This is something I can’t figure out, because my understanding is that no matter what OS you install, unless you bought your Mac with cash, your serial number and credit card are now connected…and will always be spilling data about you.
Thanks for any advice…I’m wondering if it’s worth it to install a new OS.
Yes (see Question about Mac phoning home from 6 days ago, which includes answers from the former Asahi Linux lead). There is no firmware-level Apple telemetry, and booting into Linux disables Find My.
all Apple devices are part of a covert peer-to-peer network and its primary purpose is to facilitate the Airtags and find-my-shit apps. it runs on desktops, laptops, phones, ipads, watches, etc., including when they’re supposedly off. you can’t turn it off or opt out of it and what that crap additionally does and how secure it is is unknown.
having said that, if you run linux on an old intel-based macbook or similar (say, up to 2015 models) you’re out of that racket and similarly all Apple or iCloud based crap. they do have a permanently enabled IME but that’s true for the majority of devices sold and, dependent on your threat model, isn’t an issue per se.
not sure about the “credit card” angle as you can’t buy a new Apple device that runs linux, the asahi mess is limited to M1/2 models which are like 5 years old at this point.
the asahi mess is limited to M1/2 models
As of the Asahi Linux blog post from 2 days ago, they’re working on SPMI controller support, which is part of M3 support.
I wouldn’t really call them a mess, they upstream their patches to the Linux kernel and are a part of the Fedora project.
which are like 5 years old at this point.
M2 models were released in June 2022, they aren’t 3 years old yet.
Thanks! Interesting, I didn’t know you can’t install Linux on a newer machine. Mine is just a few years old. I want to leave the Apple ecosystem, but I don’t want to have to ditch a fairly new laptop and buy a different one.
I don’t think purchase info is necessary tied to hardware out of the box beyond asset tracking. That would cause issues with gifting.
The easy answer is if you don’t run the software, it can’t collect data.
However, the firmware is network capable and certain diagnostic tools and recovery modes can call home. I am not familiar to the extent, however.
This also does not stop other devices, Apple included, from detecting the Mac and reporting home hardware/location data.
What data?
It’s possible there’s something in the firmware or BIOS that transmits some things to Apple; I do not know for sure, but maybe someone else will show up here who knows details about this. Even if that is so, Apple gets significantly less data because anything built into macOS won’t be running.
It’s more likely hidden chips on the motherboard or in other circuits are sending data back to China. I, like you, doubt Apple is doing anything beyond the software level.
No, if what you described were true it would be impossible to give someone an apple computer without getting confused for the person you gave it to.
Or to refurbish and use a mac from the trash can without being mistaken for the previous user.
I have done both with no problems.
Apple does know what you bought from them… because they sold it to you and gave you a receipt and kept a record of it to accurately account for taxes just like wal mart does when I buy a bag of apples from the produce department.
Wal mart doesn’t serialize their apples, but they do serialize their game consoles and keep track of those, so maybe that’s a better example.
I guess I gotta ask: what do you think is happening between the credit card and the serial number of the computer and how do you think it’s happening?
Thank you! I actully have read that if you sell your Mac, your info is still attached to it. Which is actually good for you and bad for Apple, I guess, because they could be attaching the wring info to you.
I don’t know the details, but in Extreme Privacy, the author says that to be untraceable, you need to buy a laptop with cash, then wipe it and install Linux. I’m not super techie, but to me that means if you use a credit card, Apple can now attach the laptop to your identity… which is of course connected with everything else that’s been collected about you by third parties.
So, that has nothing to do with apple or macs. (Except a part at the end which might not be what you’re talking about)
When you use a credit card the transaction record is kept by the merchant who sells you the computer, the card processor and the card issuer (I’m probably using the wrong terms, it’s been awhile since I had to accurately talk about the precise operation of credit card payments.). So when you buy anything using a credit card, at least three entities who can be ordered to submit to law enforcement requests and are legally required to keep records of transactions actually have records of that transaction.
So when I swipe my visa to get a bag of apples at the wal mart, wal mart, their processor and my bank all have record that they’re required to keep for accounting purposes and will turn over when they get a lawful order to do so.
