Jeffery Paul, a Berlin security researcher has a complaint about the latest OS X version:
"Fast forward to 10.10. Presumably to support Continuity, current document state is no longer only saved locally - those in-progress (not yet explicitly “saved”) documents live in iCloud Drive, so that they can be opened on other devices without ever having to hit “save”. This is useful, however, all of my previous open files have now been synchronized to Apple servers.
Notice that all of my locally-stored, “unsaved” documents open in my text editor have now been uploaded in full to a partner in NSA’s PRISM program. This happens for all applications (think iA Writer, Pixelmator, etc.) that had saved application state. Any open and yet-unsaved document within an app is now silently and automatically uploaded to iCloud Drive, and, by extension, the government.
Apple has taken local files on my computer not stored in iCloud and silently and without my permission uploaded them to their servers - across all applications, Apple and otherwise.
(Score: 4, Informative) by hemocyanin on Monday October 27 2014, @04:39AM
Have you ever used a text editor to write a document, say a list of passwords -- not just to places like SN, but maybe the 80 character pass-sentence you use for whole disc encryption on a system you don't boot up frequently -- and then encrypted that document with GPG? This could be a very serious issue.
Secondly, I have a huge problem PRISM. I also very much like my Macbook Pro -- it's an excellently built machine and very nice to use. I treat it for what it is though -- a potentially infected snitch and I'm aware of what I do with it and try to be aware of the ways it could bite me. So I found this story very informative and I appreciate the PRISM reference just in case I was too sleepy, drunk, distracted, or whatever to make it myself.
I also don't really feel that comfortable with Linux at the moment either. I'm a long time user but computer systems are so complex, it is easy to misconfigure something even for the people whose sole job is computer security (which my job is not) (and of course humanity would suffer if everyone had the same job). Often, I've purposefully made my Linux systems less secure (installed Flash to watch youtube as well as many different programs because honestly, I want more than just a shell (speaking of which ....)). Anyway, I'm pretty convinced there is no way I could be certain about the privacy of my internet usage or the security of my systems. I've sort of gamed out in my head, what I would have to do have some sense of anonymity if I wanted to search for something in secret, and I've concluded I don't have the skills to actually do it:
Even then, I would think there are going to be issues I haven't even considered. After thinking all that through, I have decided to treat every computer I use as if it was infected because I just don't think that I, in my evenings after work, would be able to actually secure my devices with any great certainty.
(Score: 3, Informative) by mojo chan on Monday October 27 2014, @08:29AM
It's easier to just use a Tails live CD. Pre-build Linux environment with Tor, spoofs your MAC address, nothing saved anywhere.
const int one = 65536; (Silvermoon, Texture.cs)
(Score: 2) by hemocyanin on Monday October 27 2014, @02:42PM
That's my step 7, except I'd boot from a USB stick for performance reasons. LiveCDs sort of suck performance wise.
(Score: 0) by Anonymous Coward on Monday October 27 2014, @04:34PM
But CDs are harder to compromise than USB sticks.
(Score: 2) by hemocyanin on Monday October 27 2014, @07:47PM
I totally agree, but what about a complete reformat of the USB stick between uses? Maybe a multipass write of random data (*), then a reformat, then reload the OS from an ISO. I only cringe at the CD option because of the performance issues.
(*) is this necessary with non-magnetic media?