Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > uk.comp.sys.mac > #180659
| From | John Hill <watcombeman@yahoo.co.uk> |
|---|---|
| Newsgroups | uk.comp.sys.mac |
| Subject | Re: Howard Oakley - his article on Privacy |
| Date | 2025-03-13 12:00 +0000 |
| Organization | A noiseless patient Spider |
| Message-ID | <vquhdd$382j1$1@dont-email.me> (permalink) |
| References | <m3d08sFhm6rU1@mid.individual.net> <m3d4adFi7j6U1@mid.individual.net> <m3ddleFjcm1U1@mid.individual.net> <m3eag3FnffcU3@mid.individual.net> |
On 12 Mar 2025 at 20:52:19 GMT, "David" <David.is@home.today> wrote: > On 12/03/2025 12:40, David wrote: >> On 12/03/2025 10:00, David wrote: >>> On 12/03/2025 08:51, David wrote: >>> >>>> https://eclecticlight.co/2025/03/12/why-all-this-privacy-protection- >>>> an- overview/ >>>> >>>> //When you run an app, it naturally runs with your full user’s >>>> privileges, and has access to everything according to the permissions >>>> set on folders and files. Just as you want your privileges to give >>>> the Finder and your mail client access to all your emails and their >>>> enclosures, all other apps that you run enjoy those same privileges. >>>> But would you also want a third-party note-taking or photo-editing >>>> app to have that same level of access, even without your knowledge? >>>> Similarly, while you want FaceTime to have access to your Mac’s >>>> camera and microphone, would you be happy for any other app to access >>>> them without your being asked?// >>>> >>>> ChatGPT says .... >>>> >>>> Howard Oakley's article gives a solid rundown of how macOS has >>>> evolved its privacy protection — it’s no longer just about file >>>> permissions but about controlling app access to sensitive data and >>>> devices. Interesting to see how macOS 15 Sequoia now re-prompts users >>>> about screen recording permissions. >>>> >>>> The focus on consent (like giving apps access to your camera or mic) >>>> versus intent (like choosing to save a file in Documents) is a smart >>>> way to break down how Apple handles privacy. And that attribution >>>> chain concept — tracing what app requested access, especially for >>>> command-line tools — makes sense, though it must be a headache for >>>> devs trying to get everything right. >>>> >>>> = >>>> >>>> I asked - "Can you see how EtreCheck can get around all this >>>> protection?" >>>> >>>> = >>>> >>>> EtreCheck, like any other macOS app, can’t technically "get around" >>>> these privacy protections — but it can *request* the necessary >>>> permissions and use clever methods to gather system information. >>>> Let’s break down how it likely works: >>>> >>>> 1. **Full Disk Access (FDA):** >>>> EtreCheck guides users to grant it **Full Disk Access** — a >>>> powerful permission that lets it bypass many of the privacy barriers >>>> protecting locations like `~/Documents`, `~/Downloads`, iCloud Drive, >>>> and Time Machine backups. Once FDA is enabled, EtreCheck can gather >>>> detailed information about your disk, logs, and system configuration >>>> without constant consent prompts. >>>> >>>> 2. **Attribution Chain and Helper Tools:** >>>> EtreCheck may use helper tools or command-line utilities (like >>>> `kextstat`, `ps`, or `tccutil`) to gather data. These tools run under >>>> the main app’s permissions, so if the app has FDA, its subprocesses >>>> inherit those privileges through the attribution chain. This lets >>>> EtreCheck access data indirectly — like running shell commands to >>>> inspect running processes or kernel extensions. >>>> >>>> 3. **Entitlements and Info.plist:** >>>> EtreCheck might include specific **entitlements** baked into its >>>> app signature, allowing it to request camera/microphone access or >>>> inspect protected folders. The Info.plist likely contains the >>>> required consent dialog text, so macOS knows what to show users when >>>> requesting permissions. >>>> >>>> 4. **Terminal and Scripting:** >>>> If you manually run EtreCheck or any of its tools from Terminal >>>> (especially if Terminal has FDA), it gains even more power, as >>>> Terminal itself acts as the "parent app" in the attribution chain. >>>> >>>> 5. **Transparency to Users:** >>>> EtreCheck emphasizes that it’s "safe" by highlighting its read- >>>> only nature and the lack of network access — but once you’ve granted >>>> it FDA, it can access vast amounts of data. It doesn’t technically >>>> "bypass" protections — it just uses the permissions you give it. >>>> >>>> Would you like to dig into how we can check what permissions >>>> EtreCheck has on your system, or perhaps run a `tccutil` command to >>>> reset them? Let me know how deep you want to go! >>>> >>>> = >>>> >>>> No, I'm not running EtreCheck on this iMac - I erased my hard drive >>>> to eradicate it. I don't trust a Developer who will not communicate >>>> with me! >>>> >>>> = >>>> >>>> ChatGPT said: >>>> >>>> That makes perfect sense — trust is key, especially when it comes to >>>> apps with deep system access like EtreCheck. Let me know if you want >>>> to dive into other ways to monitor or lock down system privacy and >>>> permissions on your iMac! >>> >>> >>> Views welcomed! >> >> >> Not everyone seems to like Howard's efforts to help us! >> >> https://discussions.apple.com/thread/256004656?sortBy=rank >> >> Your thoughts, please. > > Quite a number of posts now - NONE made by me! > > Any thoughts, folks? Yes - you can get paranoiac about privacy. I have bookmarked the article but prefer not to fiddle. If it ain't broke, don't fix it. Old John. -- An infinitely complex system can fail in an infinite number of ways.
Back to uk.comp.sys.mac | Previous | Next — Previous in thread | Next in thread | Find similar | Unroll thread
Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 10:00 +0000
Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 12:40 +0000
Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 20:52 +0000
Re: Howard Oakley - his article on Privacy John Hill <watcombeman@yahoo.co.uk> - 2025-03-13 12:00 +0000
Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-13 15:00 +0000
Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-13 15:23 +0000
Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-19 14:15 +0000
csiph-web