While this seems like a lot, in some ways this is what user's expect. Push notifications should be coming all the time, assuming the system is on. Most users expect various maintenance services to run when the system idle so it doesn't interfere with their active use of the system. When users open apps like Weather (or view a widget), they expect it to already be up to date without having to manually refresh or wait for data to load when the app launches.
I'm sure some fat can be trimmed, and it may not all be user-centric, but a lot of this had to do with the expectations users have these days with the data being always up to date, instantly available, and proactive about alerting them to things they may want to know about, like rain coming to your area in 30 minutes.
One of my big pet peeves is when I pick up my phone in the morning, go to open an app, and it starts updating, so I need to wait for the download/install. It just had 8 hours on a charger to do that, and instead it seems to wait until it's taken off the charger and unlocked. With auto-updates on, I'd much rather this happen when placed on the charger and inactive, than actively in use and off the charger. The same can be said for a lot of things on the desktop.
This ends up mostly being a question of transparency and user control. Which then becomes a question of how much time/money to they invest in features for 1% of users? Now how much time do they invest in those same features when the 99% will stumble in there, turn a bunch of stuff off, then call support and ask why their weather widget isn't updating?
neogodless · 21h ago
When Microsoft has telemetry:
* Windows is a spyware machine - how can anyone use it? Year of Linux baby!
When Apple has telemetry:
* It's working as expected.
So... to be fair, is there a thorough comparison of the two? How are they the same, and how are they different?
snehk · 21h ago
But the things mentioned in the post above yours have nothing to do with telemetry. They're more like core functions to make the system work at all.
neogodless · 14h ago
> Which then becomes a question of how much time/money to they invest in features for 1% of users? Now how much time do they invest in those same features when the 99% will stumble in there, turn a bunch of stuff off, then call support and ask why their weather widget isn't updating?
That sounds like telemetry?
al_borland · 13h ago
The features I was referring to would be a control panel to list all the various remote calls to let uses micromanage what calls they wanted and which ones they didn’t.
Inside of those settings could be options to enable/disable telemetry, sure. But also push notifications, weather updates, virus definition updates, etc.
sitzkrieg · 16h ago
take a look at fbs.smoot.apple.com and argue that isnt telemetry?
why does an os need to hit the internet AT ALL to work? osx doesnt of course
mcphage · 11h ago
> why does an os need to hit the internet AT ALL to work?
Does it actually need to hit these to work?
politelemon · 16h ago
No that's incorrect. It is listed in TFA.
brookst · 21h ago
I didn’t see the person you’re replying to ever mention Microsoft. It seems weird to accuse them of hypocrisy?
neogodless · 20h ago
This is a very valid criticism of my post and many that group "opinions" as if they come from a single source.
Here, the top-voted comment is OK with Apple software phoning home, but there's no evidence they are not equally OK with Microsoft software phoning home, so I'm contrasting this popular opinion with another popular opinion elsewhere.
Here's one example from a different user, where Microsoft is described as "the big daddy of spyware."
Microsoft put ads in their OS menus. Kindof a stretch to "both sides" this one.
jtbayly · 19h ago
Apple does too! Drives me crazy, although it’s not nearly as bad as Windows.
naught0 · 19h ago
I have never seen this. What ads are you referring to in MacOS?
cornhole · 18h ago
They keep trying to get me to buy iCloud space in the settings menu
DrBenCarson · 19h ago
Uh…where?
ffsm8 · 17h ago
You don't see them if you're already paying for all Apple services.
But otherwise, you get constantly nagged to get iCloud and also sometimes for their media and gaming subscriptions
Finally, what people for some reason ignore: Apple has been an advertisement company ever since their app store became the majority share of their revenue.
DrBenCarson · 17h ago
Ah okay yeah I have Apple One so I wouldn’t see them
51% are iPhone sales
9% are wearables and home device sales
8% are Mac sales
7% are iPad sales
A portion of the 25% that make up services and subscriptions is advertising, in addition to Apple Music, iCloud, Google’s search default payment (20B/yr), etc.
Apple makes less than 5% of its revenue from advertising
ffsm8 · 17h ago
Oof, I meant to write "a majority share", not the.
I still believe that to be true, as you're splitting the advertisement revenue - in my opinion, all app store revenue is related to their advertisement business.
From my perspective, only counting the money that went into the advert itself is misleading, as the store itself is what the adverts are shown on.
If it was a more general advertisement network I'd agree with your splitting though.
DrBenCarson · 17h ago
No, that is how Apple split them. There is no ad revenue in any segment outside of services. “Belief” is not necessary, this is accounting
I’m a shareholder, I read the reports. Apple make 70%+ of their revenue from direct device sales (no one else comes close to them)
ffsm8 · 16h ago
I can see where you're coming from, but I still feel like you might be putting too much trust into how apple splits their revenue in documents as they're provided to the public.
I'm not saying that the numbers are false, but apple can ultimately freely choose how to categorize their revenue itself.
From my point of view, their advertising revenue inherently cannot be split from their app store revenue.
It's akin to me saying "I've only spent $50 on groceries yesterday", but omit that the actual cost was $100 because of added fees and taxes.
It's still technically correct, and a bookkeeper will categorize it as such, but it also incredibly misleading.
I hold that opinion because in the apple ecosystem, the customer journey doesn't end with the advertisement. Every successful capture inevitably ends with more revenue via their 30% cut.
And btw, I'm technically a shareholder too - though only in the low thousands (value, not #), so prolly a lot less then you ( • ‿ • )
DrBenCarson · 10h ago
App Store and ad revenue are part of the same category
theoreticalmal · 16h ago
Plus, the ads for Apple are like “buy our cloud storage solution” and the ads for MS are like “10 foods to make you SEXY this summer!”
I’m not a fan of either, but one is significantly worse than the other
politelemon · 15h ago
That's a hyperbolic cherry picked comparison from different areas. If you compare the settings and start menu equivalent they are the same.
JCattheATM · 20h ago
No it isn't. The context is telemetry and spying, not built in advertising.
daveguy · 19h ago
And none of the items in the original thread post were about telemetry. They were about functional requirements.
JCattheATM · 17h ago
That's a stretch, but giving the benefit of the doubt, you alone say potahto, most here are saying potato.
ffsm8 · 17h ago
I guess you didn't read the article then, there are entries for telemetry. He even helpfully listed the official use case next to the domain name that was accessed.
daveguy · 17h ago
Thread post. Not article post. Try to keep up.
ffsm8 · 16h ago
You made the claim that apple didn't make any telemetry requests in response to someone pointing out the double standard for Apple.
Yes the person further up in this thread lists features other then telemetry, but that's literally the double standard. It's also did telemetry, just like windows does. Did you unironically think windows phones home only for telemetry, and not for various features too?
Because the article you're commenting on lists telemetry requests.
Your comment makes straight up no sense.
daveguy · 15h ago
Okay buddy. Enjoy your day.
politelemon · 16h ago
I read it as a criticism of HN not the GP.
