Inside Apple's move to ramp up security & privacy in iOS 12 & macOS Mojave

2»

Comments

  • Reply 21 of 31
    fastasleepfastasleep Posts: 6,408member
    welshdog said:
    So it sounds like Mojave will have built-in, all the features that one gets by using 1Password. I wonder if you can set it up to not use iCloud, but still do some sort of manual sync between devices?  I have logins, passwords, software keys etc. stored in 1Password, but I don't ever let it put the data in the cloud.  The app has a discrete Wifi sync function that I perform periodically to get all devices synced to the master file in MBP.  If Mojave can do this, I'll gladly dump 1Password.  I'm never going to be comfortable putting this kind of info in the cloud.  I know iCloud does a good job of protecting my data and my login to that data, but shit happens and I don't want any of that shit on my sensitive data.
    macOS Keychain is in iCloud and has been for quite some time, and never synced locally.
    watto_cobra
  • Reply 22 of 31
    croprcropr Posts: 1,122member
    rob53 said:
    Rayz2016 said:
    Being a Mac developer really is survival of the fittest. 🏃🏾‍♂️
    No, being a Mac developer is survival of willingness to protect consumers' privacy and personal information instead on making money off of it. Play by the rules, protect the customer and Apple and it's customers welcome you. Don't and you can go work for Facebook and Google, selling your soul to the highest bidder.
    As a developer I am failing to see any correlation between a Mac developer and privacy. 

    Any developer (Mac, Windows, Linux, iOS, Android, Web) who has European customers, is bound to the GDPR regulations.

    And by the way, Google never discloses/sells any personal information its is gathering
    gatorguy
  • Reply 23 of 31
    iqatedoiqatedo Posts: 1,822member
    rob53 said:
    Rayz2016 said:
    Being a Mac developer really is survival of the fittest. 🏃🏾‍♂️
    No, being a Mac developer is survival of willingness to protect consumers' privacy and personal information instead on making money off of it. Play by the rules, protect the customer and Apple and it's customers welcome you. Don't and you can go work for Facebook and Google, selling your soul to the highest bidder.
    Watched Tim Cook on CNN Money. Impressed with his demeanour, attitudes and Apple policies espoused. A breath of very fresh air. Thank you Tim.
    StrangeDays
  • Reply 24 of 31
    linkmanlinkman Posts: 1,035member
    welshdog said:
    So it sounds like Mojave will have built-in, all the features that one gets by using 1Password. I wonder if you can set it up to not use iCloud, but still do some sort of manual sync between devices?  I have logins, passwords, software keys etc. stored in 1Password, but I don't ever let it put the data in the cloud.  The app has a discrete Wifi sync function that I perform periodically to get all devices synced to the master file in MBP.  If Mojave can do this, I'll gladly dump 1Password.  I'm never going to be comfortable putting this kind of info in the cloud.  I know iCloud does a good job of protecting my data and my login to that data, but shit happens and I don't want any of that shit on my sensitive data.
    macOS Keychain is in iCloud and has been for quite some time, and never synced locally.
    If that's true then it won't work without an internet connection. Pretty sure you're wrong on this.

    https://support.apple.com/en-us/HT204085

    "When you set up iCloud Keychain, you can skip the step to create an iCloud Security Code. Your keychain data is then stored locally on the device, and updates across only your approved devices."
  • Reply 25 of 31
    StrangeDaysStrangeDays Posts: 12,834member
    lkrupp said:
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Of note is that is has been confirmed by MacBreak Weekly contributor and iMore writer Micha Sargent, who attended the presentation of this, that the new Gatekeeper will NOT be able to be turned off. Unless an app is a) from the App Store, b) developer signed, or c) Notarized it will not be allowed to launch, period. Leo LaPorte flew into a rage, Andy Ihnatko just shook his head. It's coming.
     i’ll believe it when I see it 
  • Reply 26 of 31
    MacProMacPro Posts: 19,718member
    sergioz said:
    “Apple has also confirmed macOS Mojave will be the last version of the operating system to support 32-bit apps "without compromises."”
    I thought that macOS High Sierra is the last OS to support 32 but apps? 
    That's what I had understood, it seems they extended the 32 bit life a wee bit longer, perhaps developers have been dragging their collective typing fingers.  

    Meanwhile I've set up a Sierra Partition on my main working Mac as a safety net for a few 32 bit apps and non APFS functioning items such as Fujitsu ScanSnap I will be needing for the long haul. /curses Fujitsu for not updating drivers for last few years on Mac version of an otherwise brilliant piece of hardware.
  • Reply 27 of 31
    macxpressmacxpress Posts: 5,801member
    MacPro said:
    sergioz said:
    “Apple has also confirmed macOS Mojave will be the last version of the operating system to support 32-bit apps "without compromises."”
    I thought that macOS High Sierra is the last OS to support 32 but apps? 
    That's what I had understood, it seems they extended the 32 bit life a wee bit longer, perhaps developers have been dragging their collective typing fingers.  

    Meanwhile I've set up a Sierra Partition on my main working Mac as a safety net for a few 32 bit apps and non APFS functioning items such as Fujitsu ScanSnap I will be needing for the long haul. /curses Fujitsu for not updating drivers for last few years on Mac version of an otherwise brilliant piece of hardware.
    If you had something like Parallels you could also setup a VM with Sierra or High Sierra installed and use the scanner there as well. Then you don't have to reboot back and forth. Just start the VM up. I don't see why it wouldn't work. 
    fastasleep
  • Reply 28 of 31
    lkrupp said:
    majorsl said:
    Hopefully the Developer ID/Notarize will have a free or small fee option (assuming it doesn't already) when it eventually becomes a requirement. There is a lot of great open source software that has been available for the macOS as zero cost for decades. Anyone has an idea about this?
    Of note is that is has been confirmed by MacBreak Weekly contributor and iMore writer Micha Sargent, who attended the presentation of this, that the new Gatekeeper will NOT be able to be turned off. Unless an app is a) from the App Store, b) developer signed, or c) Notarized it will not be allowed to launch, period. Leo LaPorte flew into a rage, Andy Ihnatko just shook his head. It's coming.
    Another example of extrapolating something.  Micah was not 100% correct.  The notary feature is being introduced as a beta, and not a requirement in macOS Mojave, though it will be implemented at some point.  Apple indicated they want feedback. Presumably, things like open source software and writing your own personal software are things for which they will receive feedback, and hopefully they will allow these special cases through some mechanism.  If not, then Leo can fly into a rage based on actual facts.
    fastasleep
  • Reply 29 of 31
    fastasleepfastasleep Posts: 6,408member
    linkman said:
    welshdog said:
    So it sounds like Mojave will have built-in, all the features that one gets by using 1Password. I wonder if you can set it up to not use iCloud, but still do some sort of manual sync between devices?  I have logins, passwords, software keys etc. stored in 1Password, but I don't ever let it put the data in the cloud.  The app has a discrete Wifi sync function that I perform periodically to get all devices synced to the master file in MBP.  If Mojave can do this, I'll gladly dump 1Password.  I'm never going to be comfortable putting this kind of info in the cloud.  I know iCloud does a good job of protecting my data and my login to that data, but shit happens and I don't want any of that shit on my sensitive data.
    macOS Keychain is in iCloud and has been for quite some time, and never synced locally.
    If that's true then it won't work without an internet connection. Pretty sure you're wrong on this.

    https://support.apple.com/en-us/HT204085

    "When you set up iCloud Keychain, you can skip the step to create an iCloud Security Code. Your keychain data is then stored locally on the device, and updates across only your approved devices."
    Huh? They were asking about syncing Keychain locally. It’s stored and synced via iCloud (see the Keychain toggle on your iCloud settings). But also stored on your device like anything else that syncs via iCloud. I never said it requires an internet connection to use.
  • Reply 30 of 31
    welshdogwelshdog Posts: 1,897member
    linkman said:
    welshdog said:
    So it sounds like Mojave will have built-in, all the features that one gets by using 1Password. I wonder if you can set it up to not use iCloud, but still do some sort of manual sync between devices?  I have logins, passwords, software keys etc. stored in 1Password, but I don't ever let it put the data in the cloud.  The app has a discrete Wifi sync function that I perform periodically to get all devices synced to the master file in MBP.  If Mojave can do this, I'll gladly dump 1Password.  I'm never going to be comfortable putting this kind of info in the cloud.  I know iCloud does a good job of protecting my data and my login to that data, but shit happens and I don't want any of that shit on my sensitive data.
    macOS Keychain is in iCloud and has been for quite some time, and never synced locally.
    If that's true then it won't work without an internet connection. Pretty sure you're wrong on this.

