This guy is why I read newspapers instead of watching Youtubers. That’s 13 minutes of my life I’ll never get back.
Here’s a summary of the video:
1/ Lockdown restrictions reek of police state. Boy that’s a hard one…
2/ Online retailers are allowed to sell nonessentials while brick-and-mortars aren’t. Boy that’s a hard one…
3/ If Apple products were repairable, Apple product owners wouldn’t have to go out to get their products fixed.
Holy shit I tried 3 times to copy paste the correct fucking video… updated.
Welp, it seems my Macbook will never touch a network again.
His rant videos about NYC commercial real estate are even more amusing.
Nice trick: you made me watch 13 minutes of that insufferable dude on a totally unrelated topic
Thank you for this! I love watching long, informative & thought provoking YouTube videos, but when it comes to important updates regarding something I use/care about, I’d rather have the facts right away then watch or read for 15 minutes, especially if I don’t have to.
That’s a summary of a totally different video.
Don’t bother watching this guy though: he’s just some dude winging it on camera instead of preparing the point he wants to discuss and exposing it clearly. An average Youtuber like so many others, in short. Not worth watching. You can get the same experience in 3D and with something nice to drink in your hand if you head down to your local bar.
Its funny I like the guys repair videos but this talk to camera shit he started doing is awful!
There are so many reasons I despise Apple as a company…
And I wish the actions described on this video were restricted to their products, but so many companies do that!!
Not sure if the worst is that they bypass your VPN without telling you, or the fact that they transfer it unencripted.
I mean… beyond the obvious bad aspects of it all, what worries me most is the stupidity (or plain disdain) behind it.
If someone is so stupid to not even care about encrypting an obviously invasive action… what else was built that stupidly as well?
Another pearl there:
“you can have a fast and efficient machine or have a secure one”… or you can just use something that is not apple! XD
I am usually the first to be critical of Apple, but for reference, this article has a different analysis of the issue:
The most interesting part, to me, comes at the end, where the article says that Apple has responded to the criticisms by saying that they will enable a preference to allow users to opt out of the new security precautions.
That whole link you posted @GrimEcho, reeks of “paid review” to me.
(not from your part. I’m criticcizing the author)
At some point there the author goes to the insane length of saying: “What Apple is doing is not bad at all, because ISPs could do worst if they wanted”
This is literally the same as defending a rapist because “a police officer is allowed to have a gun, so he could kill you”. it makes zero sense as an argument.
Or maybe I’m reading too much into it and the author just has no clue of what he’s saying…
Later on he starts to ramble that “there is no problem in capturing your data, because it’s really hard to find an use for an individual’s data”…
I mean… what?
Is he really trying to justify that because he has no use for your private data, then it should be “no biggie” for apple (or anyone sniffing your traffic) to gather your data?
Or when he claims that “ISPs could get more data from you if they wanted”… Even if we ignore that that should never be a valid argument in defence of Apple’s actions, it is just plain wrong!
An ISP can only track what you send over the web. if you run an app that does not communicate online, such as a video player, the ISP could never gain access to that.
And Regarding Apple’s announcement…
I find it funny that they claimed basically the same thing before the iClouds Leaks scandal, which led to investigations that proved they actually kept some metadata they previously claimed never to.
So hard to take that as a reality.
@Eyeux - yep, I pretty much agree with what you are saying. Many of the arguments the article states don’t make a lot of sense.
I will concede that I think the warden process does have legitimate purposes for securing applications. But I think there are ways it could be done without requiring client machines to “phone in” every time an application is launched to check if it’s security certificate has been revoked.
Other application repositories have combatted the issue of stale certificates differently. For instance, many of the core APT repositories on Linux simply update a list of rejected certificates that clients can download periodically. There’s a small chance that an application could be decertified, but still allowed to run on an individual machine because the client hasn’t been notified, but the risk is low and well worth the trade-off of not having to contact a central server every time an application is ran.
I agree with you there. Securing applications through hashing is not only a legitimate action, but it’s also an important security measure.
And the Warden process is basically a less efficient version a classic Checksum test that most Tech savy or Unix users have implemented for decades.
My beef there is with the way which it is implemented.
Traditionally, you would import the keys from multiple trustworthy sources, then compare the app hash locally. This is efficient and private.
Now what are the reasons to get this flow backwards? Literally none, from a security perspective.
Sending hashes and receiving approval statuses is far less secure than retrieving keys and run the check locally.
i.e. if the checksum is performed on your pc there is nothing short of a blue pill style software that would allow you to trick the Warden…
But when we are utilising network to send and receive this information, there is a plethora of methods available to get around it.
And I really doubt Apple isn’t aware of that.
And I can’t believe that Apple just made a “bad call”, when the consequence of such is that they gather a lot of personal data, exactly when bulk personal data is at it’s peak value.
But what really baffles me is the lack of encryption.
I honestly doubt anyone in charge of that system’s design would ever make such a mistake… unless that was intentional behaviour.
(Which, come to think, would be far too convenient given the legal hardships Apple is facing this year, be it with the FBI or with Corellium)