JohnFen · 19h ago
Apple users tend to trust Apple (whether or not that trust is misplaced is a different topic). Very few people trust Microsoft.
klodolph · 21h ago
Honestly I would say “working as expected” for like 99% of Microsoft’s telemetry. I think the only difference is that I fucking hate hate hate OneDrive and so I’m gonna be more upset about the fact that Windows uses it. iCloud does not bother me so I don’t complain about it.
jamesy0ung · 21h ago
Apple is nowhere near as evil as Microsoft, so I’m willing to put up with it.
righthand · 21h ago
Apple has been involved in all the same government spying programs as Microsoft. They do not offer any services or products with E2E encryption that they do not control the key too.
1659447091 · 5h ago
> They do not offer any services or products with E2E encryption that they do not control the key too.
Are you saying that Apple still has the keys when Advanced Data Protection is turned on? And has access to the covered data even though they say the keys are only on the trusted devices?
pmarreck · 20h ago
But at least they have E2E encryption. The whole point of which is not having the key to.
righthand · 19h ago
The whole point is that a 3rd party (Apple) doesn’t have the key. It’s not real E2E and it’s still susceptible to government overreach.
DrBenCarson · 19h ago
Still need your password to use the key
righthand · 18h ago
No Apple can unlock your phone with the master key they used to generate your phone hardware enclave key. This is how the FBI has pressured them in the past to unlock devices.
DrBenCarson · 15h ago
The exact section is "Root Cryptographic Keys," here is the key passage:
```
A randomly generated UID is fused into the SoC at manufacturing time. Starting with A9 SoCs, the UID is generated by the Secure Enclave TRNG during manufacturing and written to the fuses using a software process that runs entirely in the Secure Enclave. This process protects the UID from being visible outside the device during manufacturing and therefore isn’t available for access or storage by Apple or any of its suppliers.
```
Not every Apple service is E2E encrypted, but some of them (like iMessage) are, and it's 100% real E2E.
ImJamal · 13h ago
If you do a forgot password and move to a new device do you lose all your chats?
AnonC · 18h ago
> They do not offer any services or products with E2E encryption that they do not control the key too.
That’s way off the mark from reality. You can look at Advanced Data Protection. It’s not enabled by default for the sake of convenience, but it’s an option available to the users.
goosejuice · 21h ago
Well if you're going to throw that out there, you might as well explain.
ehutch79 · 21h ago
The people who complain about windows telemetry, arnt going to Mac, they use Arch Linux btw.
neogodless · 20h ago
Are you sure Mac users (or at least fans) don't also call or consider Windows telemetry "spyware"? I suspect they hold that opinion too.
> NOTE: Corporate IT departments no likee Little Snitch.
dev_hugepages · 20h ago
Do you have a story to tell us?
thesuitonym · 19h ago
I don't have a story but Little Snitch is the kind of tool most corporate users don't need, but that many malicious actors love to use. Sort of like running nmap on your computer, yeah there are legitimate reasons to do so, but you will get a call from IT if you try it.
al_borland · 12h ago
I jokingly told a coworker to try nmap when he was trying to figure out a port to use for something legitimate. He was on the phone with the security team seemingly within 90 seconds. I was actually pretty impressed.
ZeroTalent · 17h ago
interesting. don't malicious actors use much more advanced tools than little snitch?
ChrisMarshallNY · 16h ago
In the case of the company I worked for, they worried as much about insider threats, as they did, external ones.
They didn’t like employees, exploring the network.
thesuitonym · 14h ago
Malicious actors use every tool you can imagine, and many you can't.
amelius · 20h ago
> Which then becomes a question of how much time/money to they invest in features for 1% of users?
The problem with Apple is that __anyone__ sits in a 1% group of users in one way or the other. But they try to make a one-size-fits-all product.
This is in contrast to Linux where everybody can do whatever they like, and most things are opt-in rather than opt-out.
al_borland · 12h ago
Apple ships to satisfy the 80%. 3rd party devs generally fill the needs of the 20% in various ways.
This is no different with Linux. How many Linux users use a desktop environment as-is without any plugins or tweaks? How many Arch users don’t have a single package from the AUR?
There are tools like Little Snitch on macOS to monitor and block all kind of network traffic.
msgodel · 13h ago
Should push really be going through Apple on a laptop? I kind of understand it on a phone (although users should be able to switch push providers if they want to eg use open source software that apple won't allow) but on a Laptop there's no reason to not just have the application manage the toasts/sockets itself.
ath92 · 21h ago
Regular users don’t think of push notifications as something that needs to go through some central server owned by Apple. If Alice sends Bob a message, shouldn’t that require only their phones to communicate with one another, without some third party?
razemio · 21h ago
This would mean, that every app notification needs to contact a different server. Lets say you have 20 Apps that send notifications. 20 different connections would work in the background to fetch updates instead of 1.
Privacy vise this is an issue and the reason that messangers like signal and matrix would use their own services on android. However this reduced battery runtime by a good margin and android and ios get more aggressiv at killing background tasks each os iteration.
To make things worse, push notifications for matrix and signal where unrealiable, because manufacturers like oneplus, oppo and some others where killing all the background tasks against specification to win the influencer battery tests.
al_borland · 12h ago
In the Alice and Bob scenario, what happens if Bob’s phone is off or doesn’t have a single when Alice sends the message? Does the message just get dropped? Does Alice’s phone keep trying forever to send the message until it gets a response back that Bob got it? How long does it try before giving up? What happens if Alice and Bob are far apart and the phones can’t directly talk, how does Alice in LA send a message to Bob in NY without a 3rd party to relay the message?
If regular users don’t think about these things, it’s because they’ve never thought about these ideas at all. If they did, and they are able to think, they should come to the conclusion that a 3rd party is necessary in some form.
Henchman21 · 21h ago
But how would they make sure that conversation is safe and approved if it isn’t monitored?
(/s for those who need it)
jjmarr · 21h ago
Is it even a push notification if you have to fetch them from a server?
nothrabannosir · 21h ago
Is there mobile push technology which is actually fundamentally push, all the way down to the transport layer? Like open socket, listening for incoming packets only, no notifications-> no traffic?
I was under the impression it was all polling if you go down far enough, but at least because of central registration the phone only needs to poll one single pubsub service instead of a separate server per subscription.
Could be wrong though?
msgodel · 13h ago
In theory you could do that, that's how I had push set up on my Pinephone. Often the ssh connection that was used for it was still live after rtcwake came back up. It's kind of a moot point since the WiFi radio couldn't wake the CPU up on its own though.
baby_souffle · 19h ago
Yes, sms is "actually push" all the way down to the transport layer.
As far as I know, this is still what push notifications are built upon for an idle/sleeping device.
Carrier infrastructure knows which tower you last connected to, instructs that specific tower to broadcast a message telling your phone to wake up and fetch the remaining 80% of the notification content (the sms bit is usually just enough for your device to learn the UUIDs of the notifications)
nothrabannosir · 8h ago
iOS or Android push notifications (can) use SMS for notifying the client that a new message is available ? That’s lovely. Do you have any links or any keywords to find more ? All I can find online is that iOS uses TCP (XMPP in fact :o TIL. )
eadmund · 21h ago
> Is there mobile push technology which is actually fundamentally push, all the way down to the transport layer? Like open socket, listening for incoming packets only, no notifications-> no traffic?
That’s the end-to-end principle. Each host on the Internet is fully capable of listening on a socket and doing whatever its owner wants it to do.
The issue is when firewalls prevent incoming traffic, and when NAT prevents a host from even being on the internet. There’s not really a good reason for NAT with IPv6, but there are some good reasons for firewalls. They mostly boil down to human imperfection. The developers of one’s OS and software are imperfect, so the fact that a laptop sitting in Dallas can be probed by other computers in Frankfurt or Maseru thousands of times a second is an issue: a single bug will make one’s computer, and all its data, vulnerable. And users are imperfect, too. One might misconfigure one’s computer, and accidentally expose a service to the world.
There could be some approaches to mitigate these issues, but we’re probably stuck with firewalls forever. Which is really kind of sad.
PinguTS · 21h ago
How do you think push should work?
Any push service works this way. The client contacts the server to be updated. The server gives a no data or a data response. The server cannot magically contact the client.
j_w · 20h ago
Well, the server could contact the client. The client would just need to be listening on a port/address that the server knows. Which is completely infeasible for 99.99% of end user devices.
juped · 20h ago
What do you think the word "push" means in the word "push"? It doesn't mean "pull", btw.
ryandrake · 18h ago
I think this is one of those many cases where how the technology works doesn't match the actual meaning of the English word, but for whatever reason the word has stuck.
For better or worse, a lot of things on the Internet now assume that only "servers" can accept incoming connections, and therefore anything that needs to be "sent" to clients needs to be done by making the client poll a server over and over. True P2P apps (with no intermediary server) are pretty rare now, for a variety of reasons: some good reasons, some stupid reasons.
thesuitonym · 19h ago
You're arguing semantics over a phrase that was decided upon 20 years ago. It's too late.
SimianSci · 22h ago
Polling domains when attached to the network like this doesnt suprise me in the least.
Apple's ecosystem has often been praised for its tight integration, and this consistent network connectivity is the result.
Anybody who has worked with large scale services that rely on messaging services to ensure people get timely notifications and data, knows that you need services which are continuously polling endpoints to check and see if they have new information.
Organizations like Apple who service billions of devices cannot rely on a "push data to system only when something has updated" type of system, as such a system doesnt operate at their scale. They have to operate a system where individual clients are assumed to have an unreliable connection to the service, and where the client does the legwork of checking for new data stored in a centralized system.
This is what you are seeing in the article.
Domains like [gdmf.apple.com] which govern device management, are where the declarative device management system is checking Apple's various databases to see if they need to update their configuration.
mzi · 20h ago
> Polling domains when attached to the network
Apple devices do communicate over BT even when you explicitly turn it off and put your device in flight mode.
DrBenCarson · 19h ago
Only if you use Apple Watch and or Contact Tracing features
brookst · 21h ago
The article’s author would apparently be happier if everything were on a single domain with just ports or paths to separate services. Thinking about the number of DNS names seems kind of silly.
lapcat · 21h ago
This is an extremely uncharitable interpretation of the article.
The number was just intended to illustrate the amount of communication that occurs.
yaris · 20h ago
The amount of communications would be better illustrated by the number of connections made in a period of time, maybe complemented with the amount of data transferred up/down.
Making a 1000 connections towards one domain name with different URLs does not fundamentally differ from making 1000 connections each towards a separate domain name (which names can be the same server, just with a bunch of IPs).
lapcat · 20h ago
You seem to be assuming that the author set out from the beginning to measure scientifically the amount of communication that occurs. What is much more likely is that the author's DNS provider, NextDNS, provided this information, and the author simply noticed it.
This article: Apple’s OS relies on a lot of services to deliver its features!
That article: Microsoft reports every click you make
Is that the comparison you’re making?
joshstrange · 20h ago
No.
This article: My Mac contacted 63 different Apple owned domains in an hour, while not is use
> while not in use
That is not "Apple reports every click you make", _very_ different from Microsoft. These requests seem like they are all for background tasks to keep data up to date when the user goes to use it. Now can you see a difference between that and _reporting_ on what you are doing?
idoubtit · 19h ago
> These requests seem like they are all for background tasks to keep data up to date when the user goes to use it.
Where did you get this information? Is it just a guess based on what Apple declared about these domains?
In the article, there is no info about the content sent to these Apple owned domains. For all we know, MacOS could send detailed reports on the user's activity.
mtotheb · 20h ago
An important variable, the titles of the posts set the stage. That post's title was "Windows 10 _spies_ on your use of System Settings" whereas this one is "My Mac _contacted_ 63 different Apple owned domains in an hour, while not is use." It would be interesting to, in a month or so when everyone has forgotten this conversation, repost this with a more critical title and see if that reshapes the comments or influences their tone.
ryandrake · 18h ago
Apple gets a lot of benefit of doubt here and in the tech press, some of it having been earned. When other vendors' OSs phone home dozens of time, it's nefarious. When Apple phones home dozens of times, it's for innocent "core functionality" or other reasons that sound acceptable.
Apple is the new Microsoft. They have pretty much saturated their target market. And since there is nothing much new to do, teams justify their existence in the org by changing existing things and adding unneeded functionalities that ultimately make the user experience progressively worse.
tl · 21h ago
Apple has been the new Microsoft long enough, I've begun to suspect the current environment cannot support a new Apple. Joel Spoksky's 2004 "How Microsoft Lost the API War" [1] applies to Apple's 2019 introduction of SwiftUI. Some of the AI companies are trying, but the more favorably I think of a competitor in that market, the less likely they are to build consumer hardware.
As so many other people have also said, many Apple services like iCloud sync require a lot of network I/O. I use two iPads, one with 64G of storage and the other with 1 terabyte of storage. Applications and data frequently get offloaded and reloaded on my old iPad.
I appreciate hand-off, and accept the overhead for supporting that.
Most data is encrypted at rest on Apple's servers and during transport. Check their documentation.
throw564367h · 16h ago
Same with Xiaomi products. Their products are all integrated together and communicate with one another.
that works in a lot of cases, but unfortunately it seems sometimes you get these popups about nsurlsessiond (for example) where you know where the connection goes, but no idea where it comes from (especially if it's trying to connect to to some generic AWS hostname)
And as much as you can use little snitch for programs you install, these days it seems an endless whack-a-mole to block Apple's stuff as there's so many requests all the time. The more time goes by, the more it seems that the concept of "personal" computer is gone: there's nothing "personal" about it anymore, it's the computer plus an amorphous blob of online services one has no control over.
lapcat · 18h ago
> unfortunately it seems sometimes you get these popups about nsurlsessiond (for example) where you know where the connection goes, but no idea where it comes from (especially if it's trying to connect to to some generic AWS hostname)
Little Snitch might be able to tell which process triggered that, if you press the info button in the alert. I'll have to check next time it happens.
work with virtual machines shows: not all traffic may be intercepted by little snitch
thomassmith65 · 22h ago
With Apple, you want to block *.apple.com and white-list subdomains as you need them. If instead you black-list apple subdomains, the battle will never end.
fortran77 · 22h ago
Why use Apple at all if it’s so user-hostile? (I’m a Windows user.)
greenavocado · 22h ago
Windows telemetry is way more insane
Small sample of telemetry and spying domains (out of date):
That "small sample of telemetry and spying domains" also contains login pages and update downloads, among others. You're just saying everything Microsoft is telemetry and spying, here are all their domains.
st3fan · 22h ago
Same with all those Apple domains. This is the world we live in now. Operating systems and most applications are now backed by cloud services.
SimianSci · 22h ago
Anybody who has done similar checks for windows will see an order of magnitude more connections being made.
As someone who got their start managing windows devices, and who has gone through the painful steps of mapping out what each such connection is meant for, I was suprised to see that there was ONLY 63 connections being made in an hour for this article.
The last time I mapped such connections for a windows device, we had measured about 200+ similar connections within a single hour.
MegaDeKay · 20h ago
To be fair, "about 200+" is far from "an order of magnitude" of 63.
plutoh28 · 22h ago
If I recall correctly, Windows isn’t very user-friendly either.
like_any_other · 22h ago
Humor.
uncircle · 22h ago
It cannot be humor as it doesn't have, at the end of the comment, the tag /s
erikerikson · 21h ago
Thank you for ending yours with /s
LorenDB · 21h ago
Why use Windows at all since it's more user-hostile in terms of overt advertising and telemetry-gathering? (I'm a Linux user.)
(slight /s here but I'm also serious)
bmacho · 22h ago
Probably in exchange of some privacy it gives its users time/money?
onedognight · 22h ago
1) The ads in my start menu all come from one domain.
2) One is less than 63.
3) Profit?
exe34 · 22h ago
Their hardware is quite nice - I have a mac book air from mid-2012 myself. (Although I moved to Nixos linux in 2016).
lipowitz · 22h ago
How do you get all the bloatware off and de-metric your Windows? With Apple it is one criminal instead of an oligarchy of crime.
MegaDeKay · 20h ago
Installing LTSC takes you a long way towards that goal.
cynicalsecurity · 22h ago
Why use Apple or Windows at all if they are so user-hostile? (I’m a Linux user.)
jitl · 21h ago
(Bluetooth) audio never works consistently for me on Linux, especially after wake from sleep I have like a 10% chance to get crackling/stuttering
1vuio0pswjnm7 · 15h ago
One of the things that really put me off about Apple's computers, namely their pre-installed OS, was how "chatty" they have become when attached to a local network, let alone the internet.
As such, I stopped buying Apple. I have not owned a Mac since the G4 days. I never attached it to the internet. I would use TCP/IP and a crossover cable to move files.
I always see a high vollume of traffic from other peoples' Apple computers on the wire that is not intitiated by the computer owner. To my sensibilities, this is cringeworthy. Because there is no way to turn if off. The computer owner has no control over it.
Apple fans can argue this is useful and convenient. That may be true. But that does not explain why it is mandatory, on by default and impossible to disable. I am not against useful options and convenience. I am in favor of control.
When I compile and install a NetBSD image the amount of mandatory network traffic is zero. It is up to me to decide what to enable. That's how I like it.
DavideNL · 15h ago
Somewhat related;
This week i configured Keyboard Maestro to turn off Wi-Fi and Bluetooth when my MacBook (M1 Pro) goes to sleep, and re-enable them on wake.
This has had a huge impact on the battery drain while not being used. Even when the lid is closed.
Would recommend.
Avamander · 21h ago
It's even better that quite a few of those connections are unencrypted (and are actively used by some vendors to profile devices).
SimianSci · 21h ago
From my understanding this isnt correct.
While a DNS resolution may or may not be encrypted, which is highly dependent on the local client's environment. Data being sent to apple is not being sent via DNS, as these DNS connections are only the beginning of negotiating a conneciton to Apple's servers.
The connections themselves where data is transfered, are negotiated using TLS and thus encrypted.
The only point where this is not the case would be system probes, such as captive-portal check, OCSP, or NTP, but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Avamander · 18h ago
> Data being sent to apple is not being sent via DNS
Obviously I'm talking about what follows the name resolution.
> The connections themselves where data is transfered, are negotiated using TLS and thus encrypted.
They're not, as I said there are quite a few unencrypted ones. Last time I couldn't even set up a HomePod without allowing insecure connections.
> but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Just the captive portal check alone contains things like the User-Agent, which has plenty more than just your IP.
hoppp · 18h ago
If you want to block Apple domains, why buy a Mac?
Vendor lock in and tracking is all part of the Apple experience.
jbrooks84 · 21h ago
Is this the first time you are monitoring traffic of any modern consumer devices connected to the Internet?
If you built up a Linux system to have similar functionality (single user account across systems that syncs user data, automatically backs up to a cloud, syncs photos and videos, sends all traffic through an anonymizing relay, receives push notifications for essentially all apps, etc), would it contact fewer services?
beeflet · 20h ago
To some extent. You could do a lot of the syncing with a decentralized system like syncthing. You could use GPS for time.
Tor for anonymization and additional firewall-punching.
SkyeCA · 21h ago
Given the state of modern tech enthusiasts? The answer for many is likely no, no they have not.
os2warpman · 20h ago
I've tried to use it as my daily driver multiple times since 1997 but ultimately for me personally and the security posture I have chosen to adopt the utility of being able to copy and paste from my phone to my desktop without having to deploy and secure my own infrastructure outweighs any paranoiac doomsday delusions someone may try to implant in my mind.
MegaDeKay · 20h ago
Have you tried using KDE Connect? It is really impressive.
Does anybody know if all the Apple remote connection things happen on the MacOS level? I'm mostly using Asahi on my personal Macbook these days instead of MacOS and I'm curious if that cuts off everything or just many things.
SimianSci · 22h ago
Most of these connections are a result of the MacOS software and its particular resource needs.
I am no Asahi Linux expert and would defer to a maintainer for specifics, but im led to believe that any Apple Silicon mac requires that they still communicate some base hardware information during initial install due to activation requirements that Apple has for its silicon.
dusted · 20h ago
they must have missed one, I'm sure they can index 64 domains.. unless 0 means "don't do anything". Just be glad they didn't opt for a 16 bit register for the call home functionality :D
st3fan · 22h ago
What is the problem with this?
gchamonlive · 21h ago
It's the problem with the benevolent dictator. It's no problem as long as the dictator is benevolent. Also benevolence is a matter of reference. Something that might be ok for most, might not be for you.
There is also the question of ownership. Do you really own something you bought if you don't control its behaviour? Is it even moral to sell stuff to customers if they won't fully own it, or if the nature of ownership could change over time without user's having a say in it?
st3fan · 21h ago
thanks that is just a random rant
do you think it is a problem that the "benevolent dictator" operating system contacts an endpoint to keep its anti-malware list up to date?
gchamonlive · 20h ago
Do you have the option to change the list if you want to maintain your own? What happens if it starts blacklisting legit applications because it poses a threat to Apple's business model?
brookst · 21h ago
Can you explain how it would be less of a problem if Apple out every service begins one DNS name? That’s the complaint, right? Too many DNS names?
gchamonlive · 20h ago
No, the problem is always choice and ownership, not complexity.
SimianSci · 21h ago
There is no problem with this if you have any understanding of modern platforms and accept the current paradigm we all live in.
I imagine such things might be shocking to people who dont understand how connected the world is at this point, or who may have been living under a metaphorical rock when it comes to their computing.
astura · 21h ago
Depends on the company.
When Microsoft does it - most evil thing ever. Literally Satan.
When Apple does it - it's good, or at least benign. It's what the user expects.
oneplane · 21h ago
TL;DR: not really all that exciting. Apple also publishes a list of domains, ports and protocols and what they are needed for. The side-effects of filtering them usually means something doesn't work right or doesn't work at all (push messages, software updates, buying stuff, anti-theft - which will fail closed!).
