If this unacceptable mess is "doing it well", perhaps the whole idea is doomed and should not be attempting to do it at all.<p>> It comes down to an argument of trust - do you trust Apple is acting in your best interests<p>No. I mean really very obviously no.<p>Neither Microsoft. Nor Google. Why would I assume any company would act in my interests when they have clear incentives to increase their profits and control by acting counter to them?<p>It's great that the author loves to exist within the limits and restrictions imposed by Apple, but don't expect me to go along with your Stockholm Syndrome and belittle me for differing.
The problem with the argument given is that it basically gives up to Apple because it thinks that the situation that Apple provides is the best default experience for the majority of users. It probably is, but the problem is that 1. Apple doesn’t really explain any of this stuff anywhere so a technical user may read about it and make an informed decision nor 2. do they really provide a way to alter the process to use someone who isn’t Apple: just because they are a good default shouldn’t mean they should be the only provider that your computer will ever trust. And I think 3. is anger that a system Apple put in place failed in an entirely foreseeable fashion and essentially knocked a bunch of people’s livelihoods offline without warning or explanation and people are sick and tired of their things breaking for opaque “security” reasons.
> there are a lot of folks reasonably asking if they can trust Apple to be in the loop of deciding what apps should or should not run on their Macs. My argument is - who better than Apple?<p>... The user?
I agree that app signing is good, but I disagree that we have to give in and accept the potential risks of fully trusting Apple. I think there is a practical middle way that protects non-technical users without usurping their privacy, and also a way to give same extra control to power users. I think it's fairly straightforward:<p>- instead of OCSP use CRLs or a better technique that allows MacOS to verify locally if a certificate is valid. This would preserve user privacy and wouldn't risk slowing down the user's computer in case things go wrong. It would also introduce slightly bigger risk because of the increase in the validity window, but I think that's a price worth paying. Regarding the size of the CRL's, there should be some cryptographic techniques like accumulators, bloom filters etc. that could improve the size.<p>- allow power users to add separate trust anchors in cases where they deem appropriate. The same way you go to Control Center to allow an app that was downloaded from the Internet to run, you could also be allowed to add another certificate from a developer you trust.<p>I think these 2 improvements could go a long way in restoring goodwill for Apple.
The article goes over the horrors of X.509, pulls the typical open source cliche that I actually don't see anybody spreading around, contrary to the article's claim, then argues that the privacy part is fine so long as there is a third-party audit. If the best thing the security community can do is install a global mass surveillance network of devices that come at every expense of users' computing freedoms, then I think these guys need to go back to the drawing board.
<i>>It comes down to an argument of trust - do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?</i><p>No, that's a completely false dichotomy. These are not alternatives at all. I can absolutely trust Apple to act in my best interests in some regards while distrusting them in others.<p>I do trust Apple to make a good effort to keep malware off my device, a better effort than I could ever hope to make myself. I do trust them not to spy on me to target ads.<p>But I also know that Apple has a business interest in keeping software off my device that is not malware. I don't trust them to act in my best interest where it conflicts with their best interest.<p>I also know that their interest in tightly controlling what software goes on my devices creates an opening for authoritarian governments to take control. If and and when end-to-end encryption gets banned, who decides whether or not I can still use Signal? Is it going to be me or is it going to be Apple?<p>This is definitely not a simple question of trusting Apple or not trusting Apple.
"I always advocate against opt-outs for security features like this"<p>The author conveniently overlooks the fact that customers pay literally thousands of dollars for Apple computers. We're not talking about a free online service here. This is why "you no longer own your computer" has so much traction. Shouldn't we own the devices that we buy?<p>The tech companies are trying to destroy the very concept of product ownership, and consumers ought to fight to the end over this. It's why "right to repair" is so important too.
> <i>It comes down to an argument of trust - do you trust Apple is acting in your best interests</i><p>Stallman had a lot to say about this[1] over a decade ago.<p>[1] <a href="https://www.gnu.org/philosophy/can-you-trust.en.html" rel="nofollow">https://www.gnu.org/philosophy/can-you-trust.en.html</a>
This is exactly my point of view on this. I've seen people complain about Apple on HN about this in all the other posts, but to be fair, this is actually a really good thing.<p>It protects users, and it works well 99.9% of the time (actually, I am not aware of a previous outage of this system). So, why bother? It's been like this for a while, it is actually very useful to the vast majority of users, and Apple being Apple, even if they collected data, it wouldn't be up for sale like it would on a Google machine.<p>All the people saying they need to look for alternatives now that they found out that Apple is sending information about applications to its servers will need to think about this post. It's not like Apple is doing this to track users.
