Jeffrey Paul, founder of a security research and consultation organization in Berlin, recently broke some big news. More than two decades ago, Richard Stallman postulated through fiction the existence of a fairly scary monitoring system. Science fiction author Cory Doctorow had a similar theory. Now, it exists in the real world.
It’s almost as if Apple took inspiration from dystopian future science fiction to create a spying system embedded within their latest OS update. The makings of it were always there, but privacy conscious users ran third party tools built by other privacy buffs to circumvent it. You can’t do that anymore.
Apple monitors everything you do on your device as a hidden background process. It then sends this information back to Apple completely unencrypted. Why do they need a log of your every move? Equally as important, why do they need to send it unencrypted so hackers, ISP’s, and other third parties can have a log of your every move?
How Was This Discovered?
The latest version of MacOS is quietly sending a log of everything you do. Every time you open a program, it tells Apple everything it needs to know. It provides them with the date, time, information about your computer, the city and state you’re in, and your internet service provider along with an application hash.
They gave themselves away with a small hiccup. Recently their monitoring server became terribly slow, and when that happened, nobody’s apps would open if their computer was online. The MacOS process running in the background is designed to prioritize its needs over your needs. If it can’t report everything you’re doing, it simply won’t let you do anything. The OS grinds to a halt.
What Does This Mean?
Sending a wealth of unencrypted data about you to a hidden source who is using it for reasons they have not fully disclosed can mean a lot of things. None of them are good. For the past decade, Apple has openly been a part of PRISM. PRISM is a spying scheme instituted by the government, and its participants give any and all data they have to the military or the government with no questions asked and no warrant needed. It completely bypasses any structure of accountability.
In 2019, reports show that they might have done so as many as 40,000 times. Was any of it your information? You’ll never know. There was no warrant involved and you probably weren’t under investigation or even suspicion of anything you were aware of. You would never know your OS was spying on you.
It’s Not Just Your Computer
Your iPhone is spying on you, too. Apple has allowed themselves access to messages that users are led to believe are end to end encrypted. They’re not technically encrypted if an involved third party has an open license to read and store these messages.
iMessage and iCloud both send complete backups of every message you’ve ever sent and every photo you’ve ever taken directly to apple. They mislead customers with claims of encryption. This encryption might work from one sender to another sender, but it doesn’t count Apple out of the equation. Hackers gain access to celebrity iClouds all the time, despite these encryption measures. They’re not true encryption. They’re merely designed to provide a false sense of security that lures people into using Apple branded services.
Is There a Workaround?
People used to use a program called LittleSnitch to interrupt communications back to apple. VPNs also used to be an important tool for protecting user location privacy when using an Apple device. Big Sur, Apple’s latest update, is designed to invalidate these workarounds.
All of your activity, including your movements, will go directly back to Apple no matter what. They have seen to it that their data collection cannot be circumvented.
Just Don’t Do It
Being reluctant to the idea of having your entire life tracked isn’t something that’s specific to criminals or people who use the internet for nefarious purposes. If you left an abusive relationship or if you’re being stalked, the person who means you harm can easily obtain access to a wealth of data about you. This undoubtedly places users in an unsafe situation.
If you work a high-profile job and someone wants to blackmail you, they might be able to obtain enough information by intercepting this unencrypted transmission of information.
Apple’s current arrangement only benefits those with bad intentions by stamping out user privacy and simplifying unlawful government surveillance. The best course of action may be to stop using Apple products entirely.