Welcome to the Utopia Forums! Register a new account
The current time is Mon Nov 23 10:41:46 PST 2020

Utopia Talk / Politics / Your computer, part of US spying program
Paramount
Member
Sun Nov 15 08:17:37
Your Computer Isn't Yours

It’s here. It happened. Did you notice?

I’m speaking, of course, of the world that Richard Stallman predicted in 1997. The one Cory Doctorow also warned us about.

On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read, without a log of your activity being transmitted and stored.

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.

Because it does this using the internet, the server sees your IP, of course, and knows what time the request came in. An IP address allows for coarse, city-level and ISP-level geolocation, and allows for a table that has the following headings:

Date, Time, Computer, ISP, City, State, Application Hash

Apple (or anyone else) can, of course, calculate these hashes for common programs: everything in the App Store, the Creative Cloud, Tor Browser, cracking or reverse engineering tools, whatever.

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often. They know when you open Premiere over at a friend’s house on their Wi-Fi, and they know when you open Tor Browser in a hotel on a trip to another city.

“Who cares?” I hear you asking.

Well, it’s not just Apple. This information doesn’t stay with them:

These OCSP requests are transmitted unencrypted. Everyone who can see the network can see these, including your ISP and anyone who has tapped their cables.

These requests go to a third-party CDN run by another company, Akamai.

Since October of 2012, APPLE IS A PARTNER IN THE US MILITARY INTELLIGENCE COMMUNITY’S PRISM SPYING PROGRAM, which grants the US federal police and military unfettered access to this data without a warrant, ANY TIME THEY ASK FOR IT. In the first half of 2019 they did this over 18,000 times, and another 17,500+ times in the second half of 2019.

This data amounts to a tremendous trove of data about your life and habits, and allows someone possessing all of it to identify your movement and activity patterns. For some people, this can even pose a physical danger to them.

Now, it’s been possible up until today to block this sort of stuff on your Mac using a program called Little Snitch (really, the only thing keeping me using macOS at this point). In the default configuration, it blanket allows all of this computer-to-Apple communication, but you can disable those default rules and go on to approve or deny each of these connections, and your computer will continue to work fine without snitching on you to Apple.

The version of macOS that was released today, 11.0, also known as Big Sur, has new APIs that prevent Little Snitch from working the same way. The new APIs don’t permit Little Snitch to inspect or block any OS level processes. Additionally, the new rules in macOS 11 even hobble VPNs so that Apple apps will simply bypass them.

@patrickwardle lets us know that trustd, the daemon responsible for these requests, is in the new ContentFilterExclusionList in macOS 11, which means it can’t be blocked by any user-controlled firewall or VPN. In his screenshot, it also shows that CommCenter (used for making phone calls from your Mac) and Maps will also leak past your firewall/VPN, potentially compromising your voice traffic and future/planned location information.

Those shiny new Apple Silicon macs that Apple just announced, three times faster and 50% more battery life? They won’t run any OS before Big Sur.

These machines are the first general purpose computers ever where you have to make an exclusive choice: you can have a fast and efficient machine, or you can have a private one. (Apple mobile devices have already been this way for several years.) Short of using an external network filtering device like a travel/vpn router that you can totally control, there will be no way to boot any OS on the new Apple Silicon macs that won’t phone home, and you can’t modify the OS to prevent this (or they won’t boot at all, due to hardware-based cryptographic protections).

Update, 2020-11-13 07:20 UTC: It comes to my attention that it may be possible to disable the boot time protections and modify the Signed System Volume (SSV) on Apple Silicon macs, via the bputil tool. I’ve one on order, and I will investigate and report on this blog. As I understand it, this would still only permit booting of Apple-signed macOS, albeit perhaps with certain objectionable system processes removed or disabled. More data forthcoming when I have the system in hand.

Your computer now serves a remote master, who has decided that they are entitled to spy on you. If you’ve the most efficient high-res laptop in the world, you can’t turn this off.

Let’s not think very much right now about the additional fact that Apple can, via these online certificate checks, prevent you from launching any app they (or their government) demands be censored.

http://sneak.berlin/20201112/your-computer-isnt-yours/


Everyone should really start to use hardware and software that the USA doesn’t want you to use – Huawei. Huawei refuse to open up backdoors to the lying thieving American government.

