Following the release of MacOS Big Sur on Thursday, Mac users began to experience issues with opening the app while connecting to the Internet. Apple’s system status page attributed the situation with the developer to issues with its developer ID notary service Jeff johnson Specifying that there were connection problems with Apple’s OCSP server.
Shortly afterwards, security researcher Jeffrey Paul shared a blog post titled “Your Computer Is Not Your”, in which he raised privacy and security concerns related to the Mac’s “founding home” on Apple’s OCSP server. In short, Paul stated that OCSP traffic generating MacOS is not encrypted and could possibly be seen by ISPs or even the US military.
Apple has since responded to that by updating its “safely open app on Mac” with new information, according to iPhoneinCanada. Here is the new “Privacy Protection” section in the full document:
macOS is designed to protect users and their data while respecting their privacy.
The gatekeeper checks online to check if the app contains known malware and the developer’s signed certificate has been revoked. We have never combined the data of these checks with information from Apple users or their devices. We do not use the data from these checks to know what individual users are launching or running on their devices.
Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.
These security checks never include the user’s Apple ID or the identity of their device. To protect privacy, we have stopped logging the IP addresses associated with the Developer ID certificate check, and we will ensure that any collected IP addresses are removed from the log.
Apple clarifies that user-specific data has not been harvested during security checks and that they plan to remove all IP information from the log. In addition, they plan to bring several changes to the system over the next year, including:
- A new encrypted protocol for developer ID certificate revocation checks
- Stronger protection against server failure
- A new priority for users to opt out of these security protections
Some users have advocated blocking traffic to Apple’s authentication servers, but it appears that Apple will offer this option to terminate users in the future.