Hacker News new | past | comments | ask | show | jobs | submit login

Not sure what you mean by telemetry.

Apple asks you every time you upgrade OSX whether you want to send anonymous data to Apple and third parties. You just need to click no.




They also check app signatures for revocation at first launch (and maybe other times).

By the standards of modern disk and network, couldn't they download revocation caches the way they do with malware?


>By the standards of modern disk and network, couldn't they download revocation caches the way they do with malware?

The whole point is to check if a cert has been revoked. If you have an out of date cache, you'll falsely approve a cert that should be revoked. I'm not defending the system as a whole, but if you care about revoking authentication – which they clearly do – then a cache directly undermines that goal.

A malware hash doesn't get revoked, new ones just get added.


So update it every hour.

Or every time it feels the need to check a program, instead of asking about that program, it could ask for all revocations from the last day.


They are checking the certificate. Not app signatures.


The certificate can be (and is) hashed.


They send MUCH MUCH more than that - and you cannot opt out.

I think I've blocked 20 different processes from talking to apple.

Little Snitch helps - but we've seen where that's heading.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: