Random Thoughts by Fabien Penso

Your computer isn't yours

Jeffrey Paul writes:

It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. (…)

This means that Apple knows when you’re at home. When you’re at work. What apps you open there, and how often.

Apple has complete control over its software, and while I trust them more than Google about my privacy, I don’t understand the purpose of knowing what app I run on my computer. The finding raised by yesterday’s issue when everyone upgraded Big Sur is disappointing.

Back in 2014, I wrote Apple is iPhoneifying its computer line. That drove me to build my own Hackintosh to have some control over my computer hardware.

This week with the release of the M1 chip and its unified memory, Apple’s control increased. You can’t add RAM later on the Mac Mini, the same way you can’t add disk space on laptops, and I expect you won’t be able on iMac either. I wonder how pros will welcome this on MacPros. I love the performance this new hardware supposedly has, but this comes at the price of no future upgrade.

Apple has reached its holy grail. They now control the hardware and the software like no other company before.


Jacopo Jannone wrote a technical post about what’s going on. macOS doesn’t send to Apple the app you run on your hardware, but the developer certificate information. Apple knows you’re running an application from Microsoft but doesn’t know which app. As Rene Ritchie found out, Apple updated its documentation, and users will be able to opt-out from those security protections. The fact they say this will be available over the next years feels rushed.


Gatekeeper performs online checks to verify if an app contains known malware and whether the developer’s signing certificate is revoked. We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

Notarization checks if the app contains known malware using an encrypted connection that is resilient to server failures.

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections