Apple's disregard for security and privacy is mind-boggling

From Wiki
Jump to navigation Jump to search

I wish I hadn't been right a few years ago when I already got a bad feeling about where Apple was heading.

But it's official: It is no longer safe to use macOS.

I already got a bad taste in my mouth when Apple started a 2FA system (which had also become a requirement for a developer account) that either required one to use iCloud or get codes sent via text. Not only that sending one time codes via text is very much insecure, it's pretty much useless when you travel and switch SIM cards. I had never logged into iCloud and was not inclined to use iCloud for 2FA. When I mentioned to Graig Federighi that I thought that "Apple wants to push people to use iCloud, but if people don't want to do that they are only left with suboptimal security", he replied with "That's an unwarranted insult that falsely characterizes our motives." and never replied to any of my mails ever again. Right, so much for integrity.

The next step was to transform a professional OS called Mac OSX into an iOS clone - a system for people who only want to click a button to start an overpriced app that can only be installed from Apple's own AppStore. I don't even want to get into the fact that all email apps that use push notifications store your credentials on 3rd party servers and thus have full access to your emails.

Over the past years Mac OSX has become more and more buggy (macOS) and every new release was less professional than the one before. All new inventions had to do with iOS (e.g. Handoff, Auto-unlock, Sidecar), iCloud, or some usability nonsense - and locking people into their ecosystem.

The notarization scam was the next logical step to achieve total control of the market. So whatever app Apple didn't like did not get notarized and thus was deemed unsafe to run.

The latest OS Big Sur takes all this to a whole new level. Apple removed kernel extensions and now forces developers to use APIs for everything. Not to mention that Apple breaks a lot of APIs in every major release (which means every year).

So here's the real rub.

You don't have control over your own system and data anymore. Apple sends information to their servers every time you start an application. It's associated with your IP address, your installation id, and some other data - and it is sent in cleartext. Previously people could use a personal firewall like Little Snitch to prevent such behavior. Guess what. This is no longer possible, because the API that Apple provides does not give you access to system level processes. So Apple can do whatever they want with any of your data and you can't do anything against it. Apple processes even circumvent VPN software. This means that using your MacBook anywhere but your own home network is no longer safe. And even in your home network it is almost impossible to filter out all the traffic that macOS sends to Apple (and who knows to which other servers).

I think Apple's motives are now pretty clear to even the most ignorant user.

For more details, here's a great article by Jeffrey Paul: Your Computer Isn't Yours.