Big Sur on M1 (and possibly on Intel) maintains a persistent, hardware-serial-number linked TLS connection to Apple (for APNS, just like on iOS) at all times when you are logged in, even if you don't use iCloud, App Store, iMessage, or FaceTime, and have all analytics turned off.
There's no UI to disable this.
This means that Apple has the coarse location track log (due to GeoIP of the client IP) for every M1 serial number. When you open the App Store app, that serial number is also sent, and associated with your Apple ID (email/phone) if you log in.
Apple knows when you leave home, or arrive at the office, or travel to a different city, all with no Apple ID, no iCloud, and no location services.
This has always been the case on all devices using iOS, too.
This change is essential for blocking such traffic, and I'm glad for it, but there is a long way to go when it comes to pressuring the pro-privacy forces inside of Apple to do more.
That seems to be stretching it. The user is informed about the IDFA on setup (one can argue that that is a violation), so it’s not like “Apple’s operating system creates the IDFA without user’s knowledge or consent” because they do inform you.
Regardless, you can always reset it if you want. And “at” WWDC 2020 (half a year before this complaint), Apple made cross app tracking opt-in.[0]
I applaud the EU for leading the way in consumer protection, but every time I hear about it in regards to technology, it always feels heavy handed with the arguments being a stretch sometimes.
It not stretching. The ePrivacy directive requires that user _is offered the right to refuse such processing by the data controller_, so it also refers to Apple itself.
This claim that Apple are tracking your location because they use TCP/IP to receive connections, has been made many times now.
Nobody has so far presented evidence that Apple does in fact geolocate people or even that they persistently store IP address information related to user accounts.
I don’t know for sure that they do not, but I do know that they are aware that keeping IP addresses is a potential privacy leak, and so at least some of their services are definitely designed to scrub ip addresses from records at the point of ingestion and replace them with anonymized keys before they are passed on to services within the company.
So they know that keeping IP address logs is a potential privacy issue and are working to alleviate that.
I would be surprised if they do this for everything yet, but as far as I can see Sneak is making only a theoretical accusation, and not one which he has more than speculation about.
As far as I can see, statements like these...
“Apple knows when you leave home, or arrive at the office, or travel to a different city, all with no Apple ID, no iCloud, and no location services.
This has always been the case on all devices using iOS, too.”..
...are complete bullshit as written, even though we can’t rule out the possibility.
“ Apple doesn’t retain a history of what you’ve searched for or where you’ve been.” is on Apple’s privacy page here: https://www.apple.com/privacy/features/
So if someone can find evidence for such accusations, perhaps there is some legal liability for Apple.
There are ways to communicate over the internet that don't disclose the source IP of the client doing the connecting. Tor also uses TCP/IP, so your oversimplification of my post is... not accurate.
> Nobody has so far presented evidence that Apple does in fact geolocate people or even that they persistently store IP address information related to user accounts.
We're talking about IP address logs related to hardware serials, which cannot be changed. User accounts can.
Perhaps Apple doesn't log your hardware UUID + IP. You'll have to take their word for it.
But there's even less guarantee that the government doesn't log that information.
After all, Apple dropped plans of implementing E2E encryption of iCloud backups after the FBI asked them [1]. So "Apple doesn't retain that info" might boil down to semantics since it might be allowing someone else to do it.
Apple had at least a partial implementation of e2e backup that was resilient to users losing their passwords, via something like friends-and-family secret sharing to perform data recovery.
The implementation was scrapped.
There are ways of solving these problems, throwing up hands and saying "it can't be done anyway" is silly. Apple has done a lot of things that couldn't be done: a computer without a floppy or serial ports, a phone without a keyboard, a headset without cables between your ears.
Building the iPhone was difficult. Building APNS and iCloud was difficult. Building the App Store was difficult. Building the Apple Watch was fucking difficult. Building the Ax line of mobile chips was difficult. Building the M1 was difficult. Don't forget about airpods, homepods, and all the other mindbendingly hard shit Apple does all the time now.
Apple does insane technical achievements on a regular basis. Secret sharing for e2e backups is well within their capabilities. Google even managed to e2e encrypt Android backups.
The problem is that Apple serves at the pleasure of the US military intelligence apparatus, and they know it.
It doesn't take a weatherman to know which way the wind blows.
Apple has to log client IPs on these systems to prevent abuse, to stop people doing things like scraping every public key for every iMessage user and then publishing the diffs.
IP to ISP/Location mapping is just a lookup table, and can be done at any time now or in the future.
Anyone monitoring the traffic outside of Apple can do it, as well. IIRC TLS client certificate information is not encrypted on the wire, but I'd need to review modern TLS protocol negotiation to confirm. This would allow anyone monitoring Apple's upstream, passively, to perform this same location logging that Apple does.
Apple knows this, so shipping systems that leak information in this way is tacit acceptance of the military spying going on on the networks to which Apple's servers are connected.
“Anyone monitoring the traffic outside of Apple can do it, as well”
Well this is true of every single connection made by every single app on every single device, for every upstream.
That means everyone is tacitly accepting the military spying going on on the networks to which their servers are connected.
That’s not actually an unreasonable position as far as I’m concerned, and you previous comments about this being true unless Tor is embedded have some validity. I say some because I’m unconvinced that Tor is quite ready to handle all traffic yet.
What is unreasonable is your focus on Apple.
By excluding the fact that your complaints are a general problem with TCP/IP and apply to essentially any service, you don’t seem to be doing a great job of informing people about the reality of the problem.
It’s also worth noting that if your position has now moved to how the tracking could be being done by someone monitoring Apple’s network rather than Apple themselves, you are tacitly acknowledging that your claim that Apple is keeping records of your location are just speculation.
Well anyone can do the same and you’d be none the wiser.
Unless of course you go on and install LittleSnitch or the Windows equivalent, which is something I’m not sure even the all of the HN does bother to do anymore.
And then you’re left off with trusting Microsoft or intel or AMD with their unaudited management engines running on-cpu with DMA access, oh and whatever is running in the EFI firmware...
Big Sur on M1 (and possibly on Intel) maintains a persistent, hardware-serial-number linked TLS connection to Apple (for APNS, just like on iOS) at all times when you are logged in, even if you don't use iCloud, App Store, iMessage, or FaceTime, and have all analytics turned off.
There's no UI to disable this.
This means that Apple has the coarse location track log (due to GeoIP of the client IP) for every M1 serial number. When you open the App Store app, that serial number is also sent, and associated with your Apple ID (email/phone) if you log in.
Apple knows when you leave home, or arrive at the office, or travel to a different city, all with no Apple ID, no iCloud, and no location services.
This has always been the case on all devices using iOS, too.
This change is essential for blocking such traffic, and I'm glad for it, but there is a long way to go when it comes to pressuring the pro-privacy forces inside of Apple to do more.