I have just read the latest about the new update of macOS,
Big Sur. It is said to be a privacy invading update in a way Online Certificate (OCSP) Status Protocol requests are unencrypted and so 'vulnerable to passive monitoring'. This is the end of privacy to Mac users because everything about them is no more private to the extent VPN and Tor will not be able to bypass this. I could not believe before that iCloud data are
unencrypted but it is true and now I bprivacy .
I think this can be a thread for bitcoin and wallet users that are using macbook. These are the important points that I gathered below.
Apple’s most recent update, Big Sur, makes a feature that logs device activity for offline (and online) applications practically impossible for privacy solutions to bypass. VPNs and other firewalls cannot circumvent the feature. Security researchers suggest that users who care about their digital privacy explore other, open-source alternatives.
On Nov. 12, Mac users complained their computers were acting sluggish. This sluggishness coincided with the release of Big Sur, the latest Mac update fro Apple. After the update was released, a technical error disrupted the servers Apple uses for OCSP requests, the packets of data that verify a computer’s SSL certificate when it accesses online applications. Apple devices were shutting down because these OCSP requests weren’t reaching Apple servers
As some users looked closer, it became very clear why the devices failed when the OCSP servers were failing: Every time a user opens an application (even an offline one), that action is being tagged and traced by Apple’s OCSP servers. This feature was introduced in Apple’s Catalina update, but certain tools (like Little Snitch) could be used to bypass it. Now, with Big Sur, there’s no practical way for average Mac users to thwart the feature.
But these new revelations demonstrate some of the inherent flaws in centralized data collection – you have to trust Apple not to share this information (or trust them to not be coerced into revealing it to a government agency). In this case, though, Apple’s siloing of data through Big Sur may not even be the primary issue because these OCSP requests are transmitted unencrypted, meaning the contents can be read by any surveilling party that intercepts them. Thus, if Mac users want out from under Apple’s eye, they’re going to need to explore alternatives.
Mac update enables offline activity logging“On modern versions of macOS, you simply can’t power on your computer, launch a text editor or eBook reader, and write or read without a log of your activity being transmitted and stored,” hacker and security researcher Jeffrey Paul writes in a blog post.
The problem, though, is these OCSP requests are unencryptedand so “vulnerable to passive monitoring.” This leaves the data open to collection and parsing at the hands of “large-scale passive monitoring organizations” such as the U.S. National Security Agency (NSA).
Telemetry is a diagnostic process by which servers track how a device is used. Paul said the problem with Apple’s system here is that because this data is not encrypted, third parties can read it. Any entity tapping into these lines of communication can see what applications someone is using and when they use them. Before the Big Sur Mac update, VPNs or firewalls like Little Snitch would have kept your computer from leaking information. But Big Sur trumps this, said Valdas Petrulis, co-founder and lead software engineer at Mysterium Network, a decentralized VPN protocol..
This can later pose a threat for we bitcoin users that makes use of bitcoin wallets on MacOS computers, we need privacy, but tech giants like apple is trying all its best to finally compromise the privacy in a way we can not safely make use of Tor and VPN for bitcoin wallet privacy puroses.
https://www.coindesk.com/new-mac-update-data-privacy
