A great deal has happened in the two years since Apple promised that it would provide an option to stop online checking of certificate validity using OCSP, and that of notarization. Instead, it has introduced two quite different enhanced security modes: Lockdown Mode, and iCloud Advanced Data Protection. Although they’re both valuable, it’s surprising that Apple has put great engineering effort into those, but still can’t see its way to let Macs run without repeatedly connecting to its servers.
I’m no believer in conspiracy theories here. Unlike some, I still trust Apple; if I didn’t then I’d have stopped using Macs long ago. Like it or not, when you buy Apple hardware built with Apple’s own chips and running Apple’s own operating system and apps, you have to trust Apple, just as you have to trust a car-maker that your vehicle’s brakes won’t randomly fail, or its steering wheel come off in your hands. Once that trust is broken you can’t rationally continue to use their products.
Lockdown mode was introduced in macOS Ventura, and is intended to reduce the attack surface for the small number of users who might be targeted by the sort of sophisticated attacks mounted by government-related organisations. While it imposes sweeping restrictions on apps like Safari and Messages, it doesn’t appear interested in controlling the behaviour of third-party apps, and isn’t intended to promote anonymity.
Advanced Data Protection for iCloud extends end-to-end encryption of data stored in iCloud to cover backups, iCloud Drive, Photos, and some other features. It doesn’t set out to provide any anonymity, nor to conceal iCloud connections in any way, nor does it apply to external connections other than those to iCloud.
Each time that you open an app in Ventura, even if you use it frequently, macOS may perform two online checks, one to assess its notarization, and the other to check the validity of the certificate used to sign that app. As I have shown, these are made respectively to api.apple-cloudkit.com for the notarization ticket, and to ocsp2.apple.com for Apple’s OCSP (Online Certificate Status Protocol) service to validate the signing certificate. While both are now made over connections secured by TLS, that preserves the privacy of the exchanges, not their anonymity.
But if Apple is prepared to invest in improving macOS security protections, even for “the very few individuals who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats”, why hasn’t it fulfilled its promise to introduce a “new preference for users to opt out of these security protections”?
I don’t think that Apple’s promise to provide an option to disable notarization and OCSP checks was made with the support of a full engineering assessment of its feasibility, but was more of a commitment in principle, maybe even a knee-jerk response. From all that I see, those checks are cast in code that Apple’s engineers don’t want to disturb, least of all to open the possibility of abuse. If the user could disable them, what could ensure that malicious code couldn’t too?
There’s also an acceptance that, if you use a Mac or one of Apple’s devices, it will connect to Apple for a whole load of good reasons. And what could possibly be wrong with that? For a great many of us, including myself, there’s no downside, but that’s by no means a universal opinion. There’s a small but strong body of users who, for a variety of reasons, really don’t want their Macs when they’re in use repeatedly connecting to Apple. To get a feel for how extensive the problem is, this article lists all the connections that Macs and devices require. I count 75 for regular macOS, excluding MDM and enterprise/education/business.
Some now see these external connections as an essential part of the way that software operates. With so many products sold on subscription, it’s increasingly difficult to use any third-party software without it needing to connect to remote servers, and products have come to rely on being able to check that user is in good standing as far as their subscription goes.
There’s now serious doubt that you can do anything useful in macOS without access to the internet. What was once an enhancement seems to have become a tie that macOS and apps simply can’t do without.