MacOS sometimes leaks traffic after system updates | Better HN

MacOS sometimes leaks traffic after system updates | Better HN

252 comments

thisislife21y ago

> In this scenario the macOS firewall does not seem to function correctly and is disregarding firewall rules ... Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.

This is not new - every time I update macOS, some of the system settings are changed to default including some in the firewall. And I have to painstakingly go through all of it and change it. Also, the few times I've reinstalled or updated macOS, I've always noticed that it takes longer for the installation if your system has access to the internet - so now I've made it a practice to switch of the router while installing or updating macOS or ios. (With all the AI bullshit being integrated everywhere in Windows, macOS and Android etc., I expect this kind of "offloading" of personal data, and downloading of data, to / from AI servers to keep increasing, especially during updates, to "prepare" for the new AI features in the newer OS updates. No internet means the installer is forced to skip it for later, saving you some valuable time, and hopefully you get to change the default setting before it starts up again. Whatever the claims of AI processing done on the Mac or iDevices itself, some "offloading" to their servers, will still happen, especially if the default settings - which you can change only after the OS is installed - also enables analytics and data collection.)

(More here https://news.ycombinator.com/item?id=26418809 and on this thread - https://news.ycombinator.com/item?id=26303946 ).

> I've made it a practice to switch of the router while installing or updating macOS or ios.

Why are you still using those OSes? That seems like a lot of work for something you paid for.

vundercind1y ago

Because all operating systems are terrible but the rest are so incredibly bad that Apple’s are still by far the best, once you add up time saved by features and capabilities and subtract time lost to pain-in-the-ass brokenness.

(Two decades on DOS/Windows home series and NT, at least for gaming and sometimes work, twelve years with Linux as my main desktop OS, started on Android for smartphones, before finally giving Apple a fair chance around 2011 or 2012… because I was issued a MacBook at work and was doing dual-platform mobile dev—FWIW I was rooting for BeOS back when it was still a thing, it was great)

itsoktocry1y ago

>Apple’s are still by far the best

MacOS may not even be the best (that's subjective), let alone "by far" the best. How can you make this claim when you haven't used Linux in a decade?

freedomben1y ago

If you've been on a MacBook since 2011 or 2012, it's definitely time to give modern Linux a try. It has come in enormously long way since then. I am not exaggerating when I say, I have a better out of the box experience with Fedora. Then I do with Mac OS. Mac OS certainly has a lot of features, and visually has a great deal of Polish, but it also increasingly has a lot of bugs.

MichaelZuo1y ago

The real question is why is every other company with a consumer OS even more incompetent and/or malicious?

baq1y ago

IME macOS is easily the most broken and user hostile from a professional developer perspective. Maybe I haven't been using it enough, only 2 years.

The hardware is amazing though and no other OS can predictably wake the laptop when opening the lid and not wake it when it's closed, which is kinda a deal breaker for a laptop, so I still use it. Not particularly excited about it, would prefer a Linux laptop if it could sleep reliably. (Seen pictures of a framework laptop with a kernel panic after wake, and I was seriously considering getting one.)

ActorNightly1y ago

>cause all operating systems are terrible

This is code words for "Im emotionally invested into my choice for non logical reasons and its very hard for me to admit I have made the wrong choice".

thisislife21y ago

Others in the family still use iDevices. Can't avoid Windows or macOS due to work. Prefer FreeBSD and use that mostly. It's an old mac and will be dumping it after another year or two. Do not plan to buy an Apple computer ever again as soldered RAM / HDD and iShittification of macOS is the future.

throwaway199721y ago

The marginal cost of that work is insignificant compared to the amount of equivalent work you'd have to put in for linux or bsd.

Plus, little snitch is basically state-of-the-art in terms of ease-of-use if you're willing to put the money into it.

freehorse1y ago

For me, because of the hardware.

binary1321y ago

it’s just not that much better or worth it

idunnoman12221y ago

Just use Linux bro (Suspend still doesn’t wake consistently on my thinkpad it’s been 20 years)

Suspend is flawless on my Librem 14.

throw734848581y ago

Because Linux is soo hard to use. You have to use supported hardware (like with any other OS), and once a year paste a few commands into terminal.

bqmjjx0kac1y ago

I love Linux. I've just been burned too many times to trust it on my primary laptop. This is a machine with a high availability requirement -- if I have a job interview, the camera had better work right now.

idunnoman12221y ago

Your Wi-Fi drivers have been removed from the kernel. Please download them on USB stick. You were warned

isodev1y ago

The beautiful hardware of the Mac is so wasted with recent versions of macOS.

diggan1y ago

It's funny how Apple went from leading in UX/UI and being average/below average on hardware, to the opposite. iOS/macOS truly is a cluster-fuck when it comes to UX that makes sense. Luckily we can run other OSes on Apple computer hardware, but not as lucky with Apple phone hardware...

