[ad_1]
Recently, several Mac users complained that applications are opening slowly in macOS Big Sur or not opening at all. It turns out that the problem was caused by Apple’s OCSP (Online Certificate Status Protocol) service, which ensures that apps come from trusted sources. As a side effect, Apple has been criticized for collecting too much information from its users in the process, and security researcher Jeffrey Paul published a post titled “Your computer is not yours. ”
Paul claims that OCSP requests are not encrypted, which means that Apple (and your ISP) can access this information, in the applications you are opening and using on your Mac. In the past, there were applications to block this, though Big Sur has a new API that prevents it. As a result, it explains:
“In modern versions of macOS, you can’t just turn on your computer, start a text editor or e-book reader, and write or read without a log of your activity being transmitted and stored.”
Apple responds
As reported by The edge, Apple has responded to the complaints through a support page. If you go to the “Open Applications Safely on Your Mac” page, there is a new segment on “Privacy Protections”, which explains that a service called Goalie performs online checks to see if an app has malware and to verify the developer’s signing certificate.
The statement also says that Apple does not no use this data with information about users or devices:
“Gatekeeper performs online checks to see if an application contains known malware and if the developer’s signing certificate is revoked. We have never combined the data from these controls with information about Apple users or their devices. We do not use the data from these checks to find out which individual users are starting or running on their devices. “
To address privacy issues, Apple will also make changes to the way IP addresses are handled during developer certificate checks:
“These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks and will ensure that all collected IP addresses are removed from the logs. “
Additionally, Apple will introduce a couple of changes to the way it conducts security checks over the next year or so:
- A new encrypted protocol for developer ID certificate revocation checks
- Strong protections against server failure
- A new preference for users to opt out of these security protections.
If you are still experiencing slowdowns when launching applications on your Mac, disabling internet connectivity seems to solve the problem, even temporarily. In the meantime, you can read Apple’s full privacy statement here.