undefined | Better HN

0 pointsjudge20204y ago0 comments

The economics also work in Apple's favor as it either requires using your real identity to commit fraud, committing identity theft by creating an LLC with someone else's identity, or paying for a registered agent in a third-world country to sign up for you (not sure how much that costs though, I've never looked!). I'm sure most malware cases they deal with are triaged for the possibility of filing a police report.

0 comments

saagarjha4y ago

It turns out that getting access to an Apple developer account is not all that hard.

mrtesthah4y ago

And how is any of that different from the Developer ID code-signing Apple had already? You still needed to register as either a corp or an individual using legal identifying documents just to generate the certificates. This is the step you seem to be attributing to notarization. It’s not new at all.

Moreover, Apple was also already using OSCP to check for revoked certificates when validating the code signature. They’d already revoked malware-producing Developer ID certificates several times in the past before notarization ever existed.

judge2020OP4y ago

I'm explaining how it currently works - they have the legal resources file police reports for serious reports of malware, or if it's in a place with largely uncooperative police, a domestic federal investigation into the activity.

mrtesthah4y ago

But the question is why they needed to require notarization; it adds nothing to this protection ability.

1 more reply

j / k navigate · click thread line to collapse

0 pointsjudge20204y ago0 comments

0 comments

saagarjha4y ago

It turns out that getting access to an Apple developer account is not all that hard.

mrtesthah4y ago

judge2020OP4y ago

mrtesthah4y ago

But the question is why they needed to require notarization; it adds nothing to this protection ability.

1 more reply

j / k navigate · click thread line to collapse