Hello!
Some vocal proponents and shills on the internet and in privacy community are trying to defend and heavily insinuate lies about Apple’s notarisation not being of any consequence, and claiming Linux does it, and is an ordinary acceptable thing.
There is also being thrown around a claim about Apple’s notarisation checks being a documented process. Documentation does NOT make a thing right or wrong, it just establishes the flowchart or algorithm of a process.
Major edit: bypassing firewalls/VPNs was totally intended for MacOS and not a bug or flaw: https://i.imgur.com/M1ZwlDC.png
CDNUUIDs sent with the OCSP server checks are sent in PLAINTEXT on the internet to Apple servers: https://i.imgur.com/Q2IhYqM.png
Apple apps apparently have ads served, needing to be blocked via LittleSnitch, since firewalls are automatically bypassed: https://twitter.com/_p9k_/status/1324415251308269568
Apple has apparently claimed to fix this spying and plaintext lack of security over the next year (screenshot): https://support.apple.com/en-us/HT202491
That is all, folks! Take care and stay away from such garbage corporations.
deleted by creator
You do not need to look at ethical stuff like Right to Repair, or overpriced scamming to know Apple is a scam company. Apple did this notarisation spying even in MacOS 10.15 not just now, but they took it to next level here.
deleted by creator
Good point, I just wanted to show how less effort you need to make to see Apple is pure evil. You start to look at Louis Rossmann’s channel, and he will get across most of the ethical points to anyone easily.
There are Apple shills on the internet and on Reddit already defending Apple, trying to show them in a good light versus Google Android or Microsoft Windows.
deleted by creator
deleted by creator
deleted by creator
deleted by creator
deleted by creator
From my understanding, it refers to you being the client target for the OCSP and certificate checks for the trusted party’s servers, where the ideally encrypted UUID is sent encrypted over to the trusted party’s servers.
Apple is sending your UUID as plaintext in this case, which many researchers have not mentioned. Something like a private encryption key, in layman terms for the trusted authority.
The horrible disaster that could happen is MITM attack, and someone disguises as Apple (public key) and pushes you a malicious root certificate and does bad things. This will simply result in distrust in the entire certificate signing system.
deleted by creator
