer is doing.

Really? WELCOME TO FUCKING SOFTWARE
— Yoz Grahame (@yoz) November 14, 2020

No, macOS does not send Apple a hash of your apps each time you run them. https://t.co/olrOWexH3w
— Ian Betteridge ?? (@ianbetteridge) November 15, 2020

If you want to understand why Apple keeps checking apps on your machine, just watch a bunch of smart technologists loudly encourage you to change your software based on valid-sounding misinformation from a complete stranger
— Yoz Grahame (@yoz) November 14, 2020

An algorithm to guess with overwhelming probability which app someone is using when you observe a Mozilla cert OCSP request from a Mac:

Step 1: guess Firefox.
Step 2: there is no step 2.
— Matthew Green (@matthew_d_green) November 15, 2020

don't block https://t.co/2FDXgY6guj forever because apple uses it to check for revoked notarizations https://t.co/eY5aOirxu2
— yan (@bcrypt) November 12, 2020

The whole Apple ecosystem doesn’t really work if you don’t trust it. All the devices are connected, they would be potentially gathering incredible troves of information about health, location and interests. Apple keeps closing itself out of knowing these things all the time.
— alexlindsay (@alexlindsay) November 14, 2020

I'll be more polite. The blog post that sparked this hyperbolically overstates the impact, and still appears to believe Greenwald's terrible misreporting on PRISM. And brings up an unrelated Apple decision not to support e2e in a cloud service. And brings up Akamai for no reason.
— Eric Mill (@konklone) November 14, 2020

More on this. Apparently, Apple doesn’t learn which app you’re running, but they do learn who the developers are. I don’t find the difference significant in the general case. How long does Apple keep this data? I’m still getting creepy-crawlies. More transparency please. https://t.co/K4TtaKZmPf
— Tim Bray (@timbray) November 15, 2020

Hey Apple users:

If you're now experiencing hangs launching apps on the Mac, I figured out the problem using Little Snitch.

It's trustd connecting to https://t.co/FzIGwbGRan

Denying that connection fixes it, because OCSP is a soft failure.

(Disconnect internet also fixes.) pic.twitter.com/w9YciFltrb
— Jeff Johnson (@lapcatsoftware) November 12, 2020

"No, macOS does not send Apple a hash of your apps each time you run them. You should be aware that macOS might transmit some opaque information about the developer certificate of the apps you run. This information is sent out in clear text" https://t.co/wQzAopjCJX via @bcrypt
— Jon Evans (@rezendi) November 15, 2020

"Does Apple really log every app you run? A technical look": https://t.co/adNKukx5p2
good dive into what OCSP is actually (not) doing — there were some popular but misleading tweets about the topic (because story > facts)
also wikipedia on the protocol: https://t.co/zxeAyJydHh pic.twitter.com/u0sllenpPS
— Philipp Krenn (@xeraa) November 15, 2020

Some Apple apologism to start this weekend. https://t.co/G58U3quu24 - the recent #OCSP responder outage and the hysteria afterwards shows the tightrope Apple has to walk with respect to platform security.

I haven't done this in a while. Dusting off the blog. #Apple #privacy
— Phil Vachon (@pvachonnyc) November 14, 2020

The huge reaction to Paul’s blog post demonstrates what happens if/when Apple gets this wrong.

Imagine if it was Amazon. Sure, you would disapprove, but it’d be eye-roll number six in your morning coffee doomscroll.

When it’s Apple’s screw-up, it’s everywhere.
— Yoz Grahame (@yoz) November 14, 2020

“Safely open apps on your Mac” > “Privacy protections”

Adding:

• A new encrypted protocol for Developer ID certificate revocation checks
• Strong protections against server failure
• A new preference for users to opt out of these security protectionshttps://t.co/aTeE0yXw0T pic.twitter.com/kEPWgjxMZO
— Rene Ritchie (@reneritchie) November 16, 2020

Ah, we have reached the "_NSAKEY" portion of the "Apple is spying on you" story. https://t.co/23zwJn12ln
— Ed Bott (@edbott) November 16, 2020

here’s a write up of how this works: https://t.co/UZviamUIrt
— yan (@bcrypt) November 15, 2020

Good follow up from the article I tweeted yesterday: Does Apple really log every app you run? A technical look https://t.co/tmiinK5JjN
— Andree Toonk, Adelante! (@atoonk) November 15, 2020

Apple will introduce a new encrypted protocol for Developer ID certificate revocation checks in the next year https://t.co/hICSy16AWm
— iMore (@iMore) November 16, 2020

And then you realize that half the crappy, one-off scripts you’ve written could pass muster with Apple: https://t.co/AmRs6zzg3M
— Dr. Drang (@drdrang) November 14, 2020

Apple defends the role of Gatekeeper after users can’t open Mac apps (story by @Indianidle) https://t.co/ItEK1MVHJU
— TNW (@thenextweb) November 16, 2020

Apple responds to Gatekeeper issue with upcoming fixes https://t.co/QmB0ktp3tA
— John Rampton (@johnrampton) November 16, 2020

permanent link

Open Wiki - Feel free to edit it. -

11/17 '20 answered

OCSP updates: Apple stopped logging IP addresses, made the cache take longer to expire, won't associate data with individuals, and in the future, will make it opt-out and encrypted.

Still, we're at the point where every launch of a program is logged.https://t.co/WHSpPXELWk
— Michael Herf (@herf) November 16, 2020

Apple addresses macOS privacy concerns, says better controls are coming in 2021 https://t.co/DXg1gyxSgQ
— FutureShift (@futureshift) November 16, 2020

permanent link

Featured

Important Notice: Discontinuation of Our Wiki Service

Dear Valued Users,

We hope this message finds you well. We are writing to inform you of an important upcoming change to our services. After careful consideration and analysis, we have made the difficult decision to discontinue our wiki site, effective one month from 2024/04/30.

This was not an easy decision to make, as we understand the importance of the resources and community that have been built around our wiki. However, due to evolving market conditions and strategic realignments, we must redirect our resources and efforts towards other ventures that will allow us to serve you better in the future.

What This Means for You:

Access to Content: You will continue to have full access to all content on the wiki until the discontinuation date. We encourage you to save or migrate any content you wish to retain.
Final Date of Service: The wiki will become inaccessible starting 1st June 2024, after which all content will be permanently removed.

We are immensely grateful for the support and contributions of our user community throughout the years. The wiki is being retired, but our team will be back soon with new services and apps.

Thank you for being a part of our journey.

Warm regards,

editoy Inc.

Related

Featured