> I have been trying to minimize to the extent possible the reach of big tech into my life
That's how integrated services on connected devices work; why the surprise? You can't both have a connected experience that works while also not connecting to hosted services that provide that functionality.
This isn't just Apple, anything that has any connected (cloud or anti-theft or otherwise) will need to function like this.
If your version of big tech is anything that provides managed services, you might as well get off the internet as it doesn't really provide that much value without it. That applies to basic services as well:
- Want email? Either go big or go home since you'll be attacked and spammed so much that unless you essentially learn to become an MSP for email for yourself it's not really feasible (and that includes all the GitHub projects we've seen on self-hosting; it's great as a one-off or hello-world demo, yet maintenance and knowledge is still required - time people aren't willing to invest)
- Want search engines? Extremely expensive to run, so you're going to consume one or not use one at all.
- Want to communicate with other people? They might use scary big tech and there is nothing you can do about it short of not communicating with other people (but that's antithetical to your wish to communicate with others).
- Want to communicate with business services? They might require you use known quantities such as specific operating system versions and configurations, certain apps, or they might not service you at all (banks, insurance, medical, transit etc.)
Can you apply a lot of time and energy to work around all of this? Possibly! But you end up not having much time left to do the things you actually wanted to do in your life. It essentially ends up similarly to what al_borland wrote: most large workflows and processes (regardless of governmental, for-profit businesses etc) don't want to make intensive exceptions just so 0.001% of their customers can be 'different', on one hand because it's not sustainable (you end up having one process for 99.99% of the users and many, just-as-expensive variations to that process for a bunch of individuals), on the other hand because it's not profitable (spending for one flavour and getting all the return on it vs. spending and getting practically no return on it).
npteljes · 20h ago
I don't get it either. Everything that is connected does this, if not specifically built for online privacy. If OP wants to limit the reach of big tech into their life, they need to get off big tech. Or prepare for a lifetime of workarounds.
realreality · 21h ago
I use a slow cellular connection and noticed some apple service (I could never figure out which one, even after installing an outgoing firewall) was aggressively uploading some large blob every time the mac woke from sleep, which made the whole connection useless for up to half an hour.
At some point, apple must've fixed this "bug", but the experience -- and apple's increasingly obtrusive software -- convinced me to switch to linux.
vbezhenar · 21h ago
My Macbook used to grind CPU for 10-20 minutes after every power on. That happened with literally fresh install and it does it every time. I don't know why does it do that. May be some indexing? This lack of transparency was one of the reasons for me switching to Linux too. I don't want my OS to do anything at all in background, that I didn't explicitly configured to. I want to be in full control of my software. Linux is far from perfect, but much better.
zamfi · 21h ago
Huh, which process was doing this grinding on your MacBook?
cguess · 20h ago
In my experience this is usually Spotlight indexing files/checking previous indexes etc. If you have any backup software running that will do it too.
npteljes · 20h ago
Lack of transparency is almost a feature for these systems, and definitely something that serves the vendor, not the user. My daily driver is a Linux for the same reason - there is just so much less bullshit going on, and if I want to find something out, I can.
simondotau · 22h ago
The way I see it is either you trust Apple or you don’t. To be clear, I think it’s perfectly reasonable to arrive at either conclusion, as it relates to your own needs and security posture.
Personally I choose to trust them. My trust is not blind, and they could lose my trust very quickly. But as it stands right now, they have my trust.
If you say that you don’t trust Apple, I don’t see how you could tolerate running any of their software. Relying on an operating system made by a company I don’t trust seems wildly irresponsible to me.
npteljes · 21h ago
I am of the same mind. In simpler cases, it would make sense to "resist", like buying a smart TV for its screen, and just never connecting it to the internet, because the software is shit. But in a case of an auto updating operating system? Forget the idea of controlling it. It will be whatever the vendor wants. Or rather, it's either drastic measures, like installing it from a local source and keeping it offline, or whatever the vendor wants. We can have achievements like blocking the IP for the news and weather, and then those widgets won't load, great. But we gained nothing.
I arrived on the same conclusion as you, that you cannot really selectively accept a service provider. Because of the nature of the ongoing relationship, posture evaluation would need to happen on every interaction, which is improbable. I don't think we can evaluate every update. So really, it's either trust, or no trust. No sense to lull ourselves into anything else.
I personally solve this for myself with compartmentalization. For example, I loathe Windows, but I use an LTSC edition of it for gaming, and only gaming. I don't trust them with my "life", so it doesn't get access to my data, just games.
lapcat · 21h ago
> The way I see it is either you trust Apple or you don’t.
That's so obviously a false dichotomy.
simondotau · 9h ago
That’s what you disagree with? If anything, I was expecting someone to insist that it’s not unreasonable to run software from a company you don’t trust. That’s an easy argument to steel-man, because there are many ways to run untrusted software safely.
But if you think that trust itself is a false dichotomy, I’d love to hear what that sounds like. I’m struggling to think of a good faith steel-man of this assertion.
lapcat · 8h ago
> But if you think that trust itself is a false dichotomy, I’d love to hear what that sounds like. I’m struggling to think of a good faith steel-man of this assertion.
There are obviously levels of trust. I'm truly baffled that you're struggling with this.
Your trust in a person, or a company, can increase or decrease over time. You can trust someone with some tasks but not with other tasks. Again, this is so incredibly obvious, I'm not sure why I have to point it out.
simondotau · 2h ago
What you’re describing is an assessment of risk associated with using untrusted software. There are absolutely levels of risk. I don’t trust Nintendo, but I don’t need to trust them in order to play Mario.
bell-cot · 18h ago
> The way I see it is ...
That's one way to view it.
One might also view the large number of Apple-owned domains here as evidence that Apple's infrastructure is a sprawling mess, and reduce trust accordingly.
simondotau · 9h ago
Really? I would’ve thought that lots of small self-contained systems feels very UNIX-like, and not a trust modifier.
crawsome · 22h ago
I'm curious what Microsoft and Ubuntu's experience is as well, so there's a frame of reference.
I skimmed that list, and Devil's Advocate; It seems like most of that is functional, stuff that they want to update in the background to make sure you have a better experience when you're back?
On the flip, I guess we think Apple is up to something shady? My last understanding was that they were firm they didn't sell user data. Did this change?
roblabla · 22h ago
A default linux install is incredibly silent on the network. You might be seeing some mDNS stuff, gnome/firefox may do some requests to detect captive portals, but overall the amount of network traffic is pretty small and manageable.
It's important to note that, generally speaking, Linux software does not come with default-enabled telemetry, and for those that do, distros like Debian will routinely patch out phoning home and telemetry from the software they package.
st3fan · 22h ago
That is only because there is barely any open source software for Linux that is backed by cloud services.
Now install Spotify, VSCode, Steam for Linux and you will see the same kind of chatter with backend services.
const_cast · 15h ago
VSCode is particularly chatty on Linux. You can use OpenSnitch to block those connections. I believe a lot of it is around extensions and the extensions market place. IMO, that's not the type of thing that requires constant background connections, and I could actually see that being a kind of vulnerability.
