Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> getting updated security signatures

AKA phoning-home to Apple what apps you launch in realtime, in an unencrypted manner visible to your ISP/hotel/government too.

It also connects to all of that crap even if you have LS off, analytics off, iCloud/FaceTime/iMessage/AppStore off, et c.

Press F8 and your serial number gets transmitted to Apple.



I guarantee you there are no unencrypted communications going to Apple.


Hostname: ocsp.apple.com

IP Addresses: 2600:1402:e::b833:965b

  2600:1402:e::b833:9661

  2600:1402:e::b833:9669

  2600:1402:e::b833:966a

  + 17  more
TCP Port: http (80)

Protocol: TCP

Connected: no

Connects: 0 allowed, 7,359 denied

First Activity: 2/11/21, 22:20

Last Activity: 5h 29m ago

Yea sorry, sneak's right, it's still going port 80.


Perhaps I'm wrong. I thought encrypted checks came out with Monterey?

https://support.apple.com/en-us/HT202491 (bottom)

What data is actually going over OCSP? I thought it was only ever checking for revocation and not actually sending app data, and I believe only ever happens when you want to take an app out of quarantine versus every app launch. You can always disable gatekeeper if you so please.


It does check for revocation. Using the developer's unique certificate ID, which, for the vast majority of developers, uniquely identifies an app. Over unencrypted HTTP.

OCSP over unencrypted http has not yet been replaced. I believe that the constellation of apps (identified by proxy by their developer IDs which are transmitted) can in a lot of cases uniquely identify a system, given a sufficient number of apps installed/used.


Wanna bet? Apple still hasn't yet made good on their promise of encrypting OCSP (the making of which I would like to believe is my fault).


the making of which I would like to believe is my fault

How so?


https://news.ycombinator.com/item?id=25078034




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: