Mac OSX Privacy Discussion - (If appropriate)

I have a question I want to ask a group of smart, knowledgeable people who are grown up, open-minded, and as unbiassed as possible (towards Apple fandom in particular). AskFedora seems about the only one I know of left! I’m therefore very interested to hear people’s views in here, but I was hesitant to post in case it’s not appropriate/permitted. I am sure someone will say or remove it if that’s the case, and I’ll understand of course.


Preamble:

It’s a Mac OSX question. I know there are people in here who have used Mac extensively before moving to Fedora, some still do use it. The opinions of such people has great value for me just due to their membership of this board. I have moved to Fedora for all my personal computing and slowly moving as many family and friends to it as well.

This is a major step forward for me in terms of privacy (thanks so much to so many people on here, hammerheadcorvette, boredsquirrel and many others), but for business purposes I think I have to remain on MacOSX for at least another year or two. I hate that idea, but I also know the huge workload I am undertaking if i move to Fedora for business machine, so I have to make a pretty enormous decision right now, which I’ll get to shortly.

I completely distrust Apple for reasons which are not just rational, but based on fact and personal knowledge/experience. I detest how they collect and handle the data of their often overly-trusting users (thanks to multi million dollar marketing campaigns with just ONE word:

To give at least a brief idea of the reasons (and aside from those discussed by TheHatedOne), here’s just a few of the less contentious ones:

  1. Their bowing down to CCP demands which are complex but roughly amount to ensuring “all data collected in China is stored on servers in China”, as demanded by the Chinese government where warrants are either not needed at all or are trivial to obtain for any reason, ensuring govt access any time they want for any purposes they want. Link and Link

  2. Apple’s massive income from Google for various purposes, from pre-installing Google apps like YouTube into phones, to making Google the (very non privacy respecting) default search engine in Safari and who knows what else. ‘Oh but they are just a big business with shareholders…’ - I KNOW! That’s why they should not CLAIM to be unlike all other big businesses! Fess up, say you want more money and will do whatever necessary, and I will respect you again. I won’t use you, but I will respect you at least for your honesty! Link and Link.

  3. The many launch daemons, telemetry and other junk connections to Apple servers even for services that the user has explicitly turned off (iCloud for example). I battled with this stuff for years, starting with this and later various others like this and this. The number of times my system has shown processes using ‘300%’ of CPU, whilst doing something I didn’t even want it doing, the machine gets hot and wastes power while stopping me working.

  4. Right to repair/planned obsolescence. On the former, Louis Rossman covered it well. On the latter - Grr. I have several damn good pieces of hardware which are all now just expensive paperweights according to Apple. I remember when it went ‘silicon’. My friend (big apple fan) told me I’d need new machines soon and i really should because bla bla. I remember questioning this (mainly due to poverty more than any technical/preferential reasons!) and was told (by what I thought was a both trusted and knowledgable source) the hardware is so different that the newer OS’s won’t run on the older tech. For the past, hmm, not sure, 5-8 YEARS I beleived that. Until recently finding OCLP, and realising not only that this was BS, but that my beloved and utterly reliable 2012/2013 iMac 27" (i7 with expensive upgrades) indeed CAN run any OSX version, including the latest Sonoma, you just have to ‘bypass the hardware flags set by apple to prevent installation’ (… to force users to buy new hardware). As I said, Grrr.

  5. About a billion tiny things I noticed but can’t recall the specifics of, over nearly two decades of use of Macs for 8-14 hours a day, 7 days a week. (Bear in mind I used LittleSnitch for a decade of that, and checked pretty much EVERY outgoing connection that I didn’t recognise (not easy for me, I am no dev), it built a very concerning picture over those years, but it’s impossible for me to cite any particular one example from that loooong list of ‘things I spotted’ that were so often:

  • Far from necessary for my machine to function properly
  • Far from necessary for my own usage needs
  • Suspicious or outright invasive from a privacy perspective.

