{"id":35383,"date":"2022-03-25T14:46:54","date_gmt":"2022-03-25T18:46:54","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=35383"},"modified":"2022-03-24T14:47:01","modified_gmt":"2022-03-24T18:47:01","slug":"how-to-launch-mac-apps-in-private","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/03\/25\/how-to-launch-mac-apps-in-private\/","title":{"rendered":"How to Launch Mac Apps in Private"},"content":{"rendered":"

Howard Oakley<\/a>:<\/p>\n

\n

If you’re unfortunate enough to have to use your Mac in a part of the world where surveillance is performed, even knowing when you use certain apps could prove to your great disadvantage. This article looks at two potential solutions: blocking all outgoing traffic to Apple’s OCSP service, which checks certificates against its list of revocations, and removing code signatures on selected apps.<\/p>\n

[…]<\/p>\n

By blocking outgoing connections to ocsp.apple.com and ocsp2.apple.com app launch should still proceed, usually more quickly too, without the check taking place. The great disadvantage is that blocking is all-or-none, and can’t be selective according to the app being launched. This forces the user into choosing between normal revocation checks, or none at all.<\/p>\n

[…]<\/p>\n

Checks on certificate revocation can only be made on apps which are signed. If the app is unsigned, there’s no signing certificate to check. Use this to your advantage by removing the signature from those apps whose use you want to make private[…]<\/p>\n<\/blockquote>\n

However, I think some Apple services will not work with apps that are unsigned or ad-hoc signed.<\/p>\n\n

Previously:<\/p>\n