Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-07-25 07:35:25 -04:00
Code Issues Projects Releases Packages Wiki Activity

consolidate information on app revocation checks

Browse source
This commit is contained in:
mfwmyfacewhen 2023-08-09 03:41:58 -05:00 committed by GitHub
parent 91ac91be42
commit cfe6bd7959
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

6
docs/os/macos-overview.md
View file

@ -13,11 +13,9 @@ There are a few notable privacy concerns with macOS that you should consider. Th
### App Revocation Checks
macOS performs online checks when you open an app to verify whether an app contains known malware, and whether the developers signing certificate is revoked.
macOS performs online OCSP checks using HTTPS encryption when you open an app to verify whether an app contains known malware, and whether the developers signing certificate is revoked.
Previously, these checks were performed via an unencrypted OCSP protocol which could leak information about the apps you ran to your network. Apple upgraded their OCSP service to use HTTPS encryption in 2021, and [posted information](https://support.apple.com/HT202491) about their logging policy for this service. They additionally promised to add a mechanism for people to opt-out of this online check, but this has not been added to macOS as of July 2023.
While you [can](https://eclecticlight.co/2021/02/23/how-to-run-apps-in-private/) manually opt out of this check relatively easily, we recommend against doing so unless you would be badly compromised by the revocation checks performed by macOS, because they serve an important role in ensuring compromised apps are blocked from running.
We recommend against blocking these checks.
## Recommended Configuration