More info:

https://asahilinux.org/2023/08/fedora-asahi-remix/

https://social.treehouse.systems/@marcan/110825522690584932

Some key points:

• We aim to officially release the Fedora Asahi Remix by the end of August 2023.
• Very soon after Asahi Linux started (well before our Arch ARM-based release), Neal Gompa joined our IRC channels and we started talking about working towards integrating our work into Fedora... The Fedora Asahi project started in late 2021, and work began in 2022 alongside the Arch ARM release.
• Working directly with upstream means not only can we integrate more closely with the core distribution, but we can also get issues in other packages fixed quickly and smoothly. This is particularly important for platforms like desktop ARM64, where we still run into random app and package bugs quite often.

You’re absolutely right that it’s still an issue to transmit information about the developer certificate. Apple published a response to this, which admittedly is not ideal:

https://support.apple.com/en-us/HT202491#view:~:text=Privacy%20protections

We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

These security checks have never included the user’s Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks:

A new encrypted protocol for Developer ID certificate revocation checks

Strong protections against server failure

A new preference for users to opt out of these security protections

I’m sorry but did you read the article l linked to or the TL;DR I lifted from the article?

They do not send the app you open to Apple, and there is no evidence they send it to third parties as the app information is not sent at all!

Nevertheless, they do send information about the developer certificate for notarization and gatekeeper checks.

https://support.apple.com/en-us/HT202491#view:~:text=Privacy%20protections

Quote:

We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices.

To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs.

In addition, over the the next year we will introduce several changes to our security checks: A new encrypted protocol for Developer ID certificate revocation checks Strong protections against server failure A new preference for users to opt out of these security protections

Unfortunately, this is highly misleading.

Thank you for sharing this, and I appreciate good, high quality information about privacy but please don’t spread misleading information about one of the few companies that provides easily accessible private tools for the not-so-tech-savvy, as well as the busy.

Apple applies E2E encryption for almost all iCloud data with Advanced Data Protection, applies something similar to Tor for web browsing, kills tracking pixels in your mail, uses differential privacy to avoid identifying you, and so much more.

Please see: https://blog.jacopo.io/en/post/apple-ocsp/

TL;DR

No, macOS does not send Apple a hash of your apps each time you run them.

You should be aware that macOS might transmit some opaque3 information about the developer certificate of the apps you run. This information is sent out in clear text on your network.

You shouldn’t probably block ocsp.apple.com with Little Snitch or in your hosts file.

IIRC Apple does apply differential privacy - sending wrong information randomly about your trips to themselves, where they then average over all users to get rid of the noise they added so it becomes useful aggregate data.

And they never submit the start and end locations of the trips. Maybe the privacy is still terrible but it’s way way way better than Google’s IMO

Source: https://techcrunch.com/2018/06/29/apple-is-rebuilding-maps-from-the-ground-up/

“We specifically don’t collect data, even from point A to point B,” notes Cue. “We collect data — when we do it — in an anonymous fashion, in subsections of the whole, so we couldn’t even say that there is a person that went from point A to point B. We’re collecting the segments of it. As you can imagine, that’s always been a key part of doing this. Honestly, we don’t think it buys us anything [to collect more]. We’re not losing any features or capabilities by doing this.”

The segments that he is referring to are sliced out of any given person’s navigation session. Neither the beginning or the end of any trip is ever transmitted to Apple. Rotating identifiers, not personal information, are assigned to any data or requests sent to Apple and it augments the “ground truth” data provided by its own mapping vehicles with this “probe data” sent back from iPhones.

Because only random segments of any person’s drive is ever sent and that data is completely anonymized, there is never a way to tell if any trip was ever a single individual. The local system signs the IDs and only it knows to whom that ID refers. Apple is working very hard here to not know anything about its users. This kind of privacy can’t be added on at the end, it has to be woven in at the ground level.

I feel like something like Fedora fits the bill: great, reliable, well-maintained repositories, decently updated kernels, yet never faced any major issues, and access to quite updated packages. Only issue is Red Hat caused a stir recently, though I still believe Red Hat does more good than bad in the open source community.

Thank you for sharing the link so that we can also track this issue! This is the first time I saw that

It’s a developer tool so likely never, but we can install it now and there are tonnes of guides, e.g. https://youtu.be/dQAPWwhInqo

Fantastic description! This is an issue that made it difficult to justify to my management to allow them to allow Macs, but thankfully Apple Silicon was big enough of a game changer to sway the decision