"Privacy concerns with macOS Big Sur"

I recently read a blog of a (paid) VPN provider I sometimes use that spoke of Apple’s apparent leaking of data from Apple apps [*] (emphasis added).

and further:

Has anyone else read anything about this recent attempt by Apple to improve ‘security’?

As a result of the new Apple protocol, on or around 12th November:

Does anyone know if/how this may affect the utility, privacy and security of using Scrivener as a non-Apple app?

Thanks,
Scrive
:astonished: :open_mouth: :confused:

[*] https://www.ovpn.com/en/blog/privacy-concerns-with-macos-big-sur

Effectively, what Apple is doing whenever you start an app on your Mac is to check if the developer’s certificate is still valid or if it has been revoked for whatever reason (think malware). So at least in intend, this is a good thing. Also, it means that Apple would only know that you started an app by developer X but not which one (so they would know you’re using an app by L&L but not whether it’s Scrivener or Scapple).

What’s not so great is that, by the very nature of an HTTP request, Apple would get the date, time, and your IP address. They have since released a statement saying they don’t match these information with any other info they may have on you (such as your Apple ID) and that they will stop logging the IP addresses.

There’s a bit more on the technical background and Apple’s statement in this article: 9to5mac.com/2020/11/15/apple-ex … -concerns/

The other issue, that some of Apple’s own apps are circumventing the firewall, has not been addressed by Apple yet, as far as I know.

1 Like

Scrivener has a valid Apple developer certificate and should pass any malware checks that Big Sur chooses to run.

However, all of the behavior described in the link is taking place at the Mac OS level, and is therefore completely outside Scrivener’s control. That is, while Scrivener is not tracking your information, we have no way to prevent other software on your Mac from doing so.

(Scrivener does periodically check to ensure that your license to use Scrivener has not been revoked. But it uses whatever internet access you provide in order to do so. It won’t bypass a VPN, for instance. The App Store version of Scrivener depends on Apple’s software for license management.)

Katherine

Hi Katherine,

Thank you for the clarification.

Stay safe,
scrive
:slight_smile:

In the interest of transparency, there are in fact some pseudo-anonymous trackers in the activation module the direct-sale version uses (Google and New Relic). We’d love to disable those, but there is no way to do so. Everything is documented on the privacy page.

On the Mac, users of Little Snitch will receive detailed information on each connection Scrivener makes autonomously, and can make an informed decision on which to block, based on what they want. For example you can block the stuff to Google without losing your ability to receive timely notifications of updates, or lift restrictions temporarily to activate the software.

1 Like