rentzsch.com: tales from the red shed

Apple Phones Home, Two

Mac OS X

Daniel Jalkut notes Mac OS X 10.4.7 phones home ostensibly for Dashboard security reasons. Apple, you know better than this. Daniel writes:

The problem is this feature popped up without my permission, and there’s no obvious way for me to turn it off.

Bingo. This is a replay of the iTunes “MiniStore” fiasco, which Apple eventually did the Right Thing about after getting a PR black eye.

Other writers will do a better job lambasting Apple over this (ooh boy, can’t wait for the Doctorow spittlefest), so I’ll skip the sermon. Instead, I’ll riff on a different point: vendors, trust and Little Snitch.

Little Snitch is developed by the fine folks at Objective Development — an independent party. It alerts you to new outgoing connections, allowing you to permit or deny them on-the-fly. It’s great at catching apps phoning home.

Given the OS-level nature and security benefit of this type of feature, I think it’s quite conceivable a future version of Mac OS X could roll in this functionality. And therein lies the rub: a security conflict of interest.

If 10.4.7 had Little Snitch-like functionality today, I bet Apple would have added dashboardadvisoryd to the default whitelist. After all, Apple knows it’s not malicious, right? Last thing Apple tech support needs is millions of users getting warnings about a new outgoing connection.

That’s the crux of my point: I wouldn’t trust Apple not to hobble such a security feature in their “favor”. This is exactly where you want an independent third party to provide the functionality. Even if 10.5 included such functionality, I’d still use Little Snitch since they lack an incentive to surreptitiously hide certain traffic (except for Little Snitch itself phoning home — just kidding).

Apple overall does pretty well, but between them hiding the “opt-out” option when asking for your personal information while installing Mac OS X (command-Q, by the way, will let you skip it), closing the source of the kernel, the iTunes MiniStore and now this, Apple sends out a creepy signal that it’s best to fend for yourself.

Tuesday, July 04, 2006
01:19 AM

Overview
Focus of this site
Contact Me
Topics
RSS Feed
Linkblog
Twitter

Most Popular
C4[1] Videos Available
PSIG 117 in August
C4[2]: Sep 5-7 2008
PSIG 112: Thu Feb 7 2008
PSIG 113: Thu Mar 6 2008
mogenerator v1.10
PSIG 114: Thu Apr 3 2008
PSIG 115: Thu May 1 2008
apple's antiCAPSLOCK
PSIG 111: Thu Jan 3 2008
PSIG 116: Thu Jun 5 2008
Programmers Don't Like to Code
Intel-based Mac Boot Incompatibility
iPhone vs. Treo
Google Cache Hacking

Recently Updated
Sat, Jun 07: C4[2]: Sep 5-7 2008
Tue, Jun 03: Programming Special Interest Group
Tue, May 27: Focus of this Site
Wed, Apr 30: PSIG 115: Thu May 1 2008
Sat, Mar 29: C4[1] Videos Available

Weblogs I Read
Andy Finnell
Bill Bumgarner
Brent Simmons
Daniel Jalkut
Dave Dribin
Eric Albert
Eric Rescorla
Eric Sink
Greg Miller
Gus Mueller
Jeremy Zawodny
John Gruber
Mark Dalrymple
Michael Tsai
Peter Ammon
Raymond Chen
Ryan Wilcox
Scott Stevenson
Steven Frank
The Daily WTF
we hates software
Wil Shipley

Copyright © 1997-2008 Jonathan 'Wolf' Rentzsch. All rights reserved.
Questions? Comments? Contact Me.