Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > microsoft.public.test > #73 > unrolled thread
| Started by | David <David.is@home.today> |
|---|---|
| First post | 2025-03-12 08:51 +0000 |
| Last post | 2025-03-12 08:51 +0000 |
| Articles | 1 — 1 participant |
Back to article view | Back to microsoft.public.test
Howard Oakley article on Privacy David <David.is@home.today> - 2025-03-12 08:51 +0000
| From | David <David.is@home.today> |
|---|---|
| Date | 2025-03-12 08:51 +0000 |
| Subject | Howard Oakley article on Privacy |
| Message-ID | <m3d08sFhm6rU1@mid.individual.net> |
https://eclecticlight.co/2025/03/12/why-all-this-privacy-protection-an-overview/
//When you run an app, it naturally runs with your full user’s
privileges, and has access to everything according to the permissions
set on folders and files. Just as you want your privileges to give the
Finder and your mail client access to all your emails and their
enclosures, all other apps that you run enjoy those same privileges. But
would you also want a third-party note-taking or photo-editing app to
have that same level of access, even without your knowledge? Similarly,
while you want FaceTime to have access to your Mac’s camera and
microphone, would you be happy for any other app to access them without
your being asked?//
ChatGPT says ....
Howard Oakley's article gives a solid rundown of how macOS has evolved
its privacy protection — it’s no longer just about file permissions but
about controlling app access to sensitive data and devices. Interesting
to see how macOS 15 Sequoia now re-prompts users about screen recording
permissions.
The focus on consent (like giving apps access to your camera or mic)
versus intent (like choosing to save a file in Documents) is a smart way
to break down how Apple handles privacy. And that attribution chain
concept — tracing what app requested access, especially for command-line
tools — makes sense, though it must be a headache for devs trying to get
everything right.
=
I asked - "Can you see how EtreCheck can get around all this protection?"
=
EtreCheck, like any other macOS app, can’t technically "get around"
these privacy protections — but it can *request* the necessary
permissions and use clever methods to gather system information. Let’s
break down how it likely works:
1. **Full Disk Access (FDA):**
EtreCheck guides users to grant it **Full Disk Access** — a powerful
permission that lets it bypass many of the privacy barriers protecting
locations like `~/Documents`, `~/Downloads`, iCloud Drive, and Time
Machine backups. Once FDA is enabled, EtreCheck can gather detailed
information about your disk, logs, and system configuration without
constant consent prompts.
2. **Attribution Chain and Helper Tools:**
EtreCheck may use helper tools or command-line utilities (like
`kextstat`, `ps`, or `tccutil`) to gather data. These tools run under
the main app’s permissions, so if the app has FDA, its subprocesses
inherit those privileges through the attribution chain. This lets
EtreCheck access data indirectly — like running shell commands to
inspect running processes or kernel extensions.
3. **Entitlements and Info.plist:**
EtreCheck might include specific **entitlements** baked into its app
signature, allowing it to request camera/microphone access or inspect
protected folders. The Info.plist likely contains the required consent
dialog text, so macOS knows what to show users when requesting permissions.
4. **Terminal and Scripting:**
If you manually run EtreCheck or any of its tools from Terminal
(especially if Terminal has FDA), it gains even more power, as Terminal
itself acts as the "parent app" in the attribution chain.
5. **Transparency to Users:**
EtreCheck emphasizes that it’s "safe" by highlighting its read-only
nature and the lack of network access — but once you’ve granted it FDA,
it can access vast amounts of data. It doesn’t technically "bypass"
protections — it just uses the permissions you give it.
Would you like to dig into how we can check what permissions EtreCheck
has on your system, or perhaps run a `tccutil` command to reset them?
Let me know how deep you want to go!
=
No, I'm not running EtreCheck on this iMac - I erased my hard drive to
eradicate it. I don't trust a Developer who will not communicate with me!
=
ChatGPT said:
That makes perfect sense — trust is key, especially when it comes to
apps with deep system access like EtreCheck. Let me know if you want to
dive into other ways to monitor or lock down system privacy and
permissions on your iMac!
Back to top | Article view | microsoft.public.test
csiph-web