Pattern Seeker
Pattern Seeker
So I guess, _knowing what I'm installing_, it's fine to block OCSP, right? It's a trade off between privacy and security and I guess it depends on personal data hygiene....
@drduh will try with that! Currently checking on this too: https://support.apple.com/en-us/HT210060 . @DarkFlame57 the problem is that the OCSP request is not encrypted in first place. See [NiklasBr's comment](https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/380#issuecomment-727551452).
> Anyways, will blocking ocsp.apple.com in hosts file break SSL? @DarkFlame57 I checked now: I set in Firefox's `about:config` the flag `security.ocsp.require` to true. As expected, blocking Apple's one did...
> Has anyone tested whether blocking traffic at the pf level is still sufficient? It should be possible to just sinkhole Apple IPs if they're in your adversary model. @drduh,...
Looks like something [will happen](https://support.apple.com/en-us/HT202491), just not now. > In addition, over the the next year we will introduce several changes to our security checks: > - A new _encrypted_...
@kauniss Yes, as I've tested it before and [announced here in this thread](https://github.com/drduh/macOS-Security-and-Privacy-Guide/issues/380#issuecomment-727647558), pf is not using Apple's framework for filtering requests. So, unlike user installed packets filters, it's not...
I would conclude that it depends a lot on threat model. The considerations I would take from this thread are: 1) LuLu (and other user level firewalls) does not block...
I see the first point was already included. For the second one, I can't find section where to place it, but personally I would point at some concerns [[1](https://blog.jacopo.io/en/post/apple-ocsp/)] [[2](https://blog.cryptohack.org/macos-ocsp-disaster)]...
You may want to create a dedicated SSH key just for your reMarkable instead. Moreover, the methods you suggested doesn't allow to redirect the output from ssh. EDIT: The FIFO...