fun fact: modern M1 chips on the latest macOS contact the apple TSS server for bootloader signatures via plaintext http just like an iphone, and transmit their ECID (unique SoC hardware identifier) in *port 80 total plaintext* letting the backbones/IXes/NSA/CIA know the physical location of that specific computer.

this is happening on the latest and greatest M1 machines being sold right now, on the latest macOS, on every OS update.

search pcaps for

So Apple living up to its expectation of being garbage?

What happening if one blocks this transmission?

@dsfgs @sneak probably doesn't boot, can't update again or initialize itself after a first install / wipe

@dsfgs that's not what abuse is. apple's boot security is worlds better than the tpm crap available on the pc side

@sneak @dsfgs then they improved something because it was shit a few years ago

We were speaking from the unencrypted surveillance part, but appreicate your insight into other aspects.

Partly related, we've been noticing a #post2016 trend, including in Firefox and linux distros to do #connectivityChecks regularly — some implementations unencrypted!

Using something like #tcpdump can help identify these. Of course at the hardware level, such software solutions can't help, one'd need other hardware intercepting/anonymising(?) the traffic, if possible.


@sneak @dsfgs is it possible to prevent the info leak by connecting to a wifi that has VPN on it? (Assuming the VPN can be trusted)

Ok, we weren't sure how they were connecting.

The danger is be for things to connect like #AmazonSidewalk, or you will have no router and connect direct to the #5G tower or #spaceExplorer's (memecoiner's) shartellite network.


If the VPN is behind the WiFi and not running on the Mac itself then yeah that cannot be bypassed.
@sneak @dsfgs
@sneak this apple phoning home bypasses VPN as well. Total fuckery

@woodrow i dont believe that to be true, what evidence do you have for that?

I did not test it myself and am trusting the person who posted it. He was testing an M1 Mac mini shortly after they were released.

@woodrow the contentfilterexclusionlist misfeature was ripped out shortly thereafter because we screamed about it. no more intentional vpn bypasses from apple at the moment.

@woodrow it was only in the betas and maybe one short lived GA release iirc

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!