Apple has released MacOS 11.0: Big Sur. While it has been greeted with the usual fanfare that greets just about every Apple announcement, concerns have surfaced that the update poses a new threat to user privacy.
This isn’t to say privacy issues are new when it comes to Apple. However, what is significant is that this release includes a software change that prevents a tool previously used by many users to ensure privacy from actually working.
Little Snitch
Little Snitch is a tool that blocks connections between your computer and Apple. The tool is used by some macOS users because the operating system sends messages to Apple about every thing you do on your machine when it’s connected to the internet. Many users aren’t aware of this. Indeed, even for those that are it isn’t a big issue. It makes sense for Apple to build some level of instrumentation into its products, right?
However, as this blog post by security researcher Jeffrey Paul explains, these connections – known as OCSP requests – aren’t secure. They can be easily viewed by anyone with access to the network, such as your internet service provider. Paul notes that a particular issue of concern is that Apple’s relationship with the PRISM project means that government agencies can request access to this data without the need for any kind of warrant.
This is the context for Little Snitch. It’s not hard to see why it has become so popular (indeed, Paul says that the tool is “the only thing keeping me using macOS at this point”).
However, Paul writes, the Big Sur release “has new APIs that prevent Little Snitch from working the same way [as it did previously]. The new APIs don’t permit Little Snitch to inspect or block any OS level processes.”
This is a subtle move that probably won’t receive much coverage in the mainstream press which is largely interested with new features cosmetic changes to the operating system. However, it’s an important story that demonstrates how digital rights are shapes by stealth.
How Big Sur stops Little Snitch from working
Surveillance Instrumentation in macOS depends on trustd, a daemon (ie. a process or program) designed to manage the way certificates (ways of identifying where specific pieces of information and data have come from) are trusted within a given network.
However, citing a tweet by security researcher Patrick Wardle, Paul explains that because trustd “is in the new ContentFilterExclusionList in macOS 11… it can’t be blocked by any user-controlled firewall or VPN.”
On Big Sur, trustd is in Apple's "ContentFilterExclusionList"
….meaning firewalls can't block it! 😭Welcome to the future? 😱 https://t.co/8PkmWkcZDS pic.twitter.com/ypYxLRGULn
— Patrick Wardle (@patrickwardle) November 12, 2020
In an update to his post (made Friday 13th November) Paul notes that it might be possible to turn off trustd. This by using a tool called bputil. However, he expresses some scepticism about how effective such a method will be in properly limiting the operating of trustd.
What’s the significance of all this?
The significance of this story is twofold. On the one hand it underlines the way in which technology companies can amend and adapt software by stealth in order to change its relationship with users. This emphasises a point made by technology critic Langdon Winner: “Technology is legislation.” Winner explains:
“For all of us… the possibilities for action and fulfillment we experience are deeply involved with the technologies that surround us – the way they are structured, how they operate, what conditions and requirements they impose. Together with our own bodies and our social ties, these technical things play themselves out in a variety of rules, roles, relationships, and institutions.”
In this sense, the change identified in Big Sur is a small but important change in legislation. It changes how we relate to Apple and, more importantly, how we relate to our devices and the way we use them. It frames what we might do and how we can do it.
However, on a more practical note, this change could also have an impact on the way Apple is viewed by technologists. As one Hacker News user commented in response to Paul’s blog post: “At this point I really wonder how any serious ‘hacker’ can work on such a device, it’s becoming the antithesis of everything that the original Hacker culture stood for.”