Register / log in
Read News For Me
A server slowdown that coincided with the launch of the new Mac operating system, Big Sur, is causing a big stir about privacy.
That sound you heard midday Thursday was the collective groan of a million Mac users rebooting their super slooooow computers as Apple struggled with an apparent server outage.
The slowdown coincided (coincidentally or not) with the rollout of Apple’s new operating system, Big Sur—but Mac users who had yet to install the latest California-themed OS also had trouble getting their apps to work correctly.
Ironically, though Apple leans into pro-privacy rhetoric and Big Sur claims to bring privacy enhancements, the problem highlighted a larger issue about unencrypted data.
According to Mac developer Jeff Johnson, Macs couldn’t connect to a server related to the online certificate status protocol (OCSP), which is used to make sure a digital certificate is valid. Apple servers couldn’t keep up with the server requests.
In a recap of the issue, security researcher Jeffrey Paul said yesterday’s failure exposed a privacy issue that was already there:
“It turns out that in the current version of the macOS, the OS sends to Apple a hash (unique identifier) of each and every program you run, when you run it. Lots of people didn’t realize this, because it’s silent and invisible and it fails instantly and gracefully when you’re offline, but today the server got really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed to open if they were connected to the internet.”
So, when you’re online, Apple knows what apps you’re using. Moreover, it sends unencrypted OSCP requests, which internet service providers can see. (Decrypt reached out to Apple for comment, but has yet to receive a response.)