SkyeCA · 21h ago
> That is only because there is barely any open source software for Linux that is backed by cloud services.
Some of us would call this a feature. I am quite happy to have control over my computer and the data on it without having to trust third party cloud services.
joshstrange · 20h ago
Good, Linux will be perfect for you. The vast majority of people want/need a bit more than that. Most consumers have come to expect a certain baseline such as:
- Cloud Drive
- Up to date Weather/News
- Malware checks
- System update checks
- Push Notifications
and more.
Before you say "I don't care about News", sure but lots of people do and everyone has a different subset of the network-traffic-causing features. Yes, this means many things are "on by default" but, again, that's what the average consumer wants. HN is a completely different crowd with, sometimes, different wants/needs as compared to the average user.
SkyeCA · 20h ago
Sure some people want the news, but I find it kind of absurd that could justify a computer phoning home regularly. Making an API call when the user opens a news app is more than sufficient and quick enough to not notice.
"What about the news widget?" I find it difficult to believe the average user even remembers the news widget exists in Mac OS since it's hidden away in a non-obvious panel.
The most compelling cases for phoning home are OS updates and Drive like services, but at the end of the day this should all be easy to disable should the user want to.
> HN is a completely different crowd
Yes, HN is filled with the very worst kind of techbros who regularly defend bad practices under the guise of saving the average consumer from themselves.
nazgulsenpai · 20h ago
"Software I install" is a different metric than the "software that is part of the operating system itself".
awinter-py · 21h ago
> distros like Debian will routinely patch out phoning home and telemetry from the software they package
yes this. learning about the user-aligned patching in debian's chromium made me feel like I had made the right choice with desktop linux
jqpabc123 · 22h ago
My last understanding was that they were firm they didn't sell user data. Did this change?
My understanding is they have a long term relationship with Google worth about $20 billion a year. Other than money, does anyone really know the full extent of what they exchange?
Maybe this doesn't technically count as "selling" your data but it certainly counts as selling access to something important to Google --- which most likely, ultimately involves your data.
In other words, I don't believe Google pays them $20B to help maintain user privacy
SimianSci · 21h ago
Since the deal you mention was part of a lawsuit from the federal government, we actually do know alot about what gets sent between the two companies.
The $20 billion a year deal you mention only applies to safari users and ensuring that the default serach engine on apple devices is using Google.com.
The deal is far more about controlling competition and denying any potential competitors from being able to cut a deal with apple and thus reach a large volume of highly influential consumers. Im sure there was also value to be found in the search data of users as well, but the deal is mostly anti-competition.
There is very little go on beyond general mistrust when it comes to belief that Apple might be selling customer data.
Make no mistake, Apple spies on its users almost just as much as other tech companies. The difference looks to be that Apple keeps it all to themselves.
sybercecurity · 22h ago
My initial thought as well. May be overly chatty, but there may be a good intention behind it like "system seems to be idle for a while, now would be a good time to check for updates"
I'd wager Windows does something similar. Linux distros may do it, but also may not since they may not be obsessed with happy eyeball problems and user perception of speed/latency.
npteljes · 22h ago
Honestly, the list looks legit. Computers nowadays are semi-remotely-managed appliances. Internet is presumed, offline is not first, and offline is absolutely not exclusive.
>I have been trying to minimize to the extent possible the reach of big tech into my life.
I don't think this goal is possible, or worthwhile, on a big tech offering like a Mac + macOS. It can certainly be tried, but the user needs to be prepared for unforeseen consequences, and the override of the settings. It is like plugging in the ears to have a quieter life, in the middle of a metropolis. In the end, the context won't change. The direction of the platforms are clear, and the zeitgeist is bigger than all of us. The first option with a real impact is leaving the ecosystem.
Although, blocking some domains could be a good first step towards that. Rome wasn't built in a day.
TheNewsIsHere · 21h ago
As a counterpoint -
There are a lot of Apple services that get contacted because they can be contacted, not because they need to be. For example, I don’t use Home/HomeKit but it phones home to Apple several times a day if I allow it. The same with Apple News, Weather, etc.
You can prevent this in various ways but not out of box.
It’s possible to run macOS without an Internet connection. I value this, but it’s impractical and unnecessary for most people and most environments.
npteljes · 21h ago
What's the value for you of disabling these connections, like the Home/HomeKit contact?
I'm sure some fat can be trimmed, and it may not all be user-centric, but a lot of this had to do with the expectations users have these days with the data being always up to date, instantly available, and proactive about alerting them to things they may want to know about, like rain coming to your area in 30 minutes.
One of my big pet peeves is when I pick up my phone in the morning, go to open an app, and it starts updating, so I need to wait for the download/install. It just had 8 hours on a charger to do that, and instead it seems to wait until it's taken off the charger and unlocked. With auto-updates on, I'd much rather this happen when placed on the charger and inactive, than actively in use and off the charger. The same can be said for a lot of things on the desktop.
This ends up mostly being a question of transparency and user control. Which then becomes a question of how much time/money to they invest in features for 1% of users? Now how much time do they invest in those same features when the 99% will stumble in there, turn a bunch of stuff off, then call support and ask why their weather widget isn't updating?
* Windows is a spyware machine - how can anyone use it? Year of Linux baby!
When Apple has telemetry:
* It's working as expected.
So... to be fair, is there a thorough comparison of the two? How are they the same, and how are they different?
That sounds like telemetry?
Inside of those settings could be options to enable/disable telemetry, sure. But also push notifications, weather updates, virus definition updates, etc.
why does an os need to hit the internet AT ALL to work? osx doesnt of course
Does it actually need to hit these to work?
Here, the top-voted comment is OK with Apple software phoning home, but there's no evidence they are not equally OK with Microsoft software phoning home, so I'm contrasting this popular opinion with another popular opinion elsewhere.
Here's one example from a different user, where Microsoft is described as "the big daddy of spyware."
https://news.ycombinator.com/item?id=22246187
See also this sibling top-level comment from today:
https://news.ycombinator.com/item?id=44256951
But otherwise, you get constantly nagged to get iCloud and also sometimes for their media and gaming subscriptions
Finally, what people for some reason ignore: Apple has been an advertisement company ever since their app store became the majority share of their revenue.
Also, no, Apple makes nowhere close to a majority of its revenue from its App Store (source: https://www.visualcapitalist.com/charted-how-apple-makes-its...)
51% are iPhone sales 9% are wearables and home device sales 8% are Mac sales 7% are iPad sales
A portion of the 25% that make up services and subscriptions is advertising, in addition to Apple Music, iCloud, Google’s search default payment (20B/yr), etc.
Apple makes less than 5% of its revenue from advertising
I still believe that to be true, as you're splitting the advertisement revenue - in my opinion, all app store revenue is related to their advertisement business.
From my perspective, only counting the money that went into the advert itself is misleading, as the store itself is what the adverts are shown on.
If it was a more general advertisement network I'd agree with your splitting though.
I’m a shareholder, I read the reports. Apple make 70%+ of their revenue from direct device sales (no one else comes close to them)
I'm not saying that the numbers are false, but apple can ultimately freely choose how to categorize their revenue itself.
From my point of view, their advertising revenue inherently cannot be split from their app store revenue.
It's akin to me saying "I've only spent $50 on groceries yesterday", but omit that the actual cost was $100 because of added fees and taxes.
