MacOS Big Sur Insecurities Debunked - You're Honestly Probably Fine. - Techlore
video description
- This video is NOT about MacOS vs linux or FOSS vs proprietary, it-s simply analyzing the massive claims being made and if they truly pose a threat to Apple Users.
- Just because MacOS is proprietary or -insert your complaint-, doesn-t mean a huge number of people don-t use it and want a balanced perspective on this.
- This video isn-t really created to defend Apple. But to defend truth and facts in the privacy world, since being known for misinformation and sensationalizing issues will only damage us in the long run.
Edit:
- As specified in the video, we don-t defend NSA surveillance, but the reality is escaping it involves an extreme threat model not relevant to the mainstream crowd. Any person using the NSA PRISM project as a justification for why a separate issue unrelated to it is bad, is trying to push a narrative that-s not necessarily there. Unencrypted OCSP is bad, period. Saying it-s 10x bad because NSA PRISM project and Room 641A and even including some false claims is sensationalism.
Edit 2:
- Hopefully you make your own conclusion from all of this. If you leave here disliking Apple, great! If you leave here feeling like this wasn-t as big a deal as it was made out to be, great! We just hope you now have the adequate information to make your own assessment and what it means for you.
Date: 2022-04-15
Related videos
Comments and reviews: 5
Kid
OCSP (Online Certificate Status Protocol) as well as it's predecessor CRL(Certificate Revocation List) is ALWAYS unencrypted. OCSP and CRL exist to validate certificates with the signing authority to make sure they haven't been invalidated.
Since certificate verification relies on transitive trust (A trust B, B trust C, therefore A trust C) making this protocol encrypted would cause a circular logic loop in the certificate verification process.
This insecure claim comes from someone who has no idea how PKI works. I understand that OCSP could be a privacy concern, but it's a small risk as it just validates the certificate. The privacy risk to OCSP is about the same as downloading ANYTHING off the internet. They can see what you downloaded and what IP you came from plus some metadata (easily spoofed. A simple VPN or ToR mitigates this. In some cases, OCSP can be disabled. However, without OCSP or CRL you would have no idea if a certificate was compromised or revoked. Don't do this.
OCSP is leaps and bounds better for security than CRL. Until some other protocol is developed and adopted, such is life. OCSP is good.
reply
OCSP (Online Certificate Status Protocol) as well as it's predecessor CRL(Certificate Revocation List) is ALWAYS unencrypted. OCSP and CRL exist to validate certificates with the signing authority to make sure they haven't been invalidated.
Since certificate verification relies on transitive trust (A trust B, B trust C, therefore A trust C) making this protocol encrypted would cause a circular logic loop in the certificate verification process.
This insecure claim comes from someone who has no idea how PKI works. I understand that OCSP could be a privacy concern, but it's a small risk as it just validates the certificate. The privacy risk to OCSP is about the same as downloading ANYTHING off the internet. They can see what you downloaded and what IP you came from plus some metadata (easily spoofed. A simple VPN or ToR mitigates this. In some cases, OCSP can be disabled. However, without OCSP or CRL you would have no idea if a certificate was compromised or revoked. Don't do this.
OCSP is leaps and bounds better for security than CRL. Until some other protocol is developed and adopted, such is life. OCSP is good.
reply
Biky
Your computer isn't yours. -Yours- means you got ownership over it. Ownership means that you control 100% how it is used and how it works. That's what ownership means. Other people having control over it means you don't own it (completely. The article may be right for different reasons, but the takeaway is true. And Linux isn't safe either, some distros have some very slight control over your system, like automatic updates and unasked-for telemetry. But even the most intrusive popular Linux distros is way more in your control than Windows and especially than macOS and even more so than Google's Android and iOS, the last 2 being the worst offenders.
You may be ok with not owning your hardware 100%. Maybe you don't care as long as you can use it in a way you like, even if it means someone else owns it. Heck you may be renting cars all the time for all that matters. Only you can care about the stuff you own or ---own. --- I, just like always, won't be touching anything Apple. And Stallman is right, even if I don't agree with everything he says, but I do appreciate his radicalism, we need more people like him.
reply
Your computer isn't yours. -Yours- means you got ownership over it. Ownership means that you control 100% how it is used and how it works. That's what ownership means. Other people having control over it means you don't own it (completely. The article may be right for different reasons, but the takeaway is true. And Linux isn't safe either, some distros have some very slight control over your system, like automatic updates and unasked-for telemetry. But even the most intrusive popular Linux distros is way more in your control than Windows and especially than macOS and even more so than Google's Android and iOS, the last 2 being the worst offenders.
You may be ok with not owning your hardware 100%. Maybe you don't care as long as you can use it in a way you like, even if it means someone else owns it. Heck you may be renting cars all the time for all that matters. Only you can care about the stuff you own or ---own. --- I, just like always, won't be touching anything Apple. And Stallman is right, even if I don't agree with everything he says, but I do appreciate his radicalism, we need more people like him.
reply
Dio
Well, thanks for the explanation and clarification. I don't completely trust Apple, as they are still part of the Big Five, but I guess they are better than the other four. Again, thanks for the clarification.
reply
Well, thanks for the explanation and clarification. I don't completely trust Apple, as they are still part of the Big Five, but I guess they are better than the other four. Again, thanks for the clarification.
reply
Jankubist
I tested if there is any other network traffic when connected to an VPN. Even when opening software, there is only an connection to the VPN service.
reply
I tested if there is any other network traffic when connected to an VPN. Even when opening software, there is only an connection to the VPN service.
reply
LinuxMathGuy
At the same time, this article seemed to increase awareness to privacy which is a good thing, even if it might be a little sensationalist
reply
At the same time, this article seemed to increase awareness to privacy which is a good thing, even if it might be a little sensationalist
reply
Add a review, comment
Other channel videos
14:37
9:45