Apple uses their authority to revoke certificates on macOS to further their own business interests in direct conflict with those of their users [1]. They have already demonstrated that they will abuse this trust, and use it to control what software people will use on their macs in a similar way as they do on iOS.<p>So no, they don't do it well.<p>[1] <a href="https://news.ycombinator.com/item?id=24190556" rel="nofollow">https://news.ycombinator.com/item?id=24190556</a>
I have trusted Apple with my phone for basically forever, but my work and personal computer going on the fritz made me seriously reconsider this relationship. I do not want my laptop to be like my cell phone. I frequently write crappy programs on my computer, and I've been totally fine with the earlier implementation of warnings unless you navigate to the application directory and explicitly open it and accept the warnings. As per the question, "Who better than Apple?", I wanna do bad all on my own. I do not have the technical ability to make a Linux laptop as good in terms of industrial design or hardware responsiveness (the touchpad on the laptop and the desktop version are the best user input devices ever for me), and that is what keeps me on their products. Otherwise, I'd be full time Linux again. I'm so confused as to whether or not to jump ship, and I feel like if I do I will be walking the plank
This argument assumes that companies are unchanging. Apple will never become greedy and use their increased control to raise prices, never stop caring about security and only use the system for market control, etc.
The Apple defenses are all over HN today. Honestly feels like astroturfing after the OCSP fiasco.<p>If it's not astrptufing, I don't think I can understand the mindset of a consumer who feels the need to defend the world richest corporation from criticism.
>I always advocate against opt-outs for security features like this [...] Because most users are not capable of evaluating the impact of opting out of a security process.<p>I agree fully with the author's characterizations of the dangers of disabling features or ignoring warnings, but I can't possibly agree with the conclusion that users should not be given a choice. So what if the user cannot understand the technical terms of a popup warning them about malware risk? How does that justify taking away their freedom to proceed anyway and run the program? The author's attitude is patronizing (and also intellectually dishonest as explained already by another commenter [1]).<p>There are lots of domains in life where we're out of our depth and make decisions anyway that might be dangerous, and we don't have anyone trying to hold or hand or to stop us altogether. Imagine you get into your Apple Car and plot a course on the GPS. The computer's voice says "there is a dangerous stretch of road on the plotted itinerary; please wait for your assigned Formula 1 driver to drive you to your destination". The car refuses to move no matter what you do. Half an hour later a small guy with a thick neck shows up, enters the car (because they've got the keys apparently) unlocks it so it can finally move and explains to you "oh yeah, a car fell down a cliff on that road back in 93". You complain about them not even apologizing for the delay. "You accepted the Terms and Conditions, didn't you?"<p>I get that the lack of freedom to run potentially malicious programs might be a feature, not a bug of Apple's systems. But I don't see them advertising it as what it is in practice. The notion of "false advertising" is well known and understood, but what about the notion of absence of advertising for a feature that might be unwanted to the point of making at least some potential buyers balk? Is there even a name for that?<p>Whether before the purchase of an Apple system or later at program startup time, the user should be able to make a decision as to whether to give Apple control of their computer in the fashion we've seen. All the necessary information and data should be provided to them. Whatever choice they make should be respected and they should not be judged for it, even if they did not understand the provided information. But the decision should not be made by some security nerd on a massive ego and power trip, imparting their enlightened guidance to "the lowest common denominator".<p>[1] <a href="https://news.ycombinator.com/item?id=25093906" rel="nofollow">https://news.ycombinator.com/item?id=25093906</a>
> It comes down to an argument of trust - do you trust Apple is acting in your best interests, or do you believe they're a malevolent entity?<p>I'll just leave this here - <a href="https://stallman.org/apple.html" rel="nofollow">https://stallman.org/apple.html</a>
Can this site maybe consider specifying a better contrasting font colour between the text and the background?<p>On my firefox browser both on the desktop and mobile it looks like a rather light grey on white background. That is just plain difficult to read and is just terrible UX.
"Windows has made amazing strides, bounding past controls afforded by other OSes, providing a great deal of simplicity for users while focusing on verifying who compiled code that is running on a user's PC"<p>By installing Candy Crush in every home user Windows hasnot made any amazing strides. In fact I would say windows 7/8/8.1 was far far better. What we have now? Candy Crush, Dumb Antivirus taking 20% CPU wasting unnecessary cpu time, Telemetry which sends data even if you opt out.<p>"I think the privacy arguments are far-fetched"
Really?? Just because there are other bad players in market. Just because apple rivals/friends are doing bad thing doesn't mean you have to go and say privacy arguments are far-fetched. Clearly the article is just white washing of apple
Irony that this shares the front page with Apple's firewall sploit today.<p><a href="https://news.ycombinator.com/item?id=25095972" rel="nofollow">https://news.ycombinator.com/item?id=25095972</a>
This reminds me of Stripe, which logs every action of a user on any webpage (even non-checkout pages), in the name of fraud detection. Not sure what to think of it, but I would turn it off if I could.
>Finally, there's the open source argument - if I have the code, build the code, nothing can hide in the code<p>No, but you can modify the code, add your own code..
> "there are a lot of folks reasonably asking if they can trust Apple to be in the loop of deciding what apps should or should not run on their Macs. My argument is - who better than Apple?"<p>My argument: sod off and let me decide what I want with my own hardware. Luckily I have no business case to deal with Apple products and as a private person I do not care what they do as I am not in their "ecosystem" or whatever they call it.
This article must have been written before this week's spectacular meltdown in Big Sur, which resulted because Apple emphatically <i>did not</i> handle application trust well.