I skimmed that list, and Devil's Advocate; It seems like most of that is functional, stuff that they want to update in the background to make sure you have a better experience when you're back?
On the flip, I guess we think Apple is up to something shady? My last understanding was that they were firm they didn't sell user data. Did this change?
I'd wager Windows does something similar. Linux distros may do it, but also may not since they may not be obsessed with happy eyeball problems and user perception of speed/latency.
It's important to note that, generally speaking, Linux software does not come with default-enabled telemetry, and for those that do, distros like Debian will routinely patch out phoning home and telemetry from the software they package.
Now install Spotify, VSCode, Steam for Linux and you will see the same kind of chatter with backend services.
Some of us would call this a feature. I am quite happy to have control over my computer and the data on it without having to trust third party cloud services.
- Cloud Drive
- Up to date Weather/News
- Malware checks
- System update checks
- Push Notifications
and more.
Before you say "I don't care about News", sure but lots of people do and everyone has a different subset of the network-traffic-causing features. Yes, this means many things are "on by default" but, again, that's what the average consumer wants. HN is a completely different crowd with, sometimes, different wants/needs as compared to the average user.
"What about the news widget?" I find it difficult to believe the average user even remembers the news widget exists in Mac OS since it's hidden away in a non-obvious panel.
The most compelling cases for phoning home are OS updates and Drive like services, but at the end of the day this should all be easy to disable should the user want to.
> HN is a completely different crowd
Yes, HN is filled with the very worst kind of techbros who regularly defend bad practices under the guise of saving the average consumer from themselves.
yes this. learning about the user-aligned patching in debian's chromium made me feel like I had made the right choice with desktop linux
My understanding is they have a long term relationship with Google worth about $20 billion a year. Other than money, does anyone really know the full extent of what they exchange?
Maybe this doesn't technically count as "selling" your data but it certainly counts as selling access to something important to Google --- which most likely, ultimately involves your data.
In other words, I don't believe Google pays them $20B to help maintain user privacy
There is very little go on beyond general mistrust when it comes to belief that Apple might be selling customer data. Make no mistake, Apple spies on its users almost just as much as other tech companies. The difference looks to be that Apple keeps it all to themselves.
>I have been trying to minimize to the extent possible the reach of big tech into my life.
I don't think this goal is possible, or worthwhile, on a big tech offering like a Mac + macOS. It can certainly be tried, but the user needs to be prepared for unforeseen consequences, and the override of the settings. It is like plugging in the ears to have a quieter life, in the middle of a metropolis. In the end, the context won't change. The direction of the platforms are clear, and the zeitgeist is bigger than all of us. The first option with a real impact is leaving the ecosystem.
Although, blocking some domains could be a good first step towards that. Rome wasn't built in a day.
There are a lot of Apple services that get contacted because they can be contacted, not because they need to be. For example, I don’t use Home/HomeKit but it phones home to Apple several times a day if I allow it. The same with Apple News, Weather, etc.
You can prevent this in various ways but not out of box.
It’s possible to run macOS without an Internet connection. I value this, but it’s impractical and unnecessary for most people and most environments.
Personally I choose to trust them. My trust is not blind, and they could lose my trust very quickly. But as it stands right now, they have my trust.
If you say that you don’t trust Apple, I don’t see how you could tolerate running any of their software. Relying on an operating system made by a company I don’t trust seems wildly irresponsible to me.
That's so obviously a false dichotomy.
But if you think that trust itself is a false dichotomy, I’d love to hear what that sounds like. I’m struggling to think of a good faith steel-man of this assertion.
There are obviously levels of trust. I'm truly baffled that you're struggling with this.
Your trust in a person, or a company, can increase or decrease over time. You can trust someone with some tasks but not with other tasks. Again, this is so incredibly obvious, I'm not sure why I have to point it out.
I arrived on the same conclusion as you, that you cannot really selectively accept a service provider. Because of the nature of the ongoing relationship, posture evaluation would need to happen on every interaction, which is improbable. I don't think we can evaluate every update. So really, it's either trust, or no trust. No sense to lull ourselves into anything else.
I personally solve this for myself with compartmentalization. For example, I loathe Windows, but I use an LTSC edition of it for gaming, and only gaming. I don't trust them with my "life", so it doesn't get access to my data, just games.
That's one way to view it.
One might also view the large number of Apple-owned domains here as evidence that Apple's infrastructure is a sprawling mess, and reduce trust accordingly.