Asia also needs to develop a secure OS for laptops and desktops that people can use instead of the American spyware.
Habebe
Member
Sun Nov 15 08:27:25
Yeah, Because the Chinese government is super pro privacy....

Why wouldn't you want a Euro OS?
Paramount
Member
Sun Nov 15 08:34:55
I’m gonna develop my own OS and build my own computer.
Daemon
Member
Sun Nov 15 08:39:42
Para I will buy it!
Rugian
Member
Sun Nov 15 08:43:00
Apple

Lol
jergul
large member
Sun Nov 15 08:46:05
Habebe
Using software and hardware from a privat company in a neutral company bolsters barriers that protects us from government scrutiny.

The move to block Huawei is about how it blocks state back doors. I have always said this.

Its not about China gaining access. Its about the US losing access.

Paramount
Member
Sun Nov 15 08:46:38
So how does one build an OS? How do they do it?

I know some BASIC, like creating a loop:

10 Print ”Hello”
20 Goto 10

But how do I take this further and develop it into a complete and secure OS?
jergul
large member
Sun Nov 15 08:46:39
neutral country*
Rugian
Member
Sun Nov 15 08:48:24
"Huawei"

"Private company"

Pick one.
chuck
Member
Sun Nov 15 08:49:18
Para: http://puri.sm/products/librem-15/

If you can deal with running Linux while you write your own OS.
Paramount
Member
Sun Nov 15 08:55:23
Thanks. Linux might be an OS to consider. I’m getting fed up with Apple.
Habebe
Member
Sun Nov 15 09:05:29
Linux is great. Now Jergul will argue against that for basic use Id recommend Ubuntu.
jergul
large member
Sun Nov 15 09:18:47
Ruggy
Much as I enjoy rants about the military-industrial complex and unsavoury ties between government and privat industry, I fail to see why you think Huawei should be singled out.
Rugian
Member
Sun Nov 15 09:23:11
China does not have a private sector in the sense that it is understood by the West. All companies are considered to be subject and answerable to the CCP.

Please stop trying to project Western values on non-Western authoritarian shitholes. Cultural imperialism is a bad thing after all.
chuck
Member
Sun Nov 15 10:02:56
> But how do I take this further and develop it into a complete and secure OS?

If you want to write your own OS, it helps to be a schizophrenic programmer with 10 years of spare time:

http://en.m.wikipedia.org/wiki/Terry_A._Davis

There are guides to writing your own OS out there, but what computer scientist types call an OS is much more limited than what users think of as an OS, which is really an OS + a desktop environment + a window manager + libraries for networking + device drivers + probably a compatibility layer if you want to run programs not built your OS (like how Windows' WSL1 worked for running Linux binaries)
chuck
Member
Sun Nov 15 10:14:26
As an example of what you'd actually be writing when writing an OS:

http://web...in/cs140-spring20/lectures.php

Process scheduling, memory management, providing a filesystem API for programs to do input/output. Much more concerned with providing a sane abstraction of the hardware for programs to interact with than "it's everything else happening before I run Google Chrome", which is what is usually marketed as an OS.
Paramount
Member
Sun Nov 15 10:37:49
I think I will just stick with Ubuntu :) Gonna buy me a PC laptop.

Will an Acer or similar do? The Librem 15 is maybe more secure?
Habebe
Member
Sun Nov 15 14:40:50
Ubuntu requires no special skills other than basic use knowledge, my parents can use Ubuntu. I would argue its actually easier to use than modern windows.I havnt liked Microsoft OS since ME personally.

Now when I get high I'll dabble into Kali.
jergul
large member
Sun Nov 15 18:07:26
Ruggy
All companies using US currency in some part of their business serve at the pleasure of your president.

And you would have us worry about some abstract, theoretical string that for some reason compells you to think Huawei is under state control.

habebe
Member
Sun Nov 15 18:12:35
Huawei is the CCP what Maralago is to Trump.
habebe
Member
Sun Nov 15 18:12:36
Huawei is the CCP what Maralago is to Trump.
jergul
large member
Sun Nov 15 18:24:22
Huawei is to China what Huawei is to the USA.

