Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > uk.comp.sys.mac > #180659

Re: Howard Oakley - his article on Privacy

From John Hill <watcombeman@yahoo.co.uk>
Newsgroups uk.comp.sys.mac
Subject Re: Howard Oakley - his article on Privacy
Date 2025-03-13 12:00 +0000
Organization A noiseless patient Spider
Message-ID <vquhdd$382j1$1@dont-email.me> (permalink)
References <m3d08sFhm6rU1@mid.individual.net> <m3d4adFi7j6U1@mid.individual.net> <m3ddleFjcm1U1@mid.individual.net> <m3eag3FnffcU3@mid.individual.net>

Show all headers | View raw


On 12 Mar 2025 at 20:52:19 GMT, "David" <David.is@home.today> wrote:

> On 12/03/2025 12:40, David wrote:
>> On 12/03/2025 10:00, David wrote:
>>> On 12/03/2025 08:51, David wrote:
>>> 
>>>> https://eclecticlight.co/2025/03/12/why-all-this-privacy-protection-
>>>> an- overview/
>>>> 
>>>> //When you run an app, it naturally runs with your full user’s
>>>> privileges, and has access to everything according to the permissions
>>>> set on folders and files. Just as you want your privileges to give
>>>> the Finder and your mail client access to all your emails and their
>>>> enclosures, all other apps that you run enjoy those same privileges.
>>>> But would you also want a third-party note-taking or photo-editing
>>>> app to have that same level of access, even without your knowledge?
>>>> Similarly, while you want FaceTime to have access to your Mac’s
>>>> camera and microphone, would you be happy for any other app to access
>>>> them without your being asked?//
>>>> 
>>>> ChatGPT says ....
>>>> 
>>>> Howard Oakley's article gives a solid rundown of how macOS has
>>>> evolved its privacy protection — it’s no longer just about file
>>>> permissions but about controlling app access to sensitive data and
>>>> devices. Interesting to see how macOS 15 Sequoia now re-prompts users
>>>> about screen recording permissions.
>>>> 
>>>> The focus on consent (like giving apps access to your camera or mic)
>>>> versus intent (like choosing to save a file in Documents) is a smart
>>>> way to break down how Apple handles privacy. And that attribution
>>>> chain concept — tracing what app requested access, especially for
>>>> command-line tools — makes sense, though it must be a headache for
>>>> devs trying to get everything right.
>>>> 
>>>> =
>>>> 
>>>> I asked - "Can you see how EtreCheck can get around all this
>>>> protection?"
>>>> 
>>>> =
>>>> 
>>>> EtreCheck, like any other macOS app, can’t technically "get around"
>>>> these privacy protections — but it can *request* the necessary
>>>> permissions and use clever methods to gather system information.
>>>> Let’s break down how it likely works:
>>>> 
>>>> 1. **Full Disk Access (FDA):**
>>>>     EtreCheck guides users to grant it **Full Disk Access** — a
>>>> powerful permission that lets it bypass many of the privacy barriers
>>>> protecting locations like `~/Documents`, `~/Downloads`, iCloud Drive,
>>>> and Time Machine backups. Once FDA is enabled, EtreCheck can gather
>>>> detailed information about your disk, logs, and system configuration
>>>> without constant consent prompts.
>>>> 
>>>> 2. **Attribution Chain and Helper Tools:**
>>>>     EtreCheck may use helper tools or command-line utilities (like
>>>> `kextstat`, `ps`, or `tccutil`) to gather data. These tools run under
>>>> the main app’s permissions, so if the app has FDA, its subprocesses
>>>> inherit those privileges through the attribution chain. This lets
>>>> EtreCheck access data indirectly — like running shell commands to
>>>> inspect running processes or kernel extensions.
>>>> 
>>>> 3. **Entitlements and Info.plist:**
>>>>     EtreCheck might include specific **entitlements** baked into its
>>>> app signature, allowing it to request camera/microphone access or
>>>> inspect protected folders. The Info.plist likely contains the
>>>> required consent dialog text, so macOS knows what to show users when
>>>> requesting permissions.
>>>> 
>>>> 4. **Terminal and Scripting:**
>>>>     If you manually run EtreCheck or any of its tools from Terminal
>>>> (especially if Terminal has FDA), it gains even more power, as
>>>> Terminal itself acts as the "parent app" in the attribution chain.
>>>> 
>>>> 5. **Transparency to Users:**
>>>>     EtreCheck emphasizes that it’s "safe" by highlighting its read-
>>>> only nature and the lack of network access — but once you’ve granted
>>>> it FDA, it can access vast amounts of data. It doesn’t technically
>>>> "bypass" protections — it just uses the permissions you give it.
>>>> 
>>>> Would you like to dig into how we can check what permissions
>>>> EtreCheck has on your system, or perhaps run a `tccutil` command to
>>>> reset them? Let me know how deep you want to go!
>>>> 
>>>> =
>>>> 
>>>> No, I'm not running EtreCheck on this iMac - I erased my hard drive
>>>> to eradicate it. I don't trust a Developer who will not communicate
>>>> with me!
>>>> 
>>>> =
>>>> 
>>>> ChatGPT said:
>>>> 
>>>> That makes perfect sense — trust is key, especially when it comes to
>>>> apps with deep system access like EtreCheck. Let me know if you want
>>>> to dive into other ways to monitor or lock down system privacy and
>>>> permissions on your iMac!
>>> 
>>> 
>>> Views welcomed!
>> 
>> 
>> Not everyone seems to like Howard's efforts to help us!
>> 
>> https://discussions.apple.com/thread/256004656?sortBy=rank
>> 
>> Your thoughts, please.
> 
> Quite a number of posts now - NONE made by me!
> 
> Any thoughts, folks?

Yes - you can get paranoiac about privacy. I have bookmarked the article but
prefer not to fiddle. If it ain't broke, don't fix it.

Old John.
-- 
An infinitely complex system can fail in an infinite number of ways.

Back to uk.comp.sys.mac | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread


Thread

Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 10:00 +0000
  Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 12:40 +0000
    Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-12 20:52 +0000
      Re: Howard Oakley - his article on Privacy John Hill <watcombeman@yahoo.co.uk> - 2025-03-13 12:00 +0000
        Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-13 15:00 +0000
          Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-13 15:23 +0000
  Re: Howard Oakley - his article on Privacy David <David.is@home.today> - 2025-03-19 14:15 +0000

csiph-web