Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: David Newsgroups: uk.comp.sys.mac Subject: Re: Howard Oakley - his article on Privacy Date: Wed, 12 Mar 2025 20:52:19 +0000 Lines: 114 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Trace: individual.net ByrZUh2oYiu/Vx7A0G7t2AQ1Rf3PgEQL7qlHYOAjC0+EKkawsN Cancel-Lock: sha1:Ge6GxqHQ5jrPMf5IU/Sx+jwSyVE= sha256:V0fONYrCvxiLEmrDgladIx1JHbtakxqrmA6nDO26QSw= User-Agent: Mozilla Thunderbird Content-Language: en-GB In-Reply-To: Xref: csiph.com uk.comp.sys.mac:180654 On 12/03/2025 12:40, David wrote: > On 12/03/2025 10:00, David wrote: >> On 12/03/2025 08:51, David wrote: >> >>> https://eclecticlight.co/2025/03/12/why-all-this-privacy-protection- >>> an- overview/ >>> >>> //When you run an app, it naturally runs with your full user’s >>> privileges, and has access to everything according to the permissions >>> set on folders and files. Just as you want your privileges to give >>> the Finder and your mail client access to all your emails and their >>> enclosures, all other apps that you run enjoy those same privileges. >>> But would you also want a third-party note-taking or photo-editing >>> app to have that same level of access, even without your knowledge? >>> Similarly, while you want FaceTime to have access to your Mac’s >>> camera and microphone, would you be happy for any other app to access >>> them without your being asked?// >>> >>> ChatGPT says .... >>> >>> Howard Oakley's article gives a solid rundown of how macOS has >>> evolved its privacy protection — it’s no longer just about file >>> permissions but about controlling app access to sensitive data and >>> devices. Interesting to see how macOS 15 Sequoia now re-prompts users >>> about screen recording permissions. >>> >>> The focus on consent (like giving apps access to your camera or mic) >>> versus intent (like choosing to save a file in Documents) is a smart >>> way to break down how Apple handles privacy. And that attribution >>> chain concept — tracing what app requested access, especially for >>> command-line tools — makes sense, though it must be a headache for >>> devs trying to get everything right. >>> >>> = >>> >>> I asked - "Can you see how EtreCheck can get around all this >>> protection?" >>> >>> = >>> >>> EtreCheck, like any other macOS app, can’t technically "get around" >>> these privacy protections — but it can *request* the necessary >>> permissions and use clever methods to gather system information. >>> Let’s break down how it likely works: >>> >>> 1. **Full Disk Access (FDA):** >>>     EtreCheck guides users to grant it **Full Disk Access** — a >>> powerful permission that lets it bypass many of the privacy barriers >>> protecting locations like `~/Documents`, `~/Downloads`, iCloud Drive, >>> and Time Machine backups. Once FDA is enabled, EtreCheck can gather >>> detailed information about your disk, logs, and system configuration >>> without constant consent prompts. >>> >>> 2. **Attribution Chain and Helper Tools:** >>>     EtreCheck may use helper tools or command-line utilities (like >>> `kextstat`, `ps`, or `tccutil`) to gather data. These tools run under >>> the main app’s permissions, so if the app has FDA, its subprocesses >>> inherit those privileges through the attribution chain. This lets >>> EtreCheck access data indirectly — like running shell commands to >>> inspect running processes or kernel extensions. >>> >>> 3. **Entitlements and Info.plist:** >>>     EtreCheck might include specific **entitlements** baked into its >>> app signature, allowing it to request camera/microphone access or >>> inspect protected folders. The Info.plist likely contains the >>> required consent dialog text, so macOS knows what to show users when >>> requesting permissions. >>> >>> 4. **Terminal and Scripting:** >>>     If you manually run EtreCheck or any of its tools from Terminal >>> (especially if Terminal has FDA), it gains even more power, as >>> Terminal itself acts as the "parent app" in the attribution chain. >>> >>> 5. **Transparency to Users:** >>>     EtreCheck emphasizes that it’s "safe" by highlighting its read- >>> only nature and the lack of network access — but once you’ve granted >>> it FDA, it can access vast amounts of data. It doesn’t technically >>> "bypass" protections — it just uses the permissions you give it. >>> >>> Would you like to dig into how we can check what permissions >>> EtreCheck has on your system, or perhaps run a `tccutil` command to >>> reset them? Let me know how deep you want to go! >>> >>> = >>> >>> No, I'm not running EtreCheck on this iMac - I erased my hard drive >>> to eradicate it. I don't trust a Developer who will not communicate >>> with me! >>> >>> = >>> >>> ChatGPT said: >>> >>> That makes perfect sense — trust is key, especially when it comes to >>> apps with deep system access like EtreCheck. Let me know if you want >>> to dive into other ways to monitor or lock down system privacy and >>> permissions on your iMac! >> >> >> Views welcomed! > > > Not everyone seems to like Howard's efforts to help us! > > https://discussions.apple.com/thread/256004656?sortBy=rank > > Your thoughts, please. Quite a number of posts now - NONE made by me! Any thoughts, folks? -- David