Ok, that’s enough reasons for my distrust. There are more but the examples above are more than sufficient to demonstrate the sheer dishonesty of Apple in my opinion. These days I have more respect for MS and Google and maybe even FB (not that I use any of them), for ONE reason: They at least didn’t build their business on a LIE, fooling their users into a false sense of security. That is perhaps my biggest gripe with Apple, their blatant hypocrisy, something comically referred to by Gervais. But moving on…


My Dilemma:

Thing is, and it’s why I am posting this, I probably CAN switch to Fedora for business, but it will be a big upheaval. I will need to find alternatives for software I use (which isn’t on Linux), or I may need to keep an iMac in the office (possibly offline) for records/files/software. I am basically trying to find out other opinions in here about some of my beliefs (the ones I am not 100% certain of), to see which big leap to take. To stay on mac means buying a newer iMac, to leave means a huge time investment (and possibly a machine although I’d probably use my old powerful imac for Fedora if I switched). So…


My question:

Is it possible to use Apple Mac OSX in 2024, using latest OS’s, whilst preserving privacy?

I know the (brainwashed) Apple-Fanboy answer:

‘Yeah, you can trust Apple, because they say you can.’

I also know the most obvious intelligent answer:

‘Yes, avoid icloud and Apple apps and you are much more private’.

But ‘more private’ is relative, and when it’s up against what I believe is a huge privacy invasion, I’m not convinced it’s enough. But that said, I don’t know much about the newer operating systems. I suspect they are only worse than ever before, Apple never improves on this stuff, and with these new apps, TV, Health and nanny state type crap pre-installed, I assume it’s far worse now. But I don’t know that for sure.

I want full privacy, as close as possible anyway. And the other thing is, 99% of Apple users I have asked about this (over many years) respond with a variety of answers that all push the same general point, that Apple ‘protects’ users from privacy invasive stuff from all companies, EXCEPT Apple themselves. I want protection FROM them!


A brief aside:
For years I encrypted my HDD/SDD using Disk Utility and choosing a very secure password/key which i stored safely in physical form. Then some years back they enforced the process of installing the OS on an unencrypted drive, followed by letting the OS encrypt the data and generate a key. Now this could be one time you can accuse me of ‘paranoia’ but I have always had a sneaky suspicion this could have been done to get keys to people’s drive encryption. I know the counter arguments to this, very well. Ostensibly Apple did this (as the PR’s state) ‘To make it easier for people to use encryption and help people protect their data’. But you know what I think of Apple’s ‘statements’ already! (Especially when they ‘help’ their users get hooked into the Google Ecosystem.)
I actually resisted updating OS’s for YEARS based on this ‘slight suspicion’. But to carry on, I will have to bend over and accept this sort of stuff. Whether it’s nefarious or not, it grates me that I can’t encrypt my own drive, the OS has to do it ‘for me’.


Summary:

I want to SHUT OFF my data pipe to Apple, the tracking, the learning and analysing my stuff (iphotolibraryd, trustd, photoanalysisd and all the other evil ‘d(a)emons’ that ostensibly ‘protect me’ while actually feeding the Apple machine)

Does anyone here think you can use modern MacOSX while reducing the personal data/tracking etc to zero, or anywhere close?

If you’re here then thanks for reading, and thanks even more if you reply!

1 Like

From Ask Fedora to The Water Cooler

Added tech-talk

From The Water Cooler to Ask Fedora

Removed tech-talk

From Ask Fedora to The Water Cooler

Added tech-talk

This is not an Ask Fedora question but fits well in the “tech talk” water cooler :slight_smile:

I think you can block everything the machine does, by using a router with full control. Littlesnitch and other apps are not fully capable of getting all traffic.

You need something even lower than the OS, as even the firmware has internet (on intel with ME, remote management and more!)

So you need to be sure that the only way to connect that machine to the internet is through a device where you need to opt-in for any app and any connection.

You could allowlist for example a browser or mail program. But especially internal apps may not work anymore if you block certain traffic.

So even if you can block all traffic, assuming it only has wifi and no cellular network, you may not be able to use the device.

2 Likes

While I hope you receive your answers about how to “safely” use macOS, current and former macOS users are probably a minority here. Also, if you distrust the mac operating system as such, I think no answer will bring you real confidence (unless you’re willing to isolate the mac from the network, and only transfer files by printing them :grinning: ).

