When you launch an app, macOS connects to Apple’s OCSP service to check whether the app’s Developer ID code signing certificate has been revoked by Apple. In November 2020, Apple’s OCSP service experienced a mass outage, preventing Mac users worldwide from launching apps. In response and remedy to this outage, Apple made several explicit promises to Mac users in a support document, which can still be seen in a Wayback Machine archive from September 24, 2023.
↫ Jeff Johnson
One of the explicit promises Apple made was that it would allow macOS users to turn off phoning home to Cupertino every time you launch an application on macOS. It’s four years later now, and this promise has not been kept – Apple still does not allow you to turn off phoning home. In fact, it turns out that last year, Apple scrubbed this promise from all of its documentation, hoping we’re all going to forget about it. In other words, Apple is never going to allow its macOS users to stop the operating system from phoning home to Cupertino every time you launch an application.
Even though the boiling frog story is nonsensical, it’s apt here. More and more Apple is limiting its users’ control over macOS, locking it down to a point where you’re not really the owner of your computer anymore. Stuff like this gives me the creeps.
“More and more Apple is limiting its users’ control over macOS”
In no reality was Apple ever in the business of user control. Anything users can do – not expressly blessed by Apple – is solely a byproduct of limitations the company has to accept.
Kver,
I’ve tried reading your comment several times, and I’m struggling to find an interpretation where these statements are not contradictory.
Essentially I’m saying Apple tries as hard as possible to lock things down so users do things “the Apple way” only, and when users do things they’re “not supposed to” it’s because Apple themselves are limited by what they can prevent – physically, legally, technologically.
Physically – Steve jobs was famous for wanting users to be unable to tamper with their machines, so as time has gone on that mentality stuck and they’ve used different screws, glue, parts pairing, everything physically possible to take control from the user. But it’s always physically possible to tamper with the hardware on some level.
Legally – Apple has fought every battle it could to maintain control over the supply chain, digital storefronts, and even software “allowed” to be installed on devices, such as your web rendering engine… But especially the EU is forcing Apple to compromise on what users are “allowed” to do, legally limiting their control.
Technologically – With software Apple has tried locking it to the hardware, blocking sideloading, making installing unsigned apps near impossible for regular users, using SIP, phone-home requirements, etc. Of course, software is software, which is notoriously hard to control.
Kver,
Ok, I see where I went wrong. When you said “user control.”, I read it like this “In no reality was Apple ever in the business of controlling users (ie user control)”, which contradicts everything else you say, but you meant it like this “In no reality was Apple ever in the business of giving users control (ie user control)”
Same words, but very different reads, Haha.
Hahah, I could have worded it better. I’ll blame a lack of coffee. XD
If I understand correctly, any LOCAL application that is run on Mac OS uses the INTERNET to ask Apple if it’s allowed to run?
That makes me so angry. I experienced something similar myself. I love playing Doom Eternal on my Linux computer, but a year or so ago Bethesda accidentally let some web certificate expire or something, whatever, the point is I was unable to play my SINGLE PLAYER OFFLINE GAME until they fixed the situation. Ugh.
Ummm … I’m not a hardcore Mac user so can someone fill in the blanks?
What would happen if your Mac is not connected at all (ie. offline) and you tried to use the app?
ponk,
The article from a couple of years ago provided some details about how OCSP is cached. At the time of apple’s outage the cache interval was a mere 5 minutes, in response apple upped it to half a day…
https://lapcatsoftware.com/articles/ocsp.html
Someone would need to check what it is today. And I don’t know what the behavior is when you’re either offline or behind a firewall. But my guess is that it would continue using the old cached credentials until they can be updated. Otherwise you’d be SOL.
I don’t have an issue with apple offering anti-malware/anti-virus services for macos. But I do have a problem with macos turning into a walled garden OS depriving owners of rights on their own machines. It’s really a power play being done in the name of security.
I hope I am not the only one appalled at the notion that a device purchased by the consumer for potentially thousands of (insert your currency here), is only a rental and must be blessed by the Anointed to run applications on it. Both Apple and Microsoft are increasingly making the user experience less friendly with every new OS update.
I don’t need or want either of those entities hovering over my shoulder telling me what I can use and when I can use it. Both of these corporations need to spend less time taking a knee to the shareholders and more time being consumer-focused.
SonicMetalMan,
Why would they do that though? In capitalism consumers are just a means to an end.
I don’t say this because I morally agree with it, but because it’s a pretty good predictor for where things are going.
It’s like a game of chess. Microsoft wanted to deprecate legacy win32 apps and move everyone into the windows 8 walled garden. How did that work out? People saw through it. As with Thom’s frog analogy, people are capable of seeing immediate consequences, but by playing a longer game several moves ahead, these corporations can slowly tighten their grip on the future outcomes without people necessarily realizing what’s happening.