It's still technically correct, and a bookkeeper will categorize it as such, but it also incredibly misleading.
I hold that opinion because in the apple ecosystem, the customer journey doesn't end with the advertisement. Every successful capture inevitably ends with more revenue via their 30% cut.
And btw, I'm technically a shareholder too - though only in the low thousands (value, not #), so prolly a lot less then you ( • ‿ • )
Yes the person further up in this thread lists features other then telemetry, but that's literally the double standard. It's also did telemetry, just like windows does. Did you unironically think windows phones home only for telemetry, and not for various features too?
Because the article you're commenting on lists telemetry requests.
Your comment makes straight up no sense.
Are you saying that Apple still has the keys when Advanced Data Protection is turned on? And has access to the covered data even though they say the keys are only on the trusted devices?
``` A randomly generated UID is fused into the SoC at manufacturing time. Starting with A9 SoCs, the UID is generated by the Secure Enclave TRNG during manufacturing and written to the fuses using a software process that runs entirely in the Secure Enclave. This process protects the UID from being visible outside the device during manufacturing and therefore isn’t available for access or storage by Apple or any of its suppliers. ```
No comments yet
https://support.apple.com/en-ge/guide/security/sec59b0b31ff/...
This Quora claims otherwise: https://www.quora.com/How-can-we-unlock-our-iPhones-if-we-fo...
That’s way off the mark from reality. You can look at Advanced Data Protection. It’s not enabled by default for the sake of convenience, but it’s an option available to the users.
But yes, Year of the Linux Desktop, baby!
I'm unaffiliated with the owners.
> NOTE: Corporate IT departments no likee Little Snitch.
They didn’t like employees, exploring the network.
The problem with Apple is that __anyone__ sits in a 1% group of users in one way or the other. But they try to make a one-size-fits-all product.
This is in contrast to Linux where everybody can do whatever they like, and most things are opt-in rather than opt-out.
This is no different with Linux. How many Linux users use a desktop environment as-is without any plugins or tweaks? How many Arch users don’t have a single package from the AUR?
There are tools like Little Snitch on macOS to monitor and block all kind of network traffic.
Privacy vise this is an issue and the reason that messangers like signal and matrix would use their own services on android. However this reduced battery runtime by a good margin and android and ios get more aggressiv at killing background tasks each os iteration.
To make things worse, push notifications for matrix and signal where unrealiable, because manufacturers like oneplus, oppo and some others where killing all the background tasks against specification to win the influencer battery tests.
If regular users don’t think about these things, it’s because they’ve never thought about these ideas at all. If they did, and they are able to think, they should come to the conclusion that a 3rd party is necessary in some form.
(/s for those who need it)
I was under the impression it was all polling if you go down far enough, but at least because of central registration the phone only needs to poll one single pubsub service instead of a separate server per subscription.
Could be wrong though?
As far as I know, this is still what push notifications are built upon for an idle/sleeping device.
Carrier infrastructure knows which tower you last connected to, instructs that specific tower to broadcast a message telling your phone to wake up and fetch the remaining 80% of the notification content (the sms bit is usually just enough for your device to learn the UUIDs of the notifications)
That’s the end-to-end principle. Each host on the Internet is fully capable of listening on a socket and doing whatever its owner wants it to do.
The issue is when firewalls prevent incoming traffic, and when NAT prevents a host from even being on the internet. There’s not really a good reason for NAT with IPv6, but there are some good reasons for firewalls. They mostly boil down to human imperfection. The developers of one’s OS and software are imperfect, so the fact that a laptop sitting in Dallas can be probed by other computers in Frankfurt or Maseru thousands of times a second is an issue: a single bug will make one’s computer, and all its data, vulnerable. And users are imperfect, too. One might misconfigure one’s computer, and accidentally expose a service to the world.
There could be some approaches to mitigate these issues, but we’re probably stuck with firewalls forever. Which is really kind of sad.
Any push service works this way. The client contacts the server to be updated. The server gives a no data or a data response. The server cannot magically contact the client.
For better or worse, a lot of things on the Internet now assume that only "servers" can accept incoming connections, and therefore anything that needs to be "sent" to clients needs to be done by making the client poll a server over and over. True P2P apps (with no intermediary server) are pretty rare now, for a variety of reasons: some good reasons, some stupid reasons.
Organizations like Apple who service billions of devices cannot rely on a "push data to system only when something has updated" type of system, as such a system doesnt operate at their scale. They have to operate a system where individual clients are assumed to have an unreliable connection to the service, and where the client does the legwork of checking for new data stored in a centralized system.
This is what you are seeing in the article. Domains like [gdmf.apple.com] which govern device management, are where the declarative device management system is checking Apple's various databases to see if they need to update their configuration.
The number was just intended to illustrate the amount of communication that occurs.
That article: Microsoft reports every click you make
Is that the comparison you’re making?
This article: My Mac contacted 63 different Apple owned domains in an hour, while not is use
> while not in use
That is not "Apple reports every click you make", _very_ different from Microsoft. These requests seem like they are all for background tasks to keep data up to date when the user goes to use it. Now can you see a difference between that and _reporting_ on what you are doing?
Where did you get this information? Is it just a guess based on what Apple declared about these domains?
In the article, there is no info about the content sent to these Apple owned domains. For all we know, MacOS could send detailed reports on the user's activity.
[1]: https://www.joelonsoftware.com/2004/06/13/how-microsoft-lost...
I appreciate hand-off, and accept the overhead for supporting that.
Most data is encrypted at rest on Apple's servers and during transport. Check their documentation.
https://www.obdev.at/products/littlesnitch/index.html
And as much as you can use little snitch for programs you install, these days it seems an endless whack-a-mole to block Apple's stuff as there's so many requests all the time. The more time goes by, the more it seems that the concept of "personal" computer is gone: there's nothing "personal" about it anymore, it's the computer plus an amorphous blob of online services one has no control over.
Little Snitch might be able to tell which process triggered that, if you press the info button in the alert. I'll have to check next time it happens.
https://news.ycombinator.com/item?id=24838816
Small sample of telemetry and spying domains (out of date):
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocke...
https://raw.githubusercontent.com/Strappazzon/teleme7ry/mast...
https://learn.microsoft.com/en-us/windows/privacy/windows-11...
(slight /s here but I'm also serious)
2) One is less than 63.
3) Profit?
As such, I stopped buying Apple. I have not owned a Mac since the G4 days. I never attached it to the internet. I would use TCP/IP and a crossover cable to move files.
I always see a high vollume of traffic from other peoples' Apple computers on the wire that is not intitiated by the computer owner. To my sensibilities, this is cringeworthy. Because there is no way to turn if off. The computer owner has no control over it.
Apple fans can argue this is useful and convenient. That may be true. But that does not explain why it is mandatory, on by default and impossible to disable. I am not against useful options and convenience. I am in favor of control.
When I compile and install a NetBSD image the amount of mandatory network traffic is zero. It is up to me to decide what to enable. That's how I like it.
This week i configured Keyboard Maestro to turn off Wi-Fi and Bluetooth when my MacBook (M1 Pro) goes to sleep, and re-enable them on wake.
This has had a huge impact on the battery drain while not being used. Even when the lid is closed.
Would recommend.
