Keep Squawking
Welcome
Today I'm remembering an episode that happened a few years ago. We are still a proud print publishing company, but, like most publishers, we deliver some of our copies in electronic form through content platforms available for personal computers and mobile devices.
Dear Reader,
Today I'm remembering an episode that happened a few years ago. We are still a proud print publishing company, but, like most publishers, we deliver some of our copies in electronic form through content platforms available for personal computers and mobile devices. One of those platforms at the time was Apple Newsstand, a virtual newsstand for iPhone and iPad devices. The user interface for Apple Newsstand looked just like a magazine shelf at a bookstore, with a picture of a bunch of magazine shelves. Then, if you purchased a magazine, an icon with the cover of the magazine appeared on the virtual magazine shelf.
The goal of Apple Newsstand was to be a perfect little replacement of a real neighborhood newsstand – you buy any magazine you want (from Apple), and all the magazines you buy line up along your own personal virtual newsstand. The international company I worked for back then had several magazines, and they submitted applications for their magazines to be on Apple Newsstand. Linux magazines? No problem. System administration magazines? Sure. Raspberry Pi and Drupal magazines? Of course. But when we submitted a request to sell an Android magazine, the application was quickly rejected. It turns out that Apple was banning anything that mentioned Android from their newsstand because Android was competing against the iPhone and (according to them), it was an inferior, copycat technology. In other words, Apple Newsstand was a perfect little replacement for a real neighborhood newsstand, except that it inhabited an imaginary universe in which Apple's enemies did not exist.
Apple could have argued that it was their store and they could sell whatever they wanted, but there is something a little disingenuous about that argument. Apple Newsstand wasn't just a store – it was the way to consume magazines on an Apple system. It was an integral part of an ecosystem that purported to present a virtual version of everyday life. Since then, several other browser-based magazine platforms have appeared, and Apple Newsstand has itself been retired in favor of newer tech, so it is difficult to compare it to the situation today, but at the time, it seemed a lot like the monopolistic practices of Microsoft back in the browser war days, when "control of the desktop" meant control of the complete user experience, only Apple wielded a much more powerful form of control. The episode reflects a common theme in the evolution of the electronic marketplace, in which the user voluntarily surrenders freedom and privacy for the chance to be the one who is seen dabbling with smooth and shiny technology.
Fast forward to this month, and a new chapter in this saga is playing out with Apple's new macOS 11.0 "Big Sur" system. A blog post by security expert Jeffrey Paul [1] outlines some of activities that Big Sur attends to in secret, including the fact that it "…sends to Apple a hash (unique identifier) of each and every program you run, when you run it." Paul adds that "Because it does this using the Internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, which allows for a table with the following headings: Date, Time, Computer, ISP, City, State, Application Hash…This means that Apple knows when you're at home. When you're at work. What apps you open there, and how often."
Of course, Apple and other vendors have been spying on their users for years, but the thing that is most striking about this, other than the sheer audacity of it, is that there doesn't seem to be any way to actually turn it off. (In the past, there was usually some way to suspend the surveillance if you really took the time and tried hard enough.)
Another weird thing that Paul and other security researchers have discovered is that even a VPN or user-controlled firewall can't stop your Mac from leaking this information to Apple. According to the report, if you intentionally configure your system to route all traffic through a VPN, it will use the CommCenter component (used for making phone calls) to maintain its own connection for sharing reports on your behavior.
Sometime after Paul's blog post appeared, Apple posted their own statement [2], saying that the app logging technology was a thing called Gatekeeper, which checks the developer ID signature to ensure that the app has not been altered by malware. Apple says "We have never combined data from these checks with information about Apple users and their devices." They don't offer any proof – you're just supposed to take their word for it. They also don't promise they will never combine the data in the future – just that (if you take their word for it) they aren't doing it now.
The way this privacy trampling works is that the vendor tries something, and if no one says anything, it becomes the new norm. If enough people squawk, they say "OK never mind…" and dial it back some. Perhaps in response to the negative feedback they have received so far, Apple has now stated that they will create a new preference setting sometime in the next year that will allow users to opt out of the Gatekeeper reporting feature. They still haven't explained why they thought it was reasonable that a computer configured to route all traffic through a VPN would continue to send information to the vendor through a secret backdoor – and what other information they might be sending in addition to the Gatekeeper data. We might have to keep squawking about that part.
Joe Casad, Editor in Chief
Infos
- "Your Computer Isn't Yours": https://sneak.berlin/20201112/your-computer-isnt-yours/
- "Safely Open Apps on Your Mac": https://support.apple.com/en-us/HT202491
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Gnome Fans Everywhere Rejoice for the Latest Release
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.
-
Armbian 24.11 Released with Expanded Hardware Support
If you've been waiting for Armbian to support OrangePi 5 Max and Radxa ROCK 5B+, the wait is over.
-
SUSE Renames Several Products for Better Name Recognition
SUSE has been a very powerful player in the European market, but it knows it must branch out to gain serious traction. Will a name change do the trick?
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.