I don’t remember if it’s the law now, back when I was really in pos there were lots of bills trying to make it law, but it’s certainly industry practice to record serial numbers of high dollar items. The goal is to have a more precise and quick return/service process. You bought unit abcdef123456 and that means if they don’t get abcdef123456 back when you try to return it then there’s a problem.
So when I buy an ideapad at Walmart with cash they record the serial at time of sale and when I try to return a different one with my receipt there’s a serial number line that can be compared and verified.
That transaction is only stored by wal mart, but can be corroborated by my banks records where I withdrew enough money to buy a computer all at once in person because it’s more than they let me pull from an atm at one time.
I’ll go even farther:
Know your customer laws require that merchants verify and in some cases record ids of people making some purchases. So when I go to the wal mart to buy a cheap phone and a prepaid SIM card to stuff in my glovebox, they’re required to record my id for both purchases.
Now one thing that is true of apple computers and phones and that you might be referring to is that it’s super fucking difficult to remove a device from someone’s appleid without that person doing it for you. When you first use a mac or iPhone you have the chance to tie it to an iCloud account, just like you can with google accounts in android devices and Microsoft accounts on windows computers. If you do, then in order for someone else to reset the device and wipe/reinstall/take ownership of it you have to remove it from your account. Theres a wizard that guides you through the process just like in windows and android. If you never do this then the person who bought the device (or stole it, or dug it out of the trash) can’t use it.
If you lose your password then apple can verify your identity using their records (if you have their adp turned on then you just have to give em your code and make a new one when you’re done doing whatever you’re doing) and reset the password and remove devices from your account. Certified resellers/repair shops can do this too, but they’re under a lot of scrutiny when they do because Apple views them as possible cracks in the anti-theft armor.
So that means that when I dig a mac out of the trash to fix and use or sell, I have to either contact the iCloud account holder and convince them to drop the device from their profile or perform some decently tough microsoldering and reprogramming of tiny chips on the mainboard.
Of course, all that is optional. People just almost never choose not to do it because it is all upside and no downside for the owner. You as the computer owner get theft prevention, stolen device tracking and control over who can use things you bought in exchange for essentially nothing (especially if you turn on adp).
I haven’t read extreme privacy. I will as soon as I can, but I gotta ask: what are you trying to accomplish or understand? Sometimes for people who aren’t technical it’s easier to start from goals as opposed to metabolizing a bunch of literature on the topic.
This is amazing! Great information.
I read Extreme Privacy for fun…I don’t need to live totally under the radar. However, I’m tired of feeling/being tracked by Big Tech, having my data used inappropriately, etc. I managed to buy a used Pixel and install Graphene OS, but I’m stuck with my Mac until it dies. I’m also trying to divert my money away from Big Tech and unethical corporations like Amazon as much as I can. (Which I know is basically impossible, but I do what I can.)
I wrote a whole free book on the topic called DISENGAGE: Opting Out—and Finding New Options—to Reclaim Your Life from Spammers, Scammers, Intrusive Marketers and Big Tech. It’s meant for newbies (say, my mom) to light-medium tech savvy people like myself. (I’m a semi-retird journalist of 30 years and this was my passion project; you can read in there my motivation and how far I’ve gotten so far.)
I’m now trying to move into the more intensive privacy techniques, and they are often beyond my abilities. Switching to a more private OS is on my list.
You can always do a computer swap. Figure out what you want, like for example a dell or thinkpad with core or libreboot and swap your mac for it. That way there’s no money that changes hands. There’s a hardware list on both projects websites if you wanna windowshop on ebay.
One way to improve your privacy that people always overlook is to stop registering to vote. The rolls are basically public information, all you gotta have is a specific type of company to get access to them.
To what extent the Apple product is spilling data to Apple, it’s the Apple software doing it, which Linux would mitigate, but depending on which mac you have, it may not even support Linux yet. If anything, you should probably be more paranoid about Windows on modern Intel. The secure enclave shit Windows 11 requires has its own network stack it can use to phone home sans the OS knowing.
Thanks for the info!
from what i remember before i jumped from macos to debian is that debian does not collect data, save for maybe like crash reports or something but that can be toggled off. the packages you install may collect data, depending on what you’re installing.
I’ll look into this, thanks!
