matt (support) wrote:autolog wrote:More detail on what Jay noted previously: Deeper look at Apple’s recent server outage reveals potential Mac privacy concerns
Yikes, it is worse than I realized. I'm shocked they are sending the query unencrypted. It is therefore trivial for ISPs (NSA, etc., too of course) to watch which apps you are launching and when. For a company that claims to be so privacy focused this is a huge misstep.
The way they should have done this feature: have a background task that periodically grabs (via HTTPS) a list of all dev certs that have been rejected. On app launch check the cert against the local cached copy of the list. This removes the privacy concern and prevents a slow server from hanging app launching.
This chap has a somewhat different take on the privacy concerns.
https://blog.jacopo.io/en/post/apple-ocsp/
Sent from my iPhone using Tapatalk Pro