So I guess you might get more answers to the question (in case it is of any interest): How could I replace my mac software with Fedora/Linux alternatives, and/or how can I adjust my workflows to be able to use Fedora in the office?

4 Likes

If I do not use the apps then do you know of any tracking that apple does?

I know for a fact that windows, on the other hand, has tracking that I cannot turn off.

But I am not aware of tracking on macOS that is not directly related to using a service I opt into. Is there tracking that is not explicit?

1 Like

Thanks squirrel!
Great point. A couple of years ago I did look into a better router. I had an EdgeRouter but after a year of seeing it sat on my desk and never finding time to learn to set it up how I wanted, I gave up and sold it for the half the price! At the time I wanted a way to ‘dial in’ to my LAN when away, purely to access CCTV (via router VPN function). Network stuff confuses the hell out of me, always has, and I am just too busy and stressed to sit with a clear head and learn stuff that my brain really struggles with conceptually.

That said, for this purpose I could maybe take that on. I know there are tons of hostsfile type lists on github etc. I must have read every single thread on the interwebs that you’ll find with searches like ‘Mac OSX Privacy’. In fact I’ve probably read them all many times over the years! But still, there are lists out there for all the Apple telemetry type connections, that would be handy at router level. Hadn’t even considered that, thanks.

I should have said, no wifi and no cellular, ethernet is all I use.

A good point, totally fair and probably correct, but I am trying to believe I can make Mac work for another year or two (max), without feeling i need to take a shower every time I use it!

Ha, you’re ahead of me. That was my next plan of action if this thread didn’t make me feel Mac can be trusted, with some modifications/usage tips

1 Like

Sorry, not sure what you meant there.

Yep. I believe Apple is the same, maybe not, or more likely, maybe slightly less or better disguised. Apple is, after all (and contrary to statements made to the contrary) in the data business, albeit with their own slightly different approach/model.

That was my belief for many years. if you don’t want apple collecting/storing your data, just turn off icloud. I don’t believe that any more.

Whether they are storing it or not, I know many of the processes on Mac run even when those features are explicitly turned off, from icloud to Photos, causing high CPU for me and millions of others I am sure (most not aware, probably just bought a newer machine to get it to run fast again! (High CPU consumption of Photos processes photolibraryd and photoanalysisd. | MacRumors Forums)

What I am curious to know is if your belief is backed by evidence or just suspicion? I have not seen evidence myself, but I have not had reason to look closely for macOS. Should I be concerned?

An app will collect data when it does it is running and doing its job.
But if I do not use the app the no data is collected right?

Hard one to answer. Best answer would be ‘both’.

My belief came via evidence, but strengthened with suspicion. And suspicion is not necessarily a bad thing, if that comes from evidence too. In a court room, if someone is found to have lied about one part of a story, the jury may doubt his answers about another part of the story. Is their suspicion/doubt evidence-based, even about the other parts of the story? Hard to say, but I am someone who would naturally be suspicious after lies were told about anything, especially related stuff.

As an example, something that was written on 9to5Mac and others regarding Apple’s response to the PRISM program leak:

Apple also outlines the kinds of data it does not provide to government agencies. FaceTime and iMessage messages, which are encrypted, cannot be provided to government agencies because Apple chooses not to retain that data.

I know that to be false:

  1. I know that Apple has handed data from encrypted conversations to law enforcement.

  2. During the covid lockdowns, someone I know was arrested for being out buying some milk. He refused name and address so was arrested. His phone was taken from it at the station (a brand new iPhone, just a few weeks old and fully updated), connected to a device and all his data was downloaded. They read his texts and I think even his Signal messages but definitely his SMS and emails etc. No need to, but they did. This is ‘routine’ handling of arrested persons, I am told on good authority.

What gets me is, do some Googling about this sort of stuff and all you will find is bigmedia stories one after another about Apple protecting people from this sort of stuff (criminals included), the overall impression is ‘youre safe with an iphone, even if you’re a criminal’.

That said, unless I could actually show you the evidence (which I of course can’t) it wouldn’t be unreasonable of you to ignore my comments above, they are after all just the words of a stranger on the interwebs who could have an axe to grind (and I kinda do, but the above is the reason why!)

