The Mac Is a Power Tool
John Gruber (Mastodon, tweet, Hacker News):
The Mac is a platform where you need to be able to shoot yourself in the foot. Increased protections that make it less likely that you’ll shoot yourself in the foot are, obviously, a good idea. Many of them are downright necessary. But such protections are only undeniably good ideas when they don’t get in the way of sophisticated users using software that requires a high level of system privileges. Then they become a trade-off. There are some power users who’ve been annoyed every step of the way as Apple has increased such protections in MacOS, but I think, until recently, Apple has managed this balance well. MacOS, on the whole, has been welcoming and safe for unsophisticated users while remaining powerful and efficient for experts. But in recent years MacOS has clearly started slipping down the slippery slope of being too protective.
[…]
It’s good to be reminded of the software you have installed that requests, or outright requires, access to private data and sensitive hardware APIs. It’s very good to be alerted to any software you might have installed that has acquired such permissions without your knowledge or recollection. […] But it’s infuriating to play whack-a-mole to dismiss a barrage of permission prompts to confirm the same permissions you’ve previously granted to the same software, and it’s even worse when you need to dig three or four levels deep into System Settings to do it.
As Jason Snell has said, partly this is offensive because the attitude is that you, the user, can never be trusted to know what you’re doing. You can click through the alert after every daily boot for a year, but it will never be enough.
But more important, I think, is that the system just wasn’t designed with much care. There is no place where you can go to see all the things that a given app is allowed to do. Nor can you see a log of when and how often the app is doing the things that you permitted. And when you do want to grant access, the steps are often obscure, as if to provide an additional hurdle to make sure you really mean it. (And good luck fixing the TCC database if it gets corrupted.) It feels like it was designed, not to help the user understand what’s going on and communicate their preferences to the system, but to deflect responsibility. You were warned, so it’s your own fault if you clicked the wrong button after being bombarded by repetitive dialogs interrupting your day.
It’s bad for usability, increases user frustration, and decreases security awareness.
[…]
The prompts recur weekly, whenever you reboot, or, as I discovered, when you log out and log back in.
[…]
We’ve already passed the point of security alert overload. The first time or two that the Sequoia beta prompted me to reauthorize, I admit that I didn’t read the text of the alert beyond determining that I should click Continue To Allow to capture the screenshot I needed for whatever I was writing.
[…]
In none of these cases would extra prompts have made any difference because users had no way of knowing that downloads were compromised or that an app had a new owner.
By prompting for continued permission, Apple is asking if we still trust previously trusted apps. What would change in any short period of time that would have us reconsider this action? We would need new information to make a different choice. […] The easy answer is that Apple’s security team believes that apps regularly go over to the dark side within a week and we will figure that out by getting a prompt to remind us that we have already granted it screen-recording permissions. But that’s patently stupid.
MacOS is still the best desktop operating system but Apple seems content on trying to change that every year as they make decisions that are bad and also diametrically opposed to anything a pro user would actually want.
One argument I really can’t understand in the whole permission dialog debate is saying this may be useful to detect software installed by an abusive partner.
Well, technically yes, maybe, but you all realize that if an abusive partner has administrative access to your computer, it’s game over, right? From that point on you need to assume nothing, absolutely nothing at all that goes through that machine is private. And the permission dialogs won’t change this.
See also: Accidental Tech Podcast, Craig Grannell, Luc Vandal.
Previously:
- Sequoia Screen Recording Prompts and the Persistent Content Capture Entitlement
- Sequoia Removes Gatekeeper Contextual Menu Override
- A Picture Is Worth a Thousand Permissions Requests
- The Alert Hammer
Update (2024-08-14): Pierre Igot:
I guess this is Apple’s way of (not) saying: “The OS update you installed a couple of days ago includes updated terms of service for the Mac App Store. Since we cannot be bothered to explain these changes to you and you won’t read them anyway, we’re just covering our asses by asking you to click on ‘Continue’ here, which implies that you agree with the changes.”
Still feels like Apple is treating me as an idiot, though, by simply repeating marketing copy that is of zero interest to me.
10 Comments RSS · Twitter · Mastodon
After some misfires (in my opinion) over EU stuff, it’s great to see Gruber return to form with a banger of an essay that gets everything just right. I know there are influential people at Apple who read Daring Fireball, and I hope they take note.
They have been doing pretty well with security but now they are making the same serious mistake made by Microsoft many years ago: sensory overload for the user.
Windows users press "OK" without thinking because otherwise it is impossible to get work done. Of course encouraging that behavior is disastrous. Now, 30 years after Microsoft botched it thoroughly, are they going down the same route?
Unbeliable. Some idiot at Apple must be reined. Fast.
I think Apple should make a Security Center where you can view all of the security things going on in your Mac
Instead of constantly prompting users with ever more security prompts, they could create an app where users can look at all the security options of each application.
This doesn’t mean Apple can’t or shouldn’t ask users for permissions, but they’ve gone too far to the point where these questions are so common that people just ignore them. That’s a problem, because it means Apple’s method for increasing security actually *decreases* security
A security center could have an overview of all the secure items being used. You could see which running apps have access to the microphone, for example
It would also be nice to look at the permissions an app requests and make changes to those permissions in one easy place
The way Apple does it now is a Preference Pane where you choose the type of security item, then see which apps are using it. I think the other way around would be a nice option
This would be a great thing for third parties to do but I don’t think it’s even possible considering how locked down MacOS has become
There can never be enough security to make the Apple people happy. Do they use their official macOS or do they have special builds without the nagging?
An app is inside my sphere of trust. Beyond granting the permissions I can never be sure what an app does.
"it’s great to see Gruber return to form with a banger of an essay that gets everything just right"
The sole purpose of his post is to protect iOS notorization. Dividing the ubermensch on MacOS from the dregs that settle for iOS and iPadOS. In Gurbers world alpha males on their laptops can handle the pressure, whilst only meek betas use iPads and iPhones and therefore need to get their freedoms reduced.
It is horrible. Messages.app (iMessage.app) constantly asks to enter username and password, then locks the account, asks again for username and password, asks for two out of three security questions, asks again for username and password and eventually locks itself for 10 days. After such 10 days, the same situation and process repeats and if you are lucky you may get access for a few hours. And then the same issue arises again and again and again for ever all the time. That happens in a iMac booting from internal disk. FRUSTRATING!!!
And with Apple iCloud (which I never use) and Apple ID happens a similar situation. Every time the Mac is rebooted or cold booted it requests username and password for three times in a row. If you deny it such three times in a row (as said, I never use iCloud and I do NOT want it ever), each time that you open "Apple - System Settings" the same request shows three times in a row. That happens when booting two identical iMacs from the same external SSD. It is really FRUSTRATING!!!
These problems did not happen years ago with older macOS versions. Is Appple listening?
This reminds me of Neil Stephenson’s essay “Unix is the Hole Hawg of operating systems”. The Mac is a Unix workstation and if it can have some safety features that make it easier to operate safely then that is great. I don’t need to be able to rm -rf /.
I really don’t want Apple to break MacOS as a workstation and be forced into the Linux desktop wilderness.
I wouldn't mind if the warning showed up maybe once a month, just as a reminder, but that isn't what is happening it is showing up every time I have to log out and log back in, restart the computer and it is irritating. I am an intelligent adult with a brain and do not like being treated like a child who needs their hand held at all time
Prioritizing empowerment and marketing to mainstream users versus making captive power users unhappy. The investors must be fuming over said loss of balance.
