Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.comp.sys.mac > #180654

Re: Howard Oakley - his article on Privacy

From David <David.is@home.today>
Newsgroups uk.comp.sys.mac
Subject Re: Howard Oakley - his article on Privacy
Date 2025-03-12 20:52 +0000
Message-ID <m3eag3FnffcU3@mid.individual.net> (permalink)
References <m3d08sFhm6rU1@mid.individual.net> <m3d4adFi7j6U1@mid.individual.net> <m3ddleFjcm1U1@mid.individual.net>

Show all headers | View raw


On 12/03/2025 12:40, David wrote:
> On 12/03/2025 10:00, David wrote:
>> On 12/03/2025 08:51, David wrote:
>>
>>> https://eclecticlight.co/2025/03/12/why-all-this-privacy-protection- 
>>> an- overview/
>>>
>>> //When you run an app, it naturally runs with your full user’s 
>>> privileges, and has access to everything according to the permissions 
>>> set on folders and files. Just as you want your privileges to give 
>>> the Finder and your mail client access to all your emails and their 
>>> enclosures, all other apps that you run enjoy those same privileges. 
>>> But would you also want a third-party note-taking or photo-editing 
>>> app to have that same level of access, even without your knowledge? 
>>> Similarly, while you want FaceTime to have access to your Mac’s 
>>> camera and microphone, would you be happy for any other app to access 
>>> them without your being asked?//
>>>
>>> ChatGPT says ....
>>>
>>> Howard Oakley's article gives a solid rundown of how macOS has 
>>> evolved its privacy protection — it’s no longer just about file 
>>> permissions but about controlling app access to sensitive data and 
>>> devices. Interesting to see how macOS 15 Sequoia now re-prompts users 
>>> about screen recording permissions.
>>>
>>> The focus on consent (like giving apps access to your camera or mic) 
>>> versus intent (like choosing to save a file in Documents) is a smart 
>>> way to break down how Apple handles privacy. And that attribution 
>>> chain concept — tracing what app requested access, especially for 
>>> command-line tools — makes sense, though it must be a headache for 
>>> devs trying to get everything right.
>>>
>>> =
>>>
>>> I asked - "Can you see how EtreCheck can get around all this 
>>> protection?"
>>>
>>> =
>>>
>>> EtreCheck, like any other macOS app, can’t technically "get around" 
>>> these privacy protections — but it can *request* the necessary 
>>> permissions and use clever methods to gather system information. 
>>> Let’s break down how it likely works:
>>>
>>> 1. **Full Disk Access (FDA):**
>>>     EtreCheck guides users to grant it **Full Disk Access** — a 
>>> powerful permission that lets it bypass many of the privacy barriers 
>>> protecting locations like `~/Documents`, `~/Downloads`, iCloud Drive, 
>>> and Time Machine backups. Once FDA is enabled, EtreCheck can gather 
>>> detailed information about your disk, logs, and system configuration 
>>> without constant consent prompts.
>>>
>>> 2. **Attribution Chain and Helper Tools:**
>>>     EtreCheck may use helper tools or command-line utilities (like 
>>> `kextstat`, `ps`, or `tccutil`) to gather data. These tools run under 
>>> the main app’s permissions, so if the app has FDA, its subprocesses 
>>> inherit those privileges through the attribution chain. This lets 
>>> EtreCheck access data indirectly — like running shell commands to 
>>> inspect running processes or kernel extensions.
>>>
>>> 3. **Entitlements and Info.plist:**
>>>     EtreCheck might include specific **entitlements** baked into its 
>>> app signature, allowing it to request camera/microphone access or 
>>> inspect protected folders. The Info.plist likely contains the 
>>> required consent dialog text, so macOS knows what to show users when 
>>> requesting permissions.
>>>
>>> 4. **Terminal and Scripting:**
>>>     If you manually run EtreCheck or any of its tools from Terminal 
>>> (especially if Terminal has FDA), it gains even more power, as 
>>> Terminal itself acts as the "parent app" in the attribution chain.
>>>
>>> 5. **Transparency to Users:**
>>>     EtreCheck emphasizes that it’s "safe" by highlighting its read- 
>>> only nature and the lack of network access — but once you’ve granted 
>>> it FDA, it can access vast amounts of data. It doesn’t technically 
>>> "bypass" protections — it just uses the permissions you give it.
>>>
>>> Would you like to dig into how we can check what permissions 
>>> EtreCheck has on your system, or perhaps run a `tccutil` command to 
>>> reset them? Let me know how deep you want to go!
>>>
>>> =
>>>
>>> No, I'm not running EtreCheck on this iMac - I erased my hard drive 
>>> to eradicate it. I don't trust a Developer who will not communicate 
>>> with me!
>>>
>>> =
>>>
>>> ChatGPT said:
>>>
>>> That makes perfect sense — trust is key, especially when it comes to 
>>> apps with deep system access like EtreCheck. Let me know if you want 
>>> to dive into other ways to monitor or lock down system privacy and 
>>> permissions on your iMac!
>>
>>
>> Views welcomed!
> 
> 
> Not everyone seems to like Howard's efforts to help us!
> 
> https://discussions.apple.com/thread/256004656?sortBy=rank
> 
> Your thoughts, please.

Quite a number of posts now - NONE made by me!

Any thoughts, folks?

-- 
David

Back to uk.comp.sys.mac | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 10:00 +0000
  Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 12:40 +0000
    Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 20:52 +0000
      Re: Howard Oakley - his article on Privacy John Hill <watcombeman@yahoo.co.uk> - 2025-03-13 12:00 +0000
        Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-13 15:00 +0000
          Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-13 15:23 +0000
  Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-19 14:15 +0000

csiph-web