When it comes to MacOS, I had loads of files and documents about strange processes, what they do and why, and how many of them certainly do run when the relevant apps are closed or even disabled. But it’s on a hard drive I don’t have where I am, and it’s also probably 5+ years old so one could argue it’s no longer relevant anyway (if you were the trusting type!).

So, as I said, hard to answer as well as I’d like. I unfortunately can’t sit and paint a fully documented (and incontravertible) picture here, leaving zero doubts. I certainly have strong views and would not trust any of these companies, least of all the ones claiming to value privacy while making privacy policies almost impossible to fully assess for the average user. I mean, if it were me, and I were truly committed to privacy, I’d want to boast about my awesome privacy policy rather than bury it in a myriad of different locations, on different pages with a complex mesh of hard-to-find links from other pages.

A while ago there was the issue of the Apple gatekeeper checks, which checked apps whenever you installed/opened them, ostensibly to protect users from malware (which I am sure it did). There was a hoo-haa after a security researcher published a document about this system. It’s old news now and I can’t remember the specifics but I am pretty sure the ‘concerns’ were two-fold: First that Apple was scanning user’s apps at all (without making it clear they were doing so), and second that the information was not secure/encrypted in transit (i think that’s the case anyway).

The furore led two ways, to people saying ‘Trust Apple, they did nothing wrong, they’re just protecting users from malware’, versus people saying ‘and getting a record of every app you use, making it accessible to hackers via not securing the data being sent from the machine, and for all we know, keeping records of it forever’.

Of course the denials were huge, and the very friendly corporate media repeated the good stuff more than the bad. If you ‘google’ about it, you’ll get a heavily weighted list of results (big SEO budgets is a big deal) which generally paint a picture that Apple did nothing wrong, or at worst just made an innocent mistake. But if you look deeper, you find that whilst Apple professes its innocence, it also ‘made changes’ to improve the situation, such as ensuring encryption in transit. Did they get caught in a mistake of just failing to secure data, or were they caught red-handed in nefarious activity which they quickly ‘cleaned up’? I honestly don’t know. But the latter is not off the table for me. (It’s not exactly the first mistake - I am ‘sure’ (strong suspicion!) Apple gets a real IP during login process, bypassing any VPNs installed which only work after login, but VPN leaks are not a new ‘problem’ to Apple. Both on MacOS and Iphone)

Personally I think it’s important to remember that the gag orders on PRISM program members mean they are not legally ALLOWED to say the truth about some stuff, which also means they can lie (to protect the government and/or themselves, most likely both) and this gives them immunity if ever caught lying/giving misleading/false information about data collection and dissemination.

Of course the trust issue is a very personal thing, for example Apple’s membership of the PRISM program may be enough ‘evidence’ for some to say ‘screw them, they kept that quiet, they can/have/do/will/agreed to share data with government, i can never trust them again’. And that would be an ‘evidence-based belief’ in my eyes. But some may see it differently. I don’t claim to have the ‘correct’ viewpoint by any means. I just do have it, hence this thread.

I guess where I am on all of this is:

  1. I don’t trust Apple any more than I trust any big data corp.
  2. I want privacy from them, not just from the others.

I don’t know if that’s possible! It’s a horrible situation really, i just wish I didn’t need a Mac (for now). Maybe I should spend more time seeing if I can get around that problem, rather than constantly re-assessing what process/app/company I can trust!

I figure Apple is loyal to US interests. I’m in the US and like their interests. I figure if someone is going to do the spying, it may as well be from a US-based entity. My data has nowhere to go: US entities keep US data to themselves :stuck_out_tongue:

macOS is Apple’s OS. Windows is Microsoft’s. If they deem a certain amount of telemetry is required, as long as it isn’t visibly annoying fine.

On Windows a Local account and disabling the obviously-named AllowTelemetry under Policies\Microsoft\Windows\DataCollection is all most people remotely concerned with excessive telemetry need, but it’s more lucrative to trust YouTube videos and closed-source Spyware-B-Gone apps (probably submitting more telemetry than Windows to some out-of-country unsecured endpoint), unreadable mega-scripts, and custom Windows builds :person_shrugging:


For Apple, I rely on their walled-garden for security, including going all-in. T2 encryption, iCloud, the works. If I had any question on Apple’s privacy, I wouldn’t use their devices; no point in not using Apple’s Continuity and the connectivity if you have the devices.

