Beyond being technically incorrect (a firewall with a whitelist still works) you're missing the larger point: if you don't trust Apple not to surreptitiously access your data, you can't rely on Apple-managed security mechanisms to enforce it. Run this command to look at the list of applications which aren't subject to the application-level firewall (the lower-level packet filter does still apply):
That list breaks down into two categories: things which you can't safely be on the Internet without (e.g. security updates) and things which aren't enabled unless you enable them (iMessage, Photos, Music, Find My Mac, etc.) and load some kind of data you care about into them.
In the former case, your options are to enable it or switch to a different operating system — you may choose to schedule them but there's no good security policy where you don't install updates promptly.
In the latter case, people come up with these hypothetical scenarios where someone finds a way to, say, enable iCloud music or photos without your knowledge and then do … something … sketchy with it. The problem with this line of thinking is that if you use those services, you can't firewall them and if you don't you're trying to come up with a scenario where someone can start a service, login using MFA and deleting the notification emails, load your data without prompting, but somehow doesn't already have control of your system or an easier way to exfiltrate your data.
The person I replied to had an even sillier version: “Access to our personal data by Apple - intentionally or "accidently"”. That asks us to believe that there's some way Apple would want to access your data, deploy some kind of attack code which bypasses all of the prompts for each stage, but forget to, say, simply disable the firewall entirely or exfiltrate data through a hostname used for other purposes (such as the software update CDN). It's technically possible but it's so farfetched that Hollywood screenwriters wouldn't touch it.
Any time spent playing firewall admin like this would be far better spent enabling MFA on everything you use and reconsidering the other software you install. Defending against the OS vendor is close to impossible and where people in reality lose data it's due to third-party apps / browser extensions, insecure backups, etc. which are both far more important and much easier to make meaningful improvements.
> Beyond being technically incorrect (a firewall with a whitelist still works) ...
Does it really have to spelled out to you - it is meaningless to use an application firewall when you are not the one creating and controlling the whitelist!!
> if you don't trust Apple not to surreptitiously access your data, you can't rely on Apple-managed security mechanisms to enforce it.
Many of us don't - and that is why an operating system is extendable and we use third-party softwares on it. Just like we use anti-virus software on our OS. And sometimes we also use non-Apple softwares for products or features over Apple's because the third-party has a better product.
> The person I replied to had an even sillier version
Silly for you who are just evading the actual issue and instead want to try and focus the debate to "let's discuss your beliefs instead, and pretend everything is normal with an OS vendor deliberately crippling a useful software".
Yes, Apple does want access to your personal data. Yes, the deliberate crippling of firewalls on the macOS is an an ATTACK by Apple against its users towards this end. And yes, malwares can exploit the whitelist to hijack these whitelisted process.
All the other irrelevant babble you spouted on how you have to be "firewall admin" itself is laughable when all you have to do is toggle a button to control whether an app is allowed to connect to the internet.
> Defending against the OS vendor is close to impossible
It needn't be if the OS vendor has good intentions. And that's no excuse to shut up and not criticize them.
> Yes, Apple does want access to your personal data. Yes, the deliberate crippling of firewalls on the macOS is an an ATTACK by Apple against its users towards this end. And yes, malwares can exploit the whitelist to hijack these whitelisted process.
You need to think about this from a security perspective rather than that initial emotional response. You claim but have no evidence that Apple wants personal data and will not obey their own privacy policy. Again, if you believe that, use something else because that level of unethical behavior is incompatible with the level of trust you’re placing in them.
Continuing the theme, Apple did not “deliberately cripple” the firewall. ipfw still works, a VPN still gets all of your traffic, but when they added a new user-level socket filter they made the decision to exempt core services which are either unsafe to disable or only have effect when you voluntarily opt-in to their terms of service. You may disagree with this but it’s not an attack without some evidence of malice.
And, yes, it’s possible that someone can find an exploit in something like Photos or iMessage. The question you should be asking is how often that would stop an attacker because they wouldn’t have permission to disable your local firewall rules. You can click allow, and that’s why malware commonly approves itself, too.
This kind of local firewall is appealing for giving the illusion of security but most people are not going to be able to meaningfully assess the risk (“oh, a connection to AWS. Narrows it right down!”) and in practice these tools train people to click allow because after thousands of false positives that’s always worked. Enabling one for the apps on the list is especially prone to that because they only access Apple’s own servers.
> You need to think about this from a security perspective
An application firewall is a SECURITY software. Crippling it is stupid. And that is exactly why people are very pissed at Apple for doing so.
> Apple did not “deliberately cripple” the firewall.
Yes, they did - they crippled all APPLICATION firewalls. An application firewall controls what apps can access the internet. By deliberately creating a new API with a BACKDOOR to allow some Apple apps to connect to the internet, and forcing all firewalls to use only that API, Apple is intentionally crippling them.
> they made the decision to exempt core services which are either unsafe to disable or only have effect when you voluntarily opt-in
There are many who have been using such Application firewalls for years together, on previous versions of macOS, blocking such "core" services that they don't care about ... they are "core" only to Apple, not for users who don't use it.
> The question you should be asking is how often that would stop an attacker because they wouldn’t have permission to disable your local firewall rules.
This is just a diversionary argument from the fact that crippling firewalls and giving default internet access to some apps actually weakens the overall security of a system.
> This kind of local firewall is appealing for giving the illusion of security
There is no illusion - if you don't use iCloud, Maps, App Store etc., they don't need to unnecessarily connect to the internet and waste our bandwidth, or worse access and transfer our personal data. The same applies to any app on your system. Their job is to block internet access to specified apps and modern application firewalls do this in a user-friendly.
It is gross abuse by Apple to cripple this ability in their OS.
> There is no illusion - if you don't use iCloud, Maps, App Store etc., they don't need to unnecessarily connect to the internet and waste our bandwidth, or worse access and transfer our personal data
Which is exactly what happens now. You’re spending a lot effort protecting against an imaginary problem rather than the kinds of attacks which actually cause problems. If this terrifies you so much, add some ipfw rules and move on. Better yet, think about your threat model and block it at the firewall so you don’t have to rely on Apple to protect you from what you fear Apple will do.
No, it doesn't because I use an application firewall that BLOCKS them (I haven't upgraded to the crippled macOS). Moreover these are not "core" services and the OS functions fine even if they are blocked.
> If this terrifies you so much, add some ipfw rules and move on.
Why should I when the application firewalls I use are more user-friendly and require less effort? And why should Apple get to dictate what software I use or how I use it? (You may be fine with that and may have given in, some of us won't and we will be vocal about it).
> block it at the firewall so you don’t have to rely on Apple
No, Apple won't make me jump through hoops - the better plan is to DUMP apple if they refuse to value their customers needs. There are better alternate available.
> No, Apple won't make me jump through hoops - the better plan is to DUMP apple if they refuse to value their customers needs.
This was exactly what I suggested: if you’re paranoid about Apple’s intentions, switch OSes. Your level of distrust is never going to be satisfied by the decisions they make with the other 99.9999% of their customers in mind.