I'm sure some fat can be trimmed, and it may not all be user-centric, but a lot of this had to do with the expectations users have these days with the data being always up to date, instantly available, and proactive about alerting them to things they may want to know about, like rain coming to your area in 30 minutes.
One of my big pet peeves is when I pick up my phone in the morning, go to open an app, and it starts updating, so I need to wait for the download/install. It just had 8 hours on a charger to do that, and instead it seems to wait until it's taken off the charger and unlocked. With auto-updates on, I'd much rather this happen when placed on the charger and inactive, than actively in use and off the charger. The same can be said for a lot of things on the desktop.
This ends up mostly being a question of transparency and user control. Which then becomes a question of how much time/money to they invest in features for 1% of users? Now how much time do they invest in those same features when the 99% will stumble in there, turn a bunch of stuff off, then call support and ask why their weather widget isn't updating?
* Windows is a spyware machine - how can anyone use it? Year of Linux baby!
When Apple has telemetry:
* It's working as expected.
So... to be fair, is there a thorough comparison of the two? How are they the same, and how are they different?
https://support.apple.com/en-ge/guide/security/sec59b0b31ff/...
This Quora claims otherwise: https://www.quora.com/How-can-we-unlock-our-iPhones-if-we-fo...
``` A randomly generated UID is fused into the SoC at manufacturing time. Starting with A9 SoCs, the UID is generated by the Secure Enclave TRNG during manufacturing and written to the fuses using a software process that runs entirely in the Secure Enclave. This process protects the UID from being visible outside the device during manufacturing and therefore isn’t available for access or storage by Apple or any of its suppliers. ```
That’s way off the mark from reality. You can look at Advanced Data Protection. It’s not enabled by default for the sake of convenience, but it’s an option available to the users.
Are you saying that Apple still has the keys when Advanced Data Protection is turned on? And has access to the covered data even though they say the keys are only on the trusted devices?
why does an os need to hit the internet AT ALL to work? osx doesnt of course
Does it actually need to hit these to work?
That sounds like telemetry?
Inside of those settings could be options to enable/disable telemetry, sure. But also push notifications, weather updates, virus definition updates, etc.
Here, the top-voted comment is OK with Apple software phoning home, but there's no evidence they are not equally OK with Microsoft software phoning home, so I'm contrasting this popular opinion with another popular opinion elsewhere.
Here's one example from a different user, where Microsoft is described as "the big daddy of spyware."
https://news.ycombinator.com/item?id=22246187
See also this sibling top-level comment from today:
Yes the person further up in this thread lists features other then telemetry, but that's literally the double standard. It's also did telemetry, just like windows does. Did you unironically think windows phones home only for telemetry, and not for various features too?
Because the article you're commenting on lists telemetry requests.
Your comment makes straight up no sense.
But otherwise, you get constantly nagged to get iCloud and also sometimes for their media and gaming subscriptions
Finally, what people for some reason ignore: Apple has been an advertisement company ever since their app store became the majority share of their revenue.
Also, no, Apple makes nowhere close to a majority of its revenue from its App Store (source: https://www.visualcapitalist.com/charted-how-apple-makes-its...)
51% are iPhone sales 9% are wearables and home device sales 8% are Mac sales 7% are iPad sales
A portion of the 25% that make up services and subscriptions is advertising, in addition to Apple Music, iCloud, Google’s search default payment (20B/yr), etc.
Apple makes less than 5% of its revenue from advertising
I still believe that to be true, as you're splitting the advertisement revenue - in my opinion, all app store revenue is related to their advertisement business.
From my perspective, only counting the money that went into the advert itself is misleading, as the store itself is what the adverts are shown on.
If it was a more general advertisement network I'd agree with your splitting though.
I’m a shareholder, I read the reports. Apple make 70%+ of their revenue from direct device sales (no one else comes close to them)
I'm not saying that the numbers are false, but apple can ultimately freely choose how to categorize their revenue itself.
From my point of view, their advertising revenue inherently cannot be split from their app store revenue.
It's akin to me saying "I've only spent $50 on groceries yesterday", but omit that the actual cost was $100 because of added fees and taxes.
It's still technically correct, and a bookkeeper will categorize it as such, but it also incredibly misleading.
I hold that opinion because in the apple ecosystem, the customer journey doesn't end with the advertisement. Every successful capture inevitably ends with more revenue via their 30% cut.
And btw, I'm technically a shareholder too - though only in the low thousands (value, not #), so prolly a lot less then you ( • ‿ • )
But yes, Year of the Linux Desktop, baby!
Any push service works this way. The client contacts the server to be updated. The server gives a no data or a data response. The server cannot magically contact the client.
