Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.9K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Olivier Forget

So Affinity Photo is making all kinds of requests from the Macs it's installed on. Don't know why it does that, but it's not good.

On the Mac sandbox the ability to make client requests is a boolean: all or nothing. Since most apps like to connect to get additional resources/whatever, it's usually on, right? As a result: zero protection against this.

mastodon.ar.al/@aral/113759435

This is why I've been putting so much thought into outgoing net requests for . It's hard to get right.

1/

Aral’s fediverse serverAral Balkan (@aral@mastodon.ar.al)Attached: 2 images Dear Affinity, any thoughts why your Publisher app starts attempting to contact every page on my reading list/bookmarks/browser history including my health insurance provider on launch? (You cunts.) (Did I mention I fucking hate capitalism?) PS. This is an app downloaded from the Mac App Store and it’s got a lovely, comforting, blue, Apple-approved checkmark to let you know that data is not collected. So it’s safe. *phew!* #surveillance #capitalism #affinity #affinityPublisher #apple #macOS #BigTech #SiliconValley
Jan 02, 2025, 05:26 PM·Public·Phanpy
2boosts·3favorites
Public
Olivier Forget

While there are technical challenges related to the sandbox, especially when dealing with different platforms (like Mac and Linux) the real challenge is having a good enough DX (for the app dev) and UX (for the app user) to allow/deny requests.

At the very least, an app should not be able to dial out willy nilly to a bunch of random domains. Also, it should be blocked from dialing out to local / private IPs unless explicitly allowed.

2/2

Public
LukefromDC

@teleclimber Such an app has to be presumed malicious. In fact, ANY app that is monetized other than by paid download access or simply by donations is presumed malicious until proven otherwise.

I would drop Mac OS for Linux (I don't use proprietary anything but the hardware and firmware), but at a minimum I would suggest dropping Safari for Firefox with NoScript or uBlock Origin. While using https over DNS bypasses rules set in /etc/hosts, that just means firefox bypasses them. Other apps not https over DNS enabled do not, so you can do things like use a hosts.allow list (denies all but specified) to block everything BUT firefox and Torbrowser from talking to anything except sites your apps really do need. You really should dump apps that so much as politely request to track you however.

My own perspective on monetized apps and trackers is no quarter asked and no quarter given either. An app found trying to phone home faces summary deletion(well, I'm not going to use the word execution because I'm sure not going to let such code RUN here...)

ExploreLive feeds
About