    https://support.apple.com/en-us/HT204085

    "When you set up iCloud Keychain, you can skip the step to create an iCloud Security Code. Your keychain data is then stored locally on the device, and updates across only your approved devices."
    Huh? They were asking about syncing Keychain locally. It’s stored and synced via iCloud (see the Keychain toggle on your iCloud settings). But also stored on your device like anything else that syncs via iCloud. I never said it requires an internet connection to use.
    So what does this mean then?  From the page he linked to: 

    "If you want keychain data to push to all of your devices, but not to the cloud, turn on iCloud Keychain on each device, but skip the step to create an iCloud Security Code."

    That sounds like it doesn't store data in iCloud, but somehow uses iCloud to move the data to the devices.  I might already be doing this - I use iCloud Keychain for passwords etc. that are not sensitive.  When I read the instructions, Apple tells me to go to Settings>iCloud>Keychain>Advanced in iOS.  On my phone and iPad I don't see "Advanced" as a choice. I may have set it up this way, but it's been so long I don't remember.  Apple could be more clear on this.

    EDIT: I re-read this article on Apple's unusual tactics for securing our Keychains.  In fact they do not store them in the cloud unless you create a Recovery Key.  But even that data is heavily encrypted and seems highly unlikely to become compromised.  If you have no key, the data moves between devices one item at a time and is not stored in iCloud.  Very interesting.  
    https://www.networkworld.com/article/2174973/smartphones/apple-reveals-unprecedented-details-in-ios-security.html

    When Apple says they are not in the data business and take the security of our stored data seriously, they really mean it.
    edited June 2018
  • Reply 31 of 31
    fastasleepfastasleep Posts: 6,408member
    welshdog said:
    linkman said:
    welshdog said:
    So it sounds like Mojave will have built-in, all the features that one gets by using 1Password. I wonder if you can set it up to not use iCloud, but still do some sort of manual sync between devices?  I have logins, passwords, software keys etc. stored in 1Password, but I don't ever let it put the data in the cloud.  The app has a discrete Wifi sync function that I perform periodically to get all devices synced to the master file in MBP.  If Mojave can do this, I'll gladly dump 1Password.  I'm never going to be comfortable putting this kind of info in the cloud.  I know iCloud does a good job of protecting my data and my login to that data, but shit happens and I don't want any of that shit on my sensitive data.
    macOS Keychain is in iCloud and has been for quite some time, and never synced locally.
    If that's true then it won't work without an internet connection. Pretty sure you're wrong on this.

    https://support.apple.com/en-us/HT204085

    "When you set up iCloud Keychain, you can skip the step to create an iCloud Security Code. Your keychain data is then stored locally on the device, and updates across only your approved devices."
    Huh? They were asking about syncing Keychain locally. It’s stored and synced via iCloud (see the Keychain toggle on your iCloud settings). But also stored on your device like anything else that syncs via iCloud. I never said it requires an internet connection to use.
    So what does this mean then?  From the page he linked to: 

    "If you want keychain data to push to all of your devices, but not to the cloud, turn on iCloud Keychain on each device, but skip the step to create an iCloud Security Code."

    That sounds like it doesn't store data in iCloud, but somehow uses iCloud to move the data to the devices.  I might already be doing this - I use iCloud Keychain for passwords etc. that are not sensitive.  When I read the instructions, Apple tells me to go to Settings>iCloud>Keychain>Advanced in iOS.  On my phone and iPad I don't see "Advanced" as a choice. I may have set it up this way, but it's been so long I don't remember.  Apple could be more clear on this.

    EDIT: I re-read this article on Apple's unusual tactics for securing our Keychains.  In fact they do not store them in the cloud unless you create a Recovery Key.  But even that data is heavily encrypted and seems highly unlikely to become compromised.  If you have no key, the data moves between devices one item at a time and is not stored in iCloud.  Very interesting.  https://www.networkworld.com/article/2174973/smartphones/apple-reveals-unprecedented-details-in-ios-security.html

    When Apple says they are not in the data business and take the security of our stored data seriously, they really mean it.
    Okay, well TLDR on that article, but I believe you. I stand by my original answer that you cannot sync Keychain locally without it passing through iCloud, whether it's stored there also or not. And yes, stuff like this is further proof that Apple does care about users' security. :)
    welshdog
Sign In or Register to comment.