{"id":30716,"date":"2020-11-17T15:36:42","date_gmt":"2020-11-17T20:36:42","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=30716"},"modified":"2020-11-23T15:41:17","modified_gmt":"2020-11-23T20:41:17","slug":"a-hole-in-the-wall","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2020\/11\/17\/a-hole-in-the-wall\/","title":{"rendered":"A Hole in the Wall"},"content":{"rendered":"

Callum Booth<\/a> (via Hacker News<\/a>):<\/p>\n

For all of Apple’s talk of being privacy-first<\/a>, often its marketing speak doesn’t match up with what it’s actually doing. And the latest example? Well, it’s Apple apps on Big Sur bypassing firewalls and VPNs.<\/p><\/blockquote>\n\n

Norbert Heger<\/a>:<\/p>\n

\n

It is your right to know where your computer connects to. To whom it talks. It’s your right to see these connections. It’s your right to allow them. And it’s your right to deny them.<\/p>\n

[…]<\/p>\n

Three months later we realized, that a number of other Apple services like App Store, Maps or FaceTime also showed this strange behavior of acting invisibly, bypassing the new filter API. So we reported our new findings again on October 1 (FB8762834).<\/p>\n

[…]<\/p>\n

But hiding these connections completely from the user makes no sense. It contradicts the idea of a transparent and trustworthy system and undermines the user’s trust in that system.<\/p>\n

[…]<\/p>\n

In the light of the recent public discussions that this topic has triggered we are extremely confident that Apple stands by their word to give users control over their information and will therefore eliminate this kind of whitelisting in a future macOS update.<\/p>\n<\/blockquote>\n\n

Jeff Johnson<\/a>:<\/p>\n

I used Little Snitch to diagnose the “OCSP apocalypse” last week.<\/p>

It’s essential for network extensions to be able to block all network connections, including connections by Apple.<\/p><\/blockquote>\n\n

Patrick Wardle<\/a>:<\/p>\n

In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐<\/p>\n

Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔<\/p>\n

A: Apparently yes, and trivially so 😬😱😭<\/p><\/blockquote>\n\n

Previously:<\/p>\n