My kingdom for an iPad that runs GNOME!

Foivos1y ago

How can you even install the update without access to the Internet?

For years, I can not do the automatic updates, because it always fails with an error message along the lines of "Failed to personalise software, check your internet!", even though I have a perfectly working Internet connection. The only way to update is with a live USB and an ethernet connection. Everything else fails.

thisislife21y ago

You can manually download the updates from here - https://support.apple.com/en-us/docs for the older versions of mac (or check and download it manually through Software Update). Once the installation starts, the installer does some verification and / or data collection for which it requires the internet, and then starts the installation - at this point, just switch off the router.

userbinator1y ago

every time I update macOS, some of the system settings are changed to default including some in the firewall

Windows has also been doing that for some time now. Only Linux is relatively "clean" from that perspective, but even now some distros are beginning to sneak in spyware. The enshittification of OSes continues...

RMPR1y ago

> but even now some distros are beginning to sneak in spyware.

Citation needed. I remember Ubuntu sneaking in some stuff a couple of years ago[0], but most of the mainstream distros have a clean track record. What are you referring to exactly?

0: https://www.omgubuntu.co.uk/2018/02/ubuntu-data-collection-o...

mixmastamyk1y ago

New installs make lots of unrequested accesses… fwupmgr, unbound-anchor, ocsp, firefox, all generate telemetry.

Companies have tried buying floss software specifically to add spyware, such as audacity.

It’s not a big fraction of what proprietary OS does, but the threat grows steadily each year.

yowzadave1y ago

In this case it sounds like a bug--the issue is resolved on reboot.

idunnoman12221y ago

Please tell me that upgrading fedora versions works every time ha ha ha ha ha ha ha

What problems have you encountered on Fedora that were caused by a distro upgrade? Asking this because I've been using Fedora for years across different machines and can't recall any breakages that were direct consequences of an upgrade, though I usually apply it a month or two after the release date, so maybe there are early kinks that get resolved by that time.

BenjiWiebe1y ago

I've been in-place upgrading my Fedora install for about 7 years. Or is it 10? IDR. As far as I remember the upgrade has always succeeded. Sometimes things are broken afterwards because software I liked got removed or something, but I never got locked out or the operating system unusable.

AndyMcConachie1y ago

I am completely with you here man.

Everytime I upgrade my iPhone it turns on Bluetooth. Phreaking annoying.

Apple clearly wants their customer base to use certain features so they simply enable them at upgrade. It's gross.

chatmasta1y ago

If you want leak-proof VPN, you need to implement it outside of your device, at the router level. This is true for any device but Apple devices in particular.

I highly recommended sniffing the traffic on the wire and piping it through wireshark. You can do this with a router, or a passive Ethernet tap. You’ll see a bunch of packets going to places other than your VPN entrypoint. If you use a router, you can check your mobile for leaks too. (Did you know if you have WiFi calling enabled, then your phone makes a TCP connection to a sensor server controlled by your ISP every 30 seconds? So if you’ve got T-Mobile and you’re abroad, not even using it as your default SIM, they’ll get a nice log of every exit IP you use.)

Apple’s seeming embrace of support for VPN and network filtering extensions is a red herring, because they’ll happily disable it for their own traffic.

On iOS, the App Store will skip any VPN, and similarly Apple will even block you from downloading updates if you’re on a VPN. I only realized this when I used my wireless router with VPN on it and updates failed to download.

On Mac, there are a bunch of issues, especially on first boot. It seems like the Mac will refuse to establish the VPN until it can make one connection outside of it. I encounter this when my computer wakes from sleep and the on-demand wireguard tunnel (using Cloudflare Warp) fails to send packets. I unplug my Ethernet, disable always-on, wait 30 seconds (for some timeout?), re-enable always-on, and then plug in the Ethernet and in connects. But I’m not actually sure this isn’t leaking, I need to investigate more.

it also leaks the audio of tabs before logging in.

Even though I had disabled all 'restore' applications features, macos sometimes decides to 'start' browsers BEFORE logging in after a restart AND those start auto-playing audio from whatever was paused before the reboot (or many days before).

Since then I went rather deep disabling that feature, but I never trusted it.

Jerrrrrrry1y ago

They want their TCP/IP stack and safari browser hot and ready for their demanders of instant gratification.