For better or worse, a lot of things on the Internet now assume that only "servers" can accept incoming connections, and therefore anything that needs to be "sent" to clients needs to be done by making the client poll a server over and over. True P2P apps (with no intermediary server) are pretty rare now, for a variety of reasons: some good reasons, some stupid reasons.
I was under the impression it was all polling if you go down far enough, but at least because of central registration the phone only needs to poll one single pubsub service instead of a separate server per subscription.
Could be wrong though?
That’s the end-to-end principle. Each host on the Internet is fully capable of listening on a socket and doing whatever its owner wants it to do.
The issue is when firewalls prevent incoming traffic, and when NAT prevents a host from even being on the internet. There’s not really a good reason for NAT with IPv6, but there are some good reasons for firewalls. They mostly boil down to human imperfection. The developers of one’s OS and software are imperfect, so the fact that a laptop sitting in Dallas can be probed by other computers in Frankfurt or Maseru thousands of times a second is an issue: a single bug will make one’s computer, and all its data, vulnerable. And users are imperfect, too. One might misconfigure one’s computer, and accidentally expose a service to the world.
There could be some approaches to mitigate these issues, but we’re probably stuck with firewalls forever. Which is really kind of sad.
As far as I know, this is still what push notifications are built upon for an idle/sleeping device.
Carrier infrastructure knows which tower you last connected to, instructs that specific tower to broadcast a message telling your phone to wake up and fetch the remaining 80% of the notification content (the sms bit is usually just enough for your device to learn the UUIDs of the notifications)
(/s for those who need it)
Privacy vise this is an issue and the reason that messangers like signal and matrix would use their own services on android. However this reduced battery runtime by a good margin and android and ios get more aggressiv at killing background tasks each os iteration.
To make things worse, push notifications for matrix and signal where unrealiable, because manufacturers like oneplus, oppo and some others where killing all the background tasks against specification to win the influencer battery tests.
If regular users don’t think about these things, it’s because they’ve never thought about these ideas at all. If they did, and they are able to think, they should come to the conclusion that a 3rd party is necessary in some form.
The problem with Apple is that __anyone__ sits in a 1% group of users in one way or the other. But they try to make a one-size-fits-all product.
This is in contrast to Linux where everybody can do whatever they like, and most things are opt-in rather than opt-out.
This is no different with Linux. How many Linux users use a desktop environment as-is without any plugins or tweaks? How many Arch users don’t have a single package from the AUR?
There are tools like Little Snitch on macOS to monitor and block all kind of network traffic.
Note that this holds for many other products too. So if you don't mind Apple invading your privacy, you should not complain about Meta, Google, your car, etc.
I'm unaffiliated with the owners.
> NOTE: Corporate IT departments no likee Little Snitch.
They didn’t like employees, exploring the network.
Organizations like Apple who service billions of devices cannot rely on a "push data to system only when something has updated" type of system, as such a system doesnt operate at their scale. They have to operate a system where individual clients are assumed to have an unreliable connection to the service, and where the client does the legwork of checking for new data stored in a centralized system.
This is what you are seeing in the article. Domains like [gdmf.apple.com] which govern device management, are where the declarative device management system is checking Apple's various databases to see if they need to update their configuration.
The number was just intended to illustrate the amount of communication that occurs.
There is also the question of ownership. Do you really own something you bought if you don't control its behaviour? Is it even moral to sell stuff to customers if they won't fully own it, or if the nature of ownership could change over time without user's having a say in it?
do you think it is a problem that the "benevolent dictator" operating system contacts an endpoint to keep its anti-malware list up to date?
When Microsoft does it - most evil thing ever. Literally Satan.
When Apple does it - it's good, or at least benign. It's what the user expects.
> I have been trying to minimize to the extent possible the reach of big tech into my life
That's how integrated services on connected devices work; why the surprise? You can't both have a connected experience that works while also not connecting to hosted services that provide that functionality.
This isn't just Apple, anything that has any connected (cloud or anti-theft or otherwise) will need to function like this.
If your version of big tech is anything that provides managed services, you might as well get off the internet as it doesn't really provide that much value without it. That applies to basic services as well:
- Want email? Either go big or go home since you'll be attacked and spammed so much that unless you essentially learn to become an MSP for email for yourself it's not really feasible (and that includes all the GitHub projects we've seen on self-hosting; it's great as a one-off or hello-world demo, yet maintenance and knowledge is still required - time people aren't willing to invest)
- Want search engines? Extremely expensive to run, so you're going to consume one or not use one at all.
