Comment by hk__2

4 years ago

> Champions of privacy, phoning home a hash of every executable your computer runs!

What’s the matter with privacy? That’s a basic signature check, and you can do so while preserving privacy by using salted hashes or a similar solution.

A centralized repository of all your executable hashes is a high precision fingerprint.

  • There are two major somewhat misleading bits of buzz around macOS “phoning home” all of our executables.

    1: among Windows, macOS and Linux only Linux distros don’t do such checks, and most of end-user Linux installations are arguably secure in spite of this—mostly because they are very rare and thus not a priority target for malware.

    2: this only concerns files you launch. If you wrap your binary invocation in a shell script, that shell script’s hash will be sent, not your binary’s.

    • What does the author of the operating system phoning home have to do with Linux not being a target for malware? It seems like you're mixing up two different issues with this.

      4 replies →

  • Yes it is, but merely sending hashes doesn’t mean such a centralized repository exists. We need more information on the actual implementation.

They can perfectly do that without recurring to sending the hashes, using asymmetric cryptography.

But... this way the also gather some data.

I don’t understand how salted hashes would obfuscate the query. Private information retrieval is much more complicated than private password storage, and how do we know what the protocol is?