In the long run, they barter this goodwill for "Safari is shit" credit until they and Google force the internet until a browser-turned App-Play-Store war.

Both companies win, and can blame the other company - all while incentivising anti-competition behavior and benefiting from their own organizational, yet altruistic, self-interests happening to coincidentally collude in similar, yet distinctly more complicated cases of creating monopolies spanning multiple domains.

The internet was captured, gamified, commoditized, and vertically integrated into a handful of giga-Corps.

your mobile devices are essentially tracking devices you are addicted to, and the government is too interested in these shiny grandiose things and their use in facilitating government functions without any real consequence, they fail to see the systematic risks that they themselves have allowed to proliferate by not enforcing stricter laws for systematically - exploitable intersections of law, technology, and business.

lukan1y ago

"they fail to see the systematic risks"

Or they also fail at providing a solution. Would you prefer diletantic government intervention in this area instead?

The differences between governments and megacorps are dwindling and the two are becoming much more alike one another. We already live in global technofeudalism.

Propelloni1y ago

> Would you prefer diletantic government intervention in this area instead?

No, I would like a competent government intervention. Those happen, even if some would rather believe otherwise.

Jerrrrrrry1y ago

  >"they fail to see the systematic risks"
  Or they also fail at providing a solution.

Apple has no incentive to improve Safari. "It just works" is what their cultists paid to have the honor to parrot, and they enjoy the majority of web market share of people with actual wages and disposable income. That's why the sell culture, not their people's data (directly, yet).

Since it's not "Safari" that's broken (since iPhones cost a lot of money, they cant break), the users will lie blame at the fault of the web developers, since they had gotten cozy within the comfortable, flexible, expected behaviors of Chrome, having enjoyed a hiatus from IE11 EOL pollyfills and jquery.

Apple then made it easier to roll out an app than to grapple with the pitfalls, nuances, foot-guns, and gabbling documentation that Safari has carefully mal-compiled to shepherd both developers and their users into the Walled Garden.

It's just the browser wars, but with higher stakes. And Microsoft already won.

peoplefromibiza1y ago

> Would you prefer diletantic government intervention in this area instead

what kind of answer is that exactly?

I would much prefer they fix the issue, yes, the stuff I'm using is provided by Apple and it's been paid off in full, I don't know what made people believe that it's ok if software sucks...

If a train company causes an accident they are considered liable if a software company leaks my data they should be considered liable, it's as simple as that, no need for this anti government stands that frankly make adults look like angry teenagers with a bad bladder

> your mobile devices are essentially tracking devices you are addicted to

Speak for yourself. Sent from my Librem 5.

FirmwareBurner1y ago

Sent from my Nokia 3310

gruez1y ago

>They want their TCP/IP stack and safari browser hot and ready for their demanders of instant gratification.

Having short startup times is bad now? ...because of "instant gratification"? The rest of your rant might make sense in the broader context of what big tech is doing, but bringing it up in this thread and implying that it's part of a conspiracy where "The internet was captured, gamified, commoditized, and vertically integrated into a handful of giga-Corps" is unhinged.

Affric1y ago

I can’t think of anything I want less from a laptop than it playing sound when I open it… and yet apple bring it to me as though it’s a feature.

theshrike791y ago

There are exactly zero situations where I would want my laptop be anything except fully muted when I open it.

Configurability is also out of fashion nowadays, so you'll get that behaviour and enjoy it.

bayindirh1y ago

Your applications should catch the signal and pause. Safari, Apple Music and Spotify handle this well. Firefox needs a bugfix.

bayindirh1y ago

macOS sends a "pause" signal to all players when it sleeps, and any application which can handle that won't be playing any audio when the system wakes up. So if your audio continues the moment you open the lid, please file a bug report for that application.

Kbelicius1y ago

GP wrote nothing about sleep.

307141y ago

``` #/bin/sh osascript -e 'set volume 0' ```

and SleepWatcher by bernard-baehr.de

latexr1y ago

That’s an unfair characterisation. It’s just restoring windows, some of which happen to be browser windows, which then load a website with auto-playing video or audio that (unsurprisingly) starts playing. No one is selling it as a feature to “play sound when waking up from sleep”. I bet that if you configured the browser to never auto-play, this wouldn’t happen.

To clarify, because commenters seem to be misunderstanding my point: I’m not defending the functionality, I think it’s wrong. My sole quarrel is with the characterisation that Apple is selling it as a feature, when they’re not. Let’s not ascribe wrong (or at best unknown) motivations to behaviours, as that makes is less likely they will be fixed.

dspillett1y ago

No one is selling it as a feature, no, but I would still consider it an OS level bug, and a security one at that. Focusing on the browser is a step away from the point: if I'm not signed in, I don't want sound playing from any app⁰.

I've had Windows do something similar, a media player deciding to unpause when coming up from hibernate (this was before Windows seemingly broke hibernate) and for some reason being at full volume, and it was a fair few seconds before I was able to login, get to that app, and hit pause again. It didn't leak anything sensitive (Hey everyone, this guy watches Stargate!) but it made me “that guy we all hate” on the train… Again it is the app that is responsible for making the sound, but I think at that point the OS shouldn't let it.

<glasses tint="rose">I miss the times when laptops had physical volume sliders…</galsses>

To me this has the feeling of making a mountain out of a molehill, but I don't think there is any denying that the molehill itself exists and to others it might be more than the very minor irritation it could be to me.

> I bet that if you configured the browser to never auto-play, this wouldn’t happen.

I bet that no matter how tightly you try to control that, some advertiser will find a way to override it to make sound play, and sods law says that will happen when you most want your waking laptop to be quiet. Blocking audio while not signed in at the OS level is a safer gate.

----

[0] Actually, there is an exception there: if the machine has locked due to input inactivity, I want audio I'm listening to continue and notification pips to come through. There is a distinction between OS restarting (from [re]boot, wake, etc.) and local console not logged in due to input timeout, in how I'd prefer things to behave.

To clarify it restores windows AFTER a reboot, BEFORE i login.

What RIGHT does it have to create processes with a user BEFORE I authenticate to the machine ?

Does it matter if the end result is that the browser plays audio before you've authenticated your user session?

chx1y ago

I do not think the user particularly cares whether it was an intentional feature or an unfortunate byproduct of features and bugs when they open a laptop in a classroom or a meeting and it starts blaring the music they listened to before closing it.

How is this possible? I wouldn’t have thought that it could open your applications without you logging in? How does it know who you are? How does it know which applications to open? If you’re not logged in yet, is is just logging in for you automatically but not showing you?

Seems like a huge security bug. This isn’t being exploited? Wild stuff.

Reminds me of when you could hear a FaceTime call coming through but if you chose not to answer it, no worries! Your iPhone will turn on your camera anyway! And send your video to the calling party!

Vast majority of all laptop and even phone usage is single user. They could literally be doing

if macbook_has_only_one_account():

preloadapps()

But how? - surely they don't store the passwords in plain text locally? Does the OS have a function to log in a user while bypassing their credentials? I would have assumed that it is impossible for the OS to preloadapps() when it doesn't have access to the user's apps in the first place.

But apparently it does! shrug

So why tell the user that they need to log in first? If they are the only user account on the system and the OS can access the user's files and apps without logging in, why have the user event set a password in the first place? It seems like a fake login, a false sense of security. And a massive security issue. If the user can just open the lid and that means that code is now running under their own account but they have not authorized a log in, that's just dangerous.

radicality1y ago

Damn, how is that possible? I imagine you have FileVault enabled, and if so this sounds like some security bypass?

I was under the impression that until you provide the password after a reboot, the system should know nothing about you as all user data should be encrypted, so it should not know what apps you had open before reboot let alone start playing sound.

pram1y ago

After you type your FileVault password you are 'logged in'

This is really about the checkbox on the reboot modal that says "reopen windows when logging back in." An OS update defaults to yes, for whatever reason.

gruez1y ago

>Damn, how is that possible? I imagine you have FileVault enabled, and if so this sounds like some security bypass?

If you're choosing "reboot" rather than "shut down", presumably you intend to continue using the machine, so it's reasonably safe to keep credentials around. AFAIK windows has the same feature.

steve19771y ago

> If you're choosing "reboot" rather than "shut down", presumably you intend to continue using the machine, so it's reasonably safe to keep credentials around.

This is the last thing I would expect. Quite the contrary, when I reboot (rather than log out or sleep), I expect the machine to clear it's memory completely.

f1shy1y ago

Somewhat loosely related, but I have something similar with the iPhone browser. Where opening the browser will shortly show the last page I had open (even I carefully closed it before closing the browser). Even if it never got me into trouble, I found that annoying as s. And could potentially make problems.

