not respond to anyone’s salients points other to call them shills.
where is the salient point? because the best I can get is that they dont send the "app hash" just the "apps cert id"
When did I argue for the security of Apple? I simply pointed to your logical fallacies.
no, you didnt argue for the security you just said its a circle jerk. you did not point out any logical fallacies you just said its a circle jerk which is not a fallacy, its just you wasting time to tell me im wasting time. youre just sucking air out of the world
I just posted this to bring visibility to a topic I think has been overlooked.
A lot of people may not be aware of this security flaw, or the general lack of security and privacy with apple products and proprietary software in general.
I know that most people will downvote anything criticizing apple because they are cultists, so it definitely wasnt for karma.
no, its just an additional attack vector, having the code to inspect makes validating updates much easier and more secure.
I'm evaluating the security of the software I'm using? what are you doing casually excusing a massive security flaw? you must not look either way before crossing the street
I believe in the security of open source software, because Ive worked with it for over 15 years but for some reason youre arguing with me that thinking apple is insecure is a circle jerk because google and microsoft are also bad. I know google and MS are bad, I talk about it all the time. I want to talk about how much better open source software is but because I'm shit talking apple you need to tell me how secure it is.
The idea that shills would even be here is laughable.
really? its just impossible for a corporation to have made a lemmy account? youre going aout of youre way to talk about how trustworthy apple is with literally no substance. was anything in the video wrong? no. you just want to tell me how trustworthy apple is and how much of a circle jerk it is to talk about their flaws. its impossible to tell a brain-dead apple lover from a chat bot.
you know whats funny about certs is you dont need to phone home to check them, (see SSL)
The issue is that they did it in a laughably insecure way that involved exposing every app that every person opened for years...
And yet sill this thread is super-saturated with shills telling me that im spreading misinformation and that apple is super secure and encrypts everything and you should trust them. so idk what is wrong with pushing back against their narrative?
The fact that existed for years is the problem. the fact that execs signed off on this at all means apple is terrible for privacy
I read the article and the only pedantic detail that was wrong in the initial report was that gatekeeper didnt send the "appication hash" it sent the "applications certificate id" which is a worthless distinction and changes nothing. you're acting like that somehow exonerates apple, and then just blindly believing what their PR person says. youd have to be a complete idiot or working for them to believe that crap.
if you trust everything a sales person says, I have a bridge to sell you.
there is no reason to believe any proprietary program does what is says, and even if you decompile it and convince yourself its not sending your keys home, they could update it at any moment.
what is misleading exactly?
the part where every app you open gets sent to apple along with third parties along with your IP?
because I'm pretty sure that's all 100% true, and I think its been true for over 5 years...
you're just suggesting that because they do one thing well they do everything well, which is a fallacy.
Also, any proprietary program that does "E2EE" is misleading you by omitting the part where they could totally steal anyones keys at any time with the push of a button, if they haven't already. it is completely laughable to suggest any proprietary E2EE program is secure!
so who is spreading the missinfo again?
EDIT: I found the pedantic mistake that they claim makes this "highly misleading": gatekeeper doesnt send the "application hash" it sends the "applications certificate id"
Bravo in finding this detail, but it doesnt change anything!
Apple was sending (1) what apps youre opening (2) in plantext to (3) third parties!
youre being missleading by suggesting that everything is encrypted!
where is the salient point? because the best I can get is that they dont send the "app hash" just the "apps cert id"
no, you didnt argue for the security you just said its a circle jerk. you did not point out any logical fallacies you just said its a circle jerk which is not a fallacy, its just you wasting time to tell me im wasting time. youre just sucking air out of the world