The only point where this is not the case would be system probes, such as captive-portal check, OCSP, or NTP, but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Obviously I'm talking about what follows the name resolution.
> The connections themselves where data is transfered, are negotiated using TLS and thus encrypted.
They're not, as I said there are quite a few unencrypted ones. Last time I couldn't even set up a HomePod without allowing insecure connections.
> but none of these would be capable of portraying anything more than simple metadata, like your ip address.
Just the captive portal check alone contains things like the User-Agent, which has plenty more than just your IP.
Vendor lock in and tracking is all part of the Apple experience.
https://wiki.debian.org/PrivacyIssues
Tor for anonymization and additional firewall-punching.
https://apps.kde.org/kdeconnect/
There is also the question of ownership. Do you really own something you bought if you don't control its behaviour? Is it even moral to sell stuff to customers if they won't fully own it, or if the nature of ownership could change over time without user's having a say in it?
do you think it is a problem that the "benevolent dictator" operating system contacts an endpoint to keep its anti-malware list up to date?
When Microsoft does it - most evil thing ever. Literally Satan.
When Apple does it - it's good, or at least benign. It's what the user expects.
> I have been trying to minimize to the extent possible the reach of big tech into my life
That's how integrated services on connected devices work; why the surprise? You can't both have a connected experience that works while also not connecting to hosted services that provide that functionality.
This isn't just Apple, anything that has any connected (cloud or anti-theft or otherwise) will need to function like this.
If your version of big tech is anything that provides managed services, you might as well get off the internet as it doesn't really provide that much value without it. That applies to basic services as well:
- Want email? Either go big or go home since you'll be attacked and spammed so much that unless you essentially learn to become an MSP for email for yourself it's not really feasible (and that includes all the GitHub projects we've seen on self-hosting; it's great as a one-off or hello-world demo, yet maintenance and knowledge is still required - time people aren't willing to invest)
- Want search engines? Extremely expensive to run, so you're going to consume one or not use one at all.
- Want to communicate with other people? They might use scary big tech and there is nothing you can do about it short of not communicating with other people (but that's antithetical to your wish to communicate with others).
- Want to communicate with business services? They might require you use known quantities such as specific operating system versions and configurations, certain apps, or they might not service you at all (banks, insurance, medical, transit etc.)
Can you apply a lot of time and energy to work around all of this? Possibly! But you end up not having much time left to do the things you actually wanted to do in your life. It essentially ends up similarly to what al_borland wrote: most large workflows and processes (regardless of governmental, for-profit businesses etc) don't want to make intensive exceptions just so 0.001% of their customers can be 'different', on one hand because it's not sustainable (you end up having one process for 99.99% of the users and many, just-as-expensive variations to that process for a bunch of individuals), on the other hand because it's not profitable (spending for one flavour and getting all the return on it vs. spending and getting practically no return on it).
At some point, apple must've fixed this "bug", but the experience -- and apple's increasingly obtrusive software -- convinced me to switch to linux.
Personally I choose to trust them. My trust is not blind, and they could lose my trust very quickly. But as it stands right now, they have my trust.
If you say that you don’t trust Apple, I don’t see how you could tolerate running any of their software. Relying on an operating system made by a company I don’t trust seems wildly irresponsible to me.
I arrived on the same conclusion as you, that you cannot really selectively accept a service provider. Because of the nature of the ongoing relationship, posture evaluation would need to happen on every interaction, which is improbable. I don't think we can evaluate every update. So really, it's either trust, or no trust. No sense to lull ourselves into anything else.
I personally solve this for myself with compartmentalization. For example, I loathe Windows, but I use an LTSC edition of it for gaming, and only gaming. I don't trust them with my "life", so it doesn't get access to my data, just games.
That's so obviously a false dichotomy.
But if you think that trust itself is a false dichotomy, I’d love to hear what that sounds like. I’m struggling to think of a good faith steel-man of this assertion.
There are obviously levels of trust. I'm truly baffled that you're struggling with this.
Your trust in a person, or a company, can increase or decrease over time. You can trust someone with some tasks but not with other tasks. Again, this is so incredibly obvious, I'm not sure why I have to point it out.
That's one way to view it.
One might also view the large number of Apple-owned domains here as evidence that Apple's infrastructure is a sprawling mess, and reduce trust accordingly.
I skimmed that list, and Devil's Advocate; It seems like most of that is functional, stuff that they want to update in the background to make sure you have a better experience when you're back?
On the flip, I guess we think Apple is up to something shady? My last understanding was that they were firm they didn't sell user data. Did this change?
It's important to note that, generally speaking, Linux software does not come with default-enabled telemetry, and for those that do, distros like Debian will routinely patch out phoning home and telemetry from the software they package.
Now install Spotify, VSCode, Steam for Linux and you will see the same kind of chatter with backend services.
Some of us would call this a feature. I am quite happy to have control over my computer and the data on it without having to trust third party cloud services.
- Cloud Drive
- Up to date Weather/News
- Malware checks
- System update checks
- Push Notifications
and more.
Before you say "I don't care about News", sure but lots of people do and everyone has a different subset of the network-traffic-causing features. Yes, this means many things are "on by default" but, again, that's what the average consumer wants. HN is a completely different crowd with, sometimes, different wants/needs as compared to the average user.
"What about the news widget?" I find it difficult to believe the average user even remembers the news widget exists in Mac OS since it's hidden away in a non-obvious panel.
The most compelling cases for phoning home are OS updates and Drive like services, but at the end of the day this should all be easy to disable should the user want to.
> HN is a completely different crowd
Yes, HN is filled with the very worst kind of techbros who regularly defend bad practices under the guise of saving the average consumer from themselves.
yes this. learning about the user-aligned patching in debian's chromium made me feel like I had made the right choice with desktop linux
My understanding is they have a long term relationship with Google worth about $20 billion a year. Other than money, does anyone really know the full extent of what they exchange?
Maybe this doesn't technically count as "selling" your data but it certainly counts as selling access to something important to Google --- which most likely, ultimately involves your data.
In other words, I don't believe Google pays them $20B to help maintain user privacy
There is very little go on beyond general mistrust when it comes to belief that Apple might be selling customer data. Make no mistake, Apple spies on its users almost just as much as other tech companies. The difference looks to be that Apple keeps it all to themselves.
I'd wager Windows does something similar. Linux distros may do it, but also may not since they may not be obsessed with happy eyeball problems and user perception of speed/latency.
>I have been trying to minimize to the extent possible the reach of big tech into my life.
I don't think this goal is possible, or worthwhile, on a big tech offering like a Mac + macOS. It can certainly be tried, but the user needs to be prepared for unforeseen consequences, and the override of the settings. It is like plugging in the ears to have a quieter life, in the middle of a metropolis. In the end, the context won't change. The direction of the platforms are clear, and the zeitgeist is bigger than all of us. The first option with a real impact is leaving the ecosystem.
Although, blocking some domains could be a good first step towards that. Rome wasn't built in a day.
There are a lot of Apple services that get contacted because they can be contacted, not because they need to be. For example, I don’t use Home/HomeKit but it phones home to Apple several times a day if I allow it. The same with Apple News, Weather, etc.
You can prevent this in various ways but not out of box.
It’s possible to run macOS without an Internet connection. I value this, but it’s impractical and unnecessary for most people and most environments.