@mcol No. It just checks the publisher certificates for revocation (not application hashes), and only sometimes. Still gives data to Apple, but nowhere near as much.

@wizzwizz4 So this guy has got it wrong? Are the publisher certs like those for apps downloaded on iOS, meaning mac OS users can no longer run arbitrary binaries? If so, the identity of a publisher is still very close to what application is being run.

@mcol I think they're more like the system Windows uses for authenticating programs. You can only open programs whose publisher certificates have been approved by Apple (unless you right-click, which bypasses all the checks… for now), and Apple's just checking whether they've revoked the publisher's license.

@mcol This *doesn't* mean that Apple can see everything you do. It *does* mean they can basically see everything you have installed, but can't distinguish between, say, Firefox and Thunderbird. It also means they can remotely disable your software.

@wizzwizz4 Sure, but "User X is using Firefox or Thunderbird" is still pretty darn good compared to "User X is using Firefox", no?

@mcol True. But there's a hack: if everyone gets together and uses the same publisher certificate (I'm thinking the Document Foundation and the Tor Project, at least), that'll completely break their tracking.

@wizzwizz4 Yeah but that will absolutely 100% never happen, much like saying "we'd break this if everyone just stopped buying apple products". I don't know what the solution is, but hopefully those who do use apple products are being loud enough I suppose

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.