m-s-y1y ago

FWIW, what you’re seeing is likely just the cached thumbnail that iOS creates for the app-switcher UI, not an interactive web session.

pornel1y ago

Yes, but still if you have somebody looking over your shoulder, it can leak whatever you've been looking at.

There's a way to block that entirely for "secure' apps, but iOS could be smarter about this, and cache some stripped down view or expire that cache quicker.

This is also the case for FaceTime; The last image the camera captured will stay visible in the app switcher like forever... so other people who use your iPad / iPhone can see it.

f1shy1y ago

Yes. Something like that, but can reveal a lot of the site you were in.

commandersaki1y ago

What I don't understand is why browsers (in my case Brave) doesn't pause all playback after a restart?

threeseed1y ago

I have never heard of anyone with this issue.

The only explanation is that you restarted whilst having the "Open All Previous Application" checkbox enabled. And yes it will launch processes after you have logged in but before the Desktop is shown.

Either that you or you have some launch daemon that is opening a browser.

eru1y ago

I also have this issue from time to time.

> The only explanation is that [...]

Please show some more imagination.

threeseed1y ago

Maybe you should use your imagination and read the second part of what I wrote.

Which is that it could be a launch daemon. It's very common for third party apps to use their imagination and do dumb things on startup.

I've had similar experiences with MacOS. I uncheck that goddamn box all the time and still it relaunches previously opened applications half the time. If my application or computer crashes, I don't want the crashy application to open up at startup again. MacOS isn't perfect.

lupusreal1y ago

OSX is particularly lousy with remembering user preferences and configuration. I quit using it after I grew sick of raging at it forgetting what applications want different files to open with. I've never had this sort of problem on Linux.

I’m very confident that it’s either this or the restore-after-crash feature that OP is seeing. I don’t think it’s anything specific to Safari, because I have never seen Safari opened before login when it’s not my default browser.

That said, there should probably be a checkbox in system settings to disable login “prewarming”.

I actually used Chrome and Edge. Both show that problem. But the main issue is not those browser autoplaying audio and video on "restore", even though it is an issue, its the OS thinking its OK to load apps before a user authenticated itself after boot

f1shy1y ago

I had this issue, and something similar in my old iPhone. I'm sure there are other explanations, because yours is not it.

nubinetwork1y ago

The article has today's date on it, but I could swear I read this exact same article a month ago...

diggan1y ago

From September 13, 2023:

> During the macOS 14 Sonoma beta period Apple introduced a bug in the macOS firewall, packet filter (PF). This bug prevents our app from working, and can result in leaks when some settings (e.g. local network sharing) are enabled. We cannot guarantee functionality or security for users on macOS 14, we have investigated this issue after the 6th beta was released and reported the bug to Apple. Unfortunately the bug is still present in later macOS 14 betas and the release candidate.

https://mullvad.net/en/blog/bug-in-macos-14-sonoma-prevents-...

Was fixed September 22, 2023 it seems (https://mullvad.net/en/blog/macos-14-sonoma-firewall-bug-fix...).

Seems like Apple's product/engineering department doesn't agree with the marketing department about how important their users privacy is.

It’s been reported by Little Snitch as well: https://obdev.at/blog/should-i-upgrade-to-macos-sequoia-part...

banku_brougham1y ago

I've heard NixOS is good, but I guess I still need a GUI os because of browser and some apps I use regularly. I would love to get out of the macOS world, its going to a bad place. Seems like I've configured my whole digital life around apple.

yjftsjthsd-h1y ago

> I've heard NixOS is good, but I guess I still need a GUI os because of browser and some apps I use regularly.

What? NixOS runs GUIs just fine. (This comment sent from a browser on NixOS)

akira25011y ago

> Unfortunately apps are not required to respect the routing table

Insane. Why even have one or expose it to the user if it's just suggestive fiction?

Vendors really need to stop privileging themselves on users machines.

There are legitimate usecases for binding a socket to a specific interface.

handsclean1y ago

The first boot after a macOS system update has long been bugged out. It launches a bunch of apps you didn’t even have open before updating, seems to be the 5-10 most recent apps you quit. Yes they were fully quit, yes I have the “resume” setting off. It also doesn’t do a resume, it launches them, i.e. tells them to create new windows, and it launches them before it finishes mounting disks, resulting in every update being followed by all my most used apps appearing out of nowhere and telling me all my config and data is gone. It doesn’t really matter, you just reboot again and you’re good, it’s just careless and makes the OS feel unstable. Maybe the firewall thing is unrelated, maybe it finally forces Apple to fix the bug, we’ll see.

It seems to launch all the apps you had open when you pressed the "Update" button, even if that was 30 minutes before the installation began.

ahoka1y ago

Ah, that is so annoying. It actually opened stuff from yesterday once.

trissylegs1y ago

> yes I have the “resume” setting off

I'm not sure what this setting does. The amount of times mac will jsut reopen everything anyway is frustration. I go look up how to stop it and the answer is always "Turn off this setting you already have off".

j / k navigate · click thread line to collapse