- Want to communicate with other people? They might use scary big tech and there is nothing you can do about it short of not communicating with other people (but that's antithetical to your wish to communicate with others).
- Want to communicate with business services? They might require you use known quantities such as specific operating system versions and configurations, certain apps, or they might not service you at all (banks, insurance, medical, transit etc.)
Can you apply a lot of time and energy to work around all of this? Possibly! But you end up not having much time left to do the things you actually wanted to do in your life. It essentially ends up similarly to what al_borland wrote: most large workflows and processes (regardless of governmental, for-profit businesses etc) don't want to make intensive exceptions just so 0.001% of their customers can be 'different', on one hand because it's not sustainable (you end up having one process for 99.99% of the users and many, just-as-expensive variations to that process for a bunch of individuals), on the other hand because it's not profitable (spending for one flavour and getting all the return on it vs. spending and getting practically no return on it).
And as much as you can use little snitch for programs you install, these days it seems an endless whack-a-mole to block Apple's stuff as there's so many requests all the time. The more time goes by, the more it seems that the concept of "personal" computer is gone: there's nothing "personal" about it anymore, it's the computer plus an amorphous blob of online services one has no control over.
Little Snitch might be able to tell which process triggered that, if you press the info button in the alert. I'll have to check next time it happens.
At some point, apple must've fixed this "bug", but the experience -- and apple's increasingly obtrusive software -- convinced me to switch to linux.
The only point where this is not the case would be system probes, such as captive-portal check, OCSP, or NTP, but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Obviously I'm talking about what follows the name resolution.
> The connections themselves where data is transfered, are negotiated using TLS and thus encrypted.
They're not, as I said there are quite a few unencrypted ones. Last time I couldn't even set up a HomePod without allowing insecure connections.
> but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Just the captive portal check alone contains things like the User-Agent, which has plenty more than just your IP.
That article: Microsoft reports every click you make
Is that the comparison you’re making?
This article: My Mac contacted 63 different Apple owned domains in an hour, while not is use
> while not in use
That is not "Apple reports every click you make", _very_ different from Microsoft. These requests seem like they are all for background tasks to keep data up to date when the user goes to use it. Now can you see a difference between that and _reporting_ on what you are doing?
Where did you get this information? Is it just a guess based on what Apple declared about these domains?
In the article, there is no info about the content sent to these Apple owned domains. For all we know, MacOS could send detailed reports on the user's activity.
Tor for anonymization and additional firewall-punching.
I appreciate hand-off, and accept the overhead for supporting that.
Most data is encrypted at rest on Apple's servers and during transport. Check their documentation.
[1]: https://www.joelonsoftware.com/2004/06/13/how-microsoft-lost...
Vendor lock in and tracking is all part of the Apple experience.
This week i configured Keyboard Maestro to turn off Wi-Fi and Bluetooth when my MacBook (M1 Pro) goes to sleep, and re-enable them on wake.
This has had a huge impact on the battery drain while not being used. Even when the lid is closed.
Would recommend.
As such, I stopped buying Apple. I have not owned a Mac since the G4 days. I never attached it to the internet. I would use TCP/IP and a crossover cable to move files.
I always see a high vollume of traffic from other peoples' Apple computers on the wire that is not intitiated by the computer owner. To my sensibilities, this is cringeworthy. Because there is no way to turn if off. The computer owner has no control over it.
Apple fans can argue this is useful and convenient. That may be true. But that does not explain why it is mandatory, on by default and impossible to disable. I am not against useful options and convenience. I am in favor of control.
When I compile and install a NetBSD image the amount of mandatory network traffic is zero. It is up to me to decide what to enable. That's how I like it.
thomassmith65•23h ago
fortran77•23h ago
plutoh28•23h ago
like_any_other•23h ago
uncircle•23h ago
erikerikson•22h ago
greenavocado•23h ago
Small sample of telemetry and spying domains (out of date):
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/Strappazzon/teleme7ry/mast...
zeeZ•23h ago
st3fan•23h ago
potato-peeler•21h ago
ImJamal•14h ago
https://learn.microsoft.com/en-us/windows/privacy/windows-11...
lipowitz•23h ago
MegaDeKay•21h ago
bmacho•23h ago
cynicalsecurity•23h ago
jitl•22h ago
onedognight•23h ago
2) One is less than 63.
3) Profit?
SimianSci•23h ago
MegaDeKay•21h ago
exe34•23h ago
LorenDB•22h ago
(slight /s here but I'm also serious)