I’m not going to touch your other points, but you clearly have no idea how encryption works if you claim that any proprietary program using end-to-end encryption is insecure.
Comment on Apple watching & logging EVERY APP YOU OPEN [Louis Rossmann]
thann@lemmy.world 1 year agowhat is misleading exactly?
the part where every app you open gets sent to apple along with third parties along with your IP?
because I’m pretty sure that’s all 100% true, and I think its been true for over 5 years…
you’re just suggesting that because they do one thing well they do everything well, which is a fallacy.
Also, any proprietary program that does “E2EE” is misleading you by omitting the part where they could totally steal anyones keys at any time with the push of a button, if they haven’t already. it is completely laughable to suggest any proprietary E2EE program is secure!
so who is spreading the missinfo again?
xedrak@kbin.social 1 year ago
thann@lemmy.world 1 year ago
if you trust everything a sales person says, I have a bridge to sell you.
there is no reason to believe any proprietary program does what is says, and even if you decompile it and convince yourself its not sending your keys home, they could update it at any moment.
IDK where you get all of this trust from
Shareiff@lemmy.world 1 year ago
Take your meds lol
thann@lemmy.world 1 year ago
you might need to lay off the stupid pills bruh
xedrak@kbin.social 1 year ago
What you’re describing is possible in certain circumstances , but it would expose the companies to an insane amount of liability. Also, open source software can introduce vulnerabilities that could be exploited to do the same exact thing. Open source software is not inherently more secure. Remember that time malware was introduced to the Linux kernel directly as a research project?
steakmeout@lemmy.world 1 year ago
So in your view because anything could change everything will? How do you cross a road or drive or eat food or well anything at all?
You must be super paranoid and fearful.
thann@lemmy.world 1 year ago
no, its just an additional attack vector, having the code to inspect make validating updates much easier and more secure.
Im evaluating the security of the software I’m using? what are you doing casually excusing a massive security flaw? you must not look either way before crossing the street?
dohpaz42@lemmy.world 1 year ago
Misleading as to WHY macOS is phoning home. It’s done to validate that the developer of the app you’re attempting to run is a trusted developer. Disabling or bypassing this check would open users up to potentially malicious software. howtogeek.com/…/does-apple-track-every-mac-app-yo…
thann@lemmy.world 1 year ago
youre being misleading by saying why!
unless you were in the room, your speculation is as good as mine, and Im not saying why, Im just stating facts!
octalfudge@lemmy.world 1 year ago
I’m sorry but did you read the article l linked to or the TL;DR I lifted from the article?
They do not send the app you open to Apple, and there is no evidence they send it to third parties as the app information is not sent at all!
Nevertheless, they do send information about the developer certificate for notarization and gatekeeper checks.
support.apple.com/en-us/HT202491#view:~:text=Priv…
Quote:
We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.
To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.
In addition, over the the next year we will introduce several changes to our security checks: A new encrypted protocol for Developer ID certificate revocation checks Strong protections against server failure A new preference for users to opt out of these security protections
thann@lemmy.world 1 year ago
The fact that existed for years is the problem. the fact that execs signed off on this at all means apple is terrible for privacy
I read the article and the only pedantic detail that was wrong in the initial report was that gatekeeper didnt send the “appication hash” it sent the “applications certificate id” which is a worthless distinction and changes nothing. you’re acting like that somehow exonerates apple, and then just blindly believing what their PR person says. youd have to be a complete idiot or working for them to believe that crap.
Shikadi@wirebase.org 1 year ago
So they did one thing wrong and it means they’re terrible for privacy? Welp, guess I can’t have a phone because the alternative (Google) has a business model that depends on being terrible for privacy, and my work apps disallow custom ROMs.