You are the ones trying to compel it to your will after all.
obaminated
Member
Sun Nov 15 21:21:54
dont worry guys, i have definitely filled up their memory bases with the amount of porn ive watched in the past 6 months.
earthpig
GTFO HOer
Sun Nov 15 23:13:15
I've got one work-related program that's windows only. After I migrate from that, probably in the next year or two, I'll be back on Linux like I was when in college etc.
earthpig
GTFO HOer
Sun Nov 15 23:23:46
Paramount -- http://www...e-ubuntu-look-like-mac-5-steps

After you've been in linux-land for a year or 3 (Spin an ubuntu distro just for your own use at some point, see f. ex. "Masonux" which you can still fine on Google as an artifact, over a decade old at this point)...

...If you ever REALLY want to know what a functional computer is comprised of, build an Arch system up from the command line.

https://wiki.archlinux.org/index.php/Arch_Linux

It's like building a car or a house from parts. No, you didn't machine each piston, or window pane, from scratch ("I want to program my own OS!"), but you fit them all together, and that ain't nothing.
earthpig
GTFO HOer
Sun Nov 15 23:24:46
*find
Nimatzo
iChihuaha
Mon Nov 16 03:18:07
Does building an Arch system require coding?
earthpig
GTFO HOer
Mon Nov 16 03:33:10
Nima:

No, it does not. But it does require reading, understanding, and following instructions. You have to actually want to own your computer.

My first install went off on the first attempt.

But Arch would be a horrible suggestion for a first swing at the Linux/Unix world. Ubuntu is best for that.
earthpig
GTFO HOer
Mon Nov 16 03:36:18
After I left the Arch world and went back to the Ubuntu world, I would still always reference the Arch Wiki. It's the best wiki for Linux, bar none.
earthpig
GTFO HOer
Mon Nov 16 03:52:32
I bet my ubuntu forums profile is still vaguely impressive. Same handle as here, I think.
jergul
large member
Mon Nov 16 06:22:53
Para
You would be fine with Ubuntu. Swedes are mini germans. Following orders suits (even the contrarian german anarko syndicalists simply do the opposite of their natural inclinations, so validate the befahl mentality that way).

80 generations of feudalism is a bitch. Long enough for form human souls in a Darwinist sense.
jergul
large member
Mon Nov 16 06:28:27
You see? That is what the end of the Trump presidency allows. Norwegians and Swedes can revert to insulting each other again. Though to be fair, that last insult on Darwinist principles is good for most everyone of European descent save that lucky single country without a feudalist tradition.
Paramount
Member
Mon Nov 16 07:27:12
I don’t mind being a mini German.
Habebe
Member
Mon Nov 16 07:57:38
Jergul, No insults about linux being for kids?
jergul
large member
Mon Nov 16 08:55:49
Para
God, no. The importance of play at any age cannot be overstated.
Nimatzo
iChihuaha
Tue Nov 17 08:43:26
Thanks Mason. Seems like an interesting little project.
Daemon
Member
Tue Nov 17 10:24:07
More on spying:

http://www...y-location-data-xmode-locate-x

"The U.S. military is buying the granular movement data of people around the world, harvested from innocuous-seeming apps, Motherboard has learned. The most popular app among a group Motherboard analyzed connected to this sort of data sale is a Muslim prayer and Quran app that has more than 98 million downloads worldwide. Others include a Muslim dating app, a popular Craigslist app, an app for following storms, and a "level" app that can be used to help, for example, install shelves in a bedroom."
[...]
jergul
large member
Tue Nov 17 10:27:37
The level app can be used to help, for example, positioning a mortar.
Dakyron
Member
Tue Nov 17 10:29:36
This is why I use a 10 year old phone with no apps installed on it.

Sure, now I'm unable to look at a menu at most restaurants or buy tickets to a sporting event, but the government also cannot track me.
show deleted posts

Your Name:
Your Password:
Your Message:
Bookmark and Share