I trust Apple to secure my data from average-joes with Kali if I leave my phone somewhere. I trust them to secure my iCloud if insert-badguy-country decides to launch an attack against me. I trust them to put up the usual law-enforcement barriers to protect my data from US-based law enforcement. I also trust myself to not end up in any of those scenarios :stuck_out_tongue: I trust Apple, and they haven’t given me reason to doubt them; neither has Google or Microsoft.

Apple is still top when it comes to Continuity and all device formats, and iOS is actually clean vs the wild-west of bloat you get with Androids :stuck_out_tongue: It’s beyond dumb that Google has GSI, vendors openly-implement GSI support, and then don’t allow the bootloader unlock required for GSIs. And my goodness Play Integrity Basic/Strong and the wacky stuff people are insecurely flashing ironically to workaround that; also hostile on Google’s end for silently blocking RCS.

I’ve ran lone-wolf Android phones (even OP6 with Windows ARM), had Nexus tablets when they were cool, and AsteroidOS on some LG and Sony smartwatches. It was fun, but I prefer Apple’s modern devices today for mobile.


If I was securing my devices against everyone possible, it’d be a Coreboot computer (probably C2D to totally disable IME), Tails, a 24/7 VPN outside of 14-eyes (like VPN.AC :p), and either something like a PinePhone with open-source hardware, or a USB modem and modem communications on the Coreboot computer.

Right now I’m way-less lax on what I was doing for digital privacy:

  • Windows 10 (it works no-nonsense)
  • LineageOS on a OnePlus 6 with Google Apps (I like Pokemon GO; can easily do OSM/F-Droid)
  • Email mix between Google and paid Posteo
  • No VPN (albeit I used to do Ashburn and yeah probably handed the gov my data straight to their preferred datacenters :p)
  • ISP DNS (I already pay em for internet; I’ve also heard video streams buffer better on ISP DNS vs 1111)

I think it’s possible, on the assumption that macOS is used by any major government agencies (Windows is). The same hardening techniques they do to reduce telemetry can be done by home-users, and NSA and DOD have some public papers about some stuff they do on Linux and Windows (never checked for macOS). If they aren’t public about the methods, any serious government wouldn’t be allowing untamed devices to be used, so the methods have to exist. I know iPhones have device management, but I can’t say I’ve heard of a defense contractor using a Macbook.

Like Intel Management Engine. Governments have the HAP bit. That can be set by home-users with me_cleaner. Aside from that project, there’s no such thing or mention about disabling Intel ME and you can’t (typically) request it from vendors as a normal person.

Or LTSB/LTSC editions of Windows. Yeah it’s that old ATM OS nobody should use nor can buy. Except it’s actually the cleanest edition of Windows with the longest support of 2032 :stuck_out_tongue:


First is figuring out what is tracking you. Maybe Apple has a giant toggle-all button called AllowTelemetry :stuck_out_tongue: Maybe it’s hidden behind a dozen individual tracking flags. Finding guides on disabling macOS telemetry is a good start. I’m not sure how macOS would do it, but on Windows I stick to GPOs I can set from Registry, and gsettings on Linux/GNOME.

If it’s Intel-based Apple hardware, there’s also Management Engine. If it’s T2, you’ll want to see if it calls home or does anything invasive.

1 Like

I got a MacBook Pro and use it for photo and video editing stuff. For the first 2 years I was into photography I tried to use Linux for editing but it felt like the tools just got in my way. I know it’s not as private as they claim, but it gets the job done that I need it for.

My biggest concern lately is all the AI integration coming in the next OS releases. Not just with Apple, but Windows 11 too. I haven’t kept up with Google but I’m sure it’s not much different with how much their AI will be integrated in Android, Chrome, and their services.

1 Like

So you have full trust. Good for you (not sarcastic), I wish I still did, I remember enjoying my computer time much more!

