21 comments

[ 2.1 ms ] story [ 46.8 ms ] thread
Unlikely that they will backpedal on this, regardless of how much media attention it gets.

If a macOS user has an issue with this, time to look for a new OS whilst avoiding the upgrade to Big Sur for as long as possible. Those who depend on it for their business will have issues...

If they backpedal or not it was a shitty trust breaking arrogance driven decision that should be remembered forever.
Apple literally solved their production chain suicide issues by installing nets to catch jumpers, which made the rounds across media https://www.wired.com/2011/02/ff-joelinchina/

I didn't see people ditching Apple then with people life on the line, I don't see people ditching Apple for a software configuration.

Meanwhile, computer users toss toxic sewage generating gadgets on future humans to clean.

Let’s not ignore the disposable consumer gadget minded’s unethical behavior at scale.

An Apple engineer tweeted that the firewall bypass was just a bug and not intentional behavior, but after getting hate replies he gave up and made his account private.
In any case it's not an acceptable bug if you want to brand yourself as secure.
Either that or corporate told him to stop. Probably a combination of both, to be honest; situations where you the next steps are disappearing off the internet for a while are never easy :(
Well he also tweeted something along the lines of "if everyone is just going to get angry I'll just stop tweeting/delete my twitter"
Last I checked I don't think the account is deleted at the moment, although the first tweet is gone (and I never saw the other one you mentioned). That being said, I'm not at all surprised by that response–like I said, having an offhand tweet of yours get significant attention, and then have people come after you and attack you on top of whatever corporate might have to say to you on the topic, is a great way to get something like that. It's exactly things like these why most Apple engineers don't say much or publicly affiliate themselves with the company–and I am sure that the people who decided to go after him were well aware of what what kinds of things happen after that.
Apple, putting the Sur in Surveillance
In what sense does this have to do with surveillance?
Some people do use firewalls for preventing software from calling home and sending "analytics" kind of info, which could contain somewhat private information in some cases.
I thought OP meant surveillance by Appple, thanks for clarifying. Yes, that could be a problem.
How many people use firewalls on Macs? Genuine question, not trying to minimise the issue (as I think there's little excuse for this).
Personally I use it to stop certain apps from phoning home or auto-updating, as I manage them with from Homebrew Cask.

There are so many apps which don’t need online access, but still send usage pings or check for updates.

I've read applications like little snitch are popular enough that some malware changes their behavior if it detects it. It must be a non-trivial number. I do personally out of curiosity to see what connections are being made.
An Apple engineer tweeted that this was a bug, but that tweet has since been deleted.
Without looking into the details the ability to piggyback on the excempts or add excempts should be considered a bug. If it required root/admin then all bets would already be off when it comes to malware and host based firewalls. As for people regarding this as a privacy breach then that’s another thing, only real possibility then would probably be a VPN and firewall the traffic at a central point.
At least on my system, it requires root. The config file is owned by root, and readable to the world.

Also, I would expect, but haven’t tested it, a benefit of the ability to piggyback is that concerned users can remove Apple’s exceptions.