Enablers, that is what they are. If the EU manages to push that anti-encryption thing through, Apple will be the one forced to remove the App from your PC. 1984 is here already.
> Champions of privacy, phoning home a hash of every executable your computer runs!
What’s the matter with privacy? That’s a basic signature check, and you can do so while preserving privacy by using salted hashes or a similar solution.
There are two major somewhat misleading bits of buzz around macOS “phoning home” all of our executables.
1: among Windows, macOS and Linux only Linux distros don’t do such checks, and most of end-user Linux installations are arguably secure in spite of this—mostly because they are very rare and thus not a priority target for malware.
2: this only concerns files you launch. If you wrap your binary invocation in a shell script, that shell script’s hash will be sent, not your binary’s.
I don’t understand how salted hashes would obfuscate the query. Private information retrieval is much more complicated than private password storage, and how do we know what the protocol is?
Enablers, that is what they are. If the EU manages to push that anti-encryption thing through, Apple will be the one forced to remove the App from your PC. 1984 is here already.
Soon, phoning home a hash of every file your computer has.
> Champions of privacy, phoning home a hash of every executable your computer runs!
What’s the matter with privacy? That’s a basic signature check, and you can do so while preserving privacy by using salted hashes or a similar solution.
A centralized repository of all your executable hashes is a high precision fingerprint.
There are two major somewhat misleading bits of buzz around macOS “phoning home” all of our executables.
1: among Windows, macOS and Linux only Linux distros don’t do such checks, and most of end-user Linux installations are arguably secure in spite of this—mostly because they are very rare and thus not a priority target for malware.
2: this only concerns files you launch. If you wrap your binary invocation in a shell script, that shell script’s hash will be sent, not your binary’s.
5 replies →
Who is laughing at the Gentoo folks now ey?
Yes it is, but merely sending hashes doesn’t mean such a centralized repository exists. We need more information on the actual implementation.
For one, they now have a list of everyone running Tor.
They can perfectly do that without recurring to sending the hashes, using asymmetric cryptography.
But... this way the also gather some data.
I don’t understand how salted hashes would obfuscate the query. Private information retrieval is much more complicated than private password storage, and how do we know what the protocol is?