I haven’t mentioned and don’t seek ‘anonymity’ (silly and overused phrase as it is) and I am not trying to avoid dragnet surveillance here. I’d certainly like to avoid it, but that’s not my motive here. I have to use a Mac for business, I am gonna be sending packets through mirrored pipes, that’s a given. This this is about Apple, what it collects, and whether I can avoid it. Not because of who they may give it to, I just want to avoid them collecting data, my photos, my emails, my whatever. And purely on principle. I have no fear of any repercussions if they gave my entire hard drive to Columbo. I just want to know they can’t do so, if/when they try.

With regard to vpn.ac being inside the 14 eyes, that’s a ‘badge’, the importance of which I don’t subscribe to as fervently as many do when it comes to VPN choice. My use of a VPN is not to avoid global surveillance. It’s a decision made for one solitary purpose: To avoid having to place any trust in my ISP (for damn good reason). Nothing more nothing less.

The reason I mentioned Apple’s membership of PRISM was purely to point out that

A) They can’t possibly not be collecting and sharing data, that’s the basis of the agreement!

B) That their own words can’t be trusted directly due to the NDAs etc involved with such an arrangement. In fact they may well be required to lie to avoid prosecution or other unwanted repercussions of breaching said agreement/secrecy clauses.

For all we know, these ‘little accidents’ of unencrypted data going to gatekeeper services, or OS processes bypassing user VPN settings, could be something much more nefarious, like deliberate ‘backdoor’ type openings/vulnerabilities for whatever reason. I am not claiming that’s the case, but it’s far from being impossible. (I don’t even believe that’s the case by the way, just making the point, PRISM means secrecy and data collection/sharing, so all bets are off regarding ‘privacy policy’ or any other statements made about such things, to my mind at least.

But since you mention PRISM… and the last thing I want is a debate on a subject that isn’t the focus of my enquiry but just to refer back to one point: You spoke above about your full trust in Apple, stating:

Well as you brought up the ‘14 Eyes’, I’d assume you are aware that

“These alliances work together to collect and share mass surveillance data with each other. Beginning with the UKUSA agreement and Five Eyes intelligence sharing”

And this pretty picture helps us understand what sort of data we are talking about:

Your approach seems perfectly valid and you sound like you know your stuff. It seems you will use who you can trust, and if you can no longer trust them, you have a plan for going the entire opposite extreme where you trust nobody, and that plan looks robust. I am at neither of those two extremes though.

I always prevent myself using that awfully misguided phrase: “I have nothing to hide”, but I have to here, because firstly I think it’s relevant in light of your comment in relation to law enforcement where you said that you ‘trust yourself not to be in that situation’ (have you heard of persecution or false charges/evidence/accusations being aimed at an innocent person? Secondly because my distrust is on a principle basis rather than a pratical one. I don’t seek to protect myself, as there is no threat to myself if Apple were to spy on me even in the shower (except my emotions perhaps). I merely want to prevent a company doing something I believe strongly they shouldn’t be doing (which isn’t an accusation in itself).

I don’t lock my front door because I think someone is going to steal my property, but it’s nice to sleep knowing I didn’t leave it unlocked, just in case the wrong person tries the handle.

IME - To be honest I never truly believed that was a real risk to anyone. I don’t claim to know enough either way to have an opinion I’d rely on. However I did know someone a while back now who was in a very real position to have a valuable opinion (and he was extremely privacy-focussed). His view was that it was ‘more a theoretical risk than a practical one, I wouldn’t worry about it unless you’re planning to launch Wikileaks 2.0, and even then I’m not convinced it’s a real threat.’. That was a long while ago now though.

There’s no question Macs are nice for that stuff!
I am having similar problems myself with Fedora. I want to quickly draw some lines on images, i want to space bar preview files in a dialogue before uploading somewhere… I struggle a lot. But that’s from 15-20 yrs of using Mac and having it set up with everything I need. There’s much pain in leaving the reservation, so far I am tolerating it (for personal computing at least!)

AI - I think it’s only going to get ‘worse’ as far as it’s inclusion/infection (depending on POV!) in all devices. I give it 12 months before people will be asking their refigerator to provide instructions on making a sandwich. :smiley:

1 Like