Email or username:

Password:

Forgot your password?
Jason Snell :zeppelin:

I know, I know, "security." This shows utter contempt for the user.

I was just asked to authorize an app that I've used SINCE THE 1990s so it would continue working for a week. And next week I guess it'll ask again?

You have to let the user say, somewhere, "never ask me again--always allow."
mastodon.online/@9to5Mac/11291

84 comments
Jason Snell :zeppelin:

Why "utter contempt?" It's saying that, even if I know for a fact that I want to give a particular app permission, macOS will treat me a like a child and keep asking me. Because Apple doesn't believe I am qualified to grant permanent permission to any app.

Another sign that the people in charge of security and privacy features at Apple are out of control and that nobody who stands up for user experience is being heard.

Michael Miller :blobrdm: 🩆

@jsnell Somehow even worse than contempt, it's ultimately ineffectual. You're re-creating UAC from Windows. Nicely done.

Jiƙí Fiala Total Landscaping

@raineer @jsnell it of course leads only to everyone allowing everything, completely defeating the purpose

illustro

@raineer @jsnell this is worse than UAC. UAC just asks people if they are sure they want to run something with higher levels of privileges than their account currently has. So if they want to run something as admin, then UAC is required (with an optional password prompt depending on the environment). UAC is really no different to 'sudo <command>' then being prompted for your password.

I use windows regularly and the only time I see UAC is ... 1/

illustro

@raineer @jsnell ... when I am installing something or running something new from the web. What Apple is doing here is so far beyond that.

2/2

Jason Snell :zeppelin:

"Asking for one week permissions is untenable and insulting”

FB14689927

feel free to dupe

Jeff Johnson

@jsnell If you’re filing feedback, you could also file one about how Apple keeps prompting to login to Feedback Assistant.

Tom Schmidt

@jsnell Absolutely. A nightmare in the making in corporate environments. Ugh.

Michael Argentini

@jsnell I’m also aggravated about the removal of the control key override for bypassing gatekeeper. The people they claim to protect don’t even know it exists.

Marc Robinson :mastodon:

@argentini @jsnell Maybe this is all to keep Apple Intelligence from getting *too* intelligent. đŸ€”

northalpha

@jsnell FB14695544 filed and referenced yours, this is creating more harm in the long run than the anticipated "security" gain in the first place, notification fatique is a real thing. hopefully there will bem profiles/setting to set for at least corporate approved apps

Laxdude

@jsnell Just when I thought I might dip my toe in and buy a MBA. This is what drove me to windows before they started to care about the Mac again.

Aleen (she/her)

@jsnell it's also creating alert fatigue--it's not going to take long for users to just allow everything all the time.

Dan Ryan :dryan:

@jsnell @aleen yup. This is an anti pattern like requiring regular password changes. Net negative for user security.

Dr Sarah Hendrica Bickerton

@jsnell @aleen Yup, we saw the same thing with that period where everyone was required to regularly change their passwords by their companies ... it didn't result in greater security, it actually created less security because people were creating simpler easier passwords.

Jolle

@sarahhbickerton @jsnell @aleen “That period”? Is right now. Both my employer and our client is requesting that I change password every three months

I hate it!

David Crooks đŸłïžâ€đŸŒˆđŸłïžâ€âš§ïž

@aleen @jsnell I’d already replied to Jason about this, but - this is a very common operational issue that we deal with (I do security for big research infrastructures) - if the monitoring is always red then it’s telling you precisely nothing.

Chris Mackay 🇹🇩

@jsnell As if this won’t simply result in users approving EVERYTHING (but at least Apple gets to wipe their hands of the damage in this decision’s wake). 🙄

Aaron :apple_inc: :isles:

@jsnell 💯 spot on. Periodically prompting like location on iOS does? Sure. Weekly? GTFO. I’d hope there’ll be a way to disable that or script an auto-approve method.

Troldann Arothin

@jsnell My first reaction to seeing this news was, "Wow, Apple is really telling gamers where they stand (not that it's anything new) by making it extremely annoying to be a videogame streamer on an Apple OS."

I know this hits a lot more than that, but that's just where my brain went first.

Michael Argentini

@jsnell can’t they just add a “Pro” mode that doesn’t implement the annoyances intended for the ignorant?

BITNACHT

@jsnell You are coming to a sad realization. Cancel or allow? #helloImAMac

Opiniated Charles

@jsnell @lolopb An option for “monitor background activity and remind me in X days” would be great

Owen 🇩đŸ‡ș ïŁż

@jsnell This is anticompetitive behaviour from Apple (wrapped in the guise of being for “security” reasons).

It will undoubtedly have the effect of “encouraging” customers to stop using some legit and useful 3rd party apps because they’re sick of constantly being nagged at.

There should always be an “always allow for this app” option!

Rich Siegel

@jsnell @9to5Mac “You are coming to a sad realization. Cancel or allow?”

zachary jean paradis

@jsnell this will clearly be changed as policy it can’t possibly continue. I’m fine with it asking after updates or something but every week doesn’t make any sense.

Sage

@jsnell I hate this so much I might purposely stay on Sonoma as long as I can stand it. I’ve already been annoyed enough about having to delete and re-add BetterTouchTool to the Accessibility prefpane every month or so.

Dustin

@sageolson that's what I was thinking too. I have no interest in being harassed by my OS about the apps I've intentionally installed. If Apple forces the upgrade on my Mac Mini m2Pro, maybe I'll go to Debian Linux.

David Crooks đŸłïžâ€đŸŒˆđŸłïžâ€âš§ïž

@jsnell @9to5Mac I work in cybersecurity, where there has been a huge increase in priority recently for obvious reasons.

But you have to balance that against people getting what they need done - our job is to enable, not prevent.

Jason Snell :zeppelin:

@dcrooks @9to5Mac

We all know that social engineering happens.

Adding more hoops for users to jump through won't stop social engineers from conning people into jumping through the hoops.

But it will frustrate legitimate users.

David Crooks đŸłïžâ€đŸŒˆđŸłïžâ€âš§ïž

@jsnell @9to5Mac Yes: agreed.

And something that’s really important - eg with phishing - is that users are our best defence - we need to encourage users to help, rather than acting like they’re obstacles.

Imagine a security team of thousands of users, all of whom have the tools to engage rather than being frustrated?

Glyph

@jsnell @dcrooks @9to5Mac it really sounds like you are not considering the case of intimate partner surveillance, which is what this sounds like a defense for to me. I am not sure this is the perfect solution to the problem, but “remind me never” is not tenable if an abuser might have physical access and your password at a point in time; it’s important to never give *anything* infinite silent background persistence.

Glyph

@jsnell @dcrooks @9to5Mac (I anticipate that I, personally, am also going to find this very annoying, but I can see why it’s there.)

Glyph

@dcrooks @jsnell @9to5Mac I don’t really disagree, this does seem like kind of an arbitrary cadence that probably privileges apple’s own products in dubious ways (do you have to re-enable FaceTime’s camera and screen recording access every week? I am guessing “no”) but still that is the sort of problem that needs to be reckoned with here

Jason Snell :zeppelin:

@glyph @dcrooks @9to5Mac It's on Apple to find _better_ solutions that protect users while also respecting them. If you want to find an example that justifies adding more security pop-ups and clutter, you can _always_ find one.

David Crooks đŸłïžâ€đŸŒˆđŸłïžâ€âš§ïž

@jsnell @glyph @9to5Mac 💯

They have really outstanding, experienced staff (which feels redundant to say) - agreed.

Jason Snell :zeppelin:

@glyph 
and don't tell me what I am and am not considering. Thanks.

Glyph

@jsnell for what it’s worth this is why I qualified with “sounds like”. I did not mean to tell you that you don’t care about or don’t know about the issue, just that you didn’t mention it here, and given that (as far as I know) that is *the* problem being addressed by this sort of over-alerting, its absence is notable. Sorry that I implied otherwise.

James Grimmelmann

@glyph @jsnell @dcrooks @9to5Mac I think "silent" is an important word there. If screen recording unblockably triggers a menu-bar UI element (as it does on iOS) it reduces the risk of silent surveillance.

Matt

@jsnell @9to5Mac this is also how you get to people just clicking allow on everything without reading anything.

Zero101

@jsnell @9to5Mac This is the exact kind of tone-deaf, hostile UI in Windows Vista that sent me running to the Mac 17 years ago. 😕

I don't want to be infantilized by my tools. If Apple won't treat me with respect, i’ll just move on to something else. Linux?

Chancerubbage

@jsnell @9to5Mac Still beta right? Can be kicked to the curb before GM, right?

Daniel :nixos:

@jsnell CTRL/Right click > Open to allowlist an unsigned app is going away, too.

At this point the Vista comparisons seem appropriate.

John Voorhees

@jsnell @9to5Mac This is just bad. I was convinced it was a bug. For anyone who works with screenshots regularly, it’s incredibly annoying.

Ryan Booker

@johnvoorhees @jsnell @9to5Mac or a menu bar organising app. I get prompted daily using Ice. đŸ« 

Lee Garrett

@johnvoorhees @jsnell @9to5Mac Agree completely - and I don't think Jason overstates it by saying it shows contempt. Having the option to always allow should be there, end of.

Ryan Booker

@jsnell my guess is this stuff _decreases_ security as it trains people to agree to everything just to minimise the constant suffering.

BrilliantIdiot

@jsnell

Dear lord... I've always wanted to like Macs, but could never get past how restrictive and controlling they can be.

Imagine if Apple just released a version of their OS without any of this bullshit. It would be so popular.

Orin

@jsnell I guess file a radar every time