A Technical Look at the Privacy Implications of MacOS’s OCSP

Spread the love

Jacopo Jannone:

  • No, macOS does not send Apple a hash of your apps each time you run them.

You should be aware that macOS might transmit some opaque information about the developer certificate of the apps you run. This information is sent out in clear text on your network.

You shouldn’t probably block ocsp.apple.com with Little Snitch or in your hosts file.

It would be good for Apple to publish information like this, including a clear statement regarding whether they keep logs of these checks. I’m guessing they do not — why would they? — but it would be good be able to point to a clear statement.