PSA: macOS updates often modify your System Preferences to violate your Privacy
I went to change a Firewall setting for an app and discovered to my shock all the listed apps in it had been set to "Allow incoming connections" (which I had never done) and the options
- "Automatically allow built-in softwares to receive incoming connections" and
- "Automatically allow downloaded signed software to receive incoming connections"
had been enabled, even though I had disabled them. In the Privacy > Advertising section. Limit Ad Tracking had been disabled even though I had enabled it. (And if it needs to be said for some - no, I don't have any malware on my computer).
Edit: I am pissed because all I had installed were security updates.
42 comments
[ 4.1 ms ] story [ 90.5 ms ] threadIf software that's already running on the system wants to e.g. exfiltrate something from the system, or to phone home or whatever, it could do that just as well by making an outwards connection as by accepting an incoming one. (I'm assuming the OS or firewall isn't limiting or reporting on outgoing connections.) Denying incoming connections is more useful for reducing attack surface in case of security vulnerabilities in the running software, and generally not so useful for limiting what the software can intentionally do.
Resetting firewall settings to accept incoming connections to listed or built-in apps overrides user security choices with a more lax policy, and that's concerning whether it's intentional or not. But I'm not sure it's really so much about privacy as it's about respecting user choice.
Also some settings are irreversible. For me, I made the mistake of using my personal Apple ID as my developer ID for a while. At some point Apple started forcing developers to enable to 2FA. Now that I've enabled it I am not allowed to disable it. So, one day I will have to start a whole new Apple account and lose anything that I have purchased.
Luckily I avoid getting locked in, I don't buy many apps and none of the apps that I use on a daily basis are purchased. Unfortunately I will lose all of my saved passwords and I will have to transfer my contacts, messages and photos manually. I don't even think I can transfer my messages so I will just have to lose the old ones.
I can't get my mother to use one, and she has a lot of information about me in his phone (emails, conversations, etc).
Encouragement would be a statement of why they recommend some action. Instead they try to trick you.
It's annoying but not dishonest.
The fact that they doesn't shows either a malice from them, or at least very sloppy engineering/product management.
Because this kinda of attitude is really bad, and if it was a product from any other company (like Google) I am sure that people would say that this is proposital.
They just guard the data from third parties to not have competition milking their own ecosystem. It's a great way to have their cake and eat it too.
[1] https://news.ycombinator.com/item?id=18189139
...then again, similar things have happened on the Apple side: https://news.ycombinator.com/item?id=21229249
So, while the update was downloading, I changed my firewall settings specifically to allow built-in software to receive incoming connections, but disallow downloaded signed software. I also specifically set GarageBand to block incoming connections but not other programs among those listed.
I'm happy to report that all of these settings were maintained after updating to macOS 11.2.3 exactly as-is. I wonder if the OP is referring to a different update (none that I'm aware of recently).
There is no Privacy > Advertising > Limit Ad Tracking setting on macOS 11.2.2 or 11.2.3: there's a checkbox for "Personalized Ads," which remains turned off after the update also, just as it was before.
But allowing incoming connections without a prompt, I think it may be getting worse now.
Related, what annoyed me is that 3rd party installers can gather telemetry even before you've installed. The one I recall from a year or two ago was docker. The Docker installer is doing telemetry before you've even decided to install it.
Assuming that is what really happened. I've heard so many of these stories about Apple that end up being disproved a few weeks later that I have become extremely sceptical of the claims.
What evidence have you collected that demonstrates that this is an intentional act by Apple, as claimed in your post headline?
HN isn’t an appropriate venue for unsupported accusations of malfeasance or conspiracy. Please substantiate your post.
I have never disabled SIP. I do run an application firewall.
> Have you opened a bug report for Apple with sysdiagnose attached?
No. Apple never clarifies if something is a bug or a feature. (And depending on the lax data protection and privacy laws of certain countries, this could well be a feature).
> Are you using or have you used developer betas on this device or other macOS devices linked to the signed-in iCloud account of this device, if any?
No.
> Have you run out of drive space since you set those settings, and/or performed a migration from another system?
No. All my internal hard disks have more than 50% free space. The last upgrade to it was macOS Mojave, with the occasional security updates.
> What evidence have you collected that demonstrates that this is an intentional act by Apple, as claimed in your post headline?
The circumstantial evidence is pretty clear - This isn't the first time this is happening to me after installing an OS update. Only Apple benefits by allowing Apple software to always have unhindered internet access and enabling ad-tracking.
For reference, I've got a 2020 Intel MacBook Pro 13.
P.S.: I checked these settings after reading your post and before updating my laptop.
https://sneak.berlin/20201112/your-computer-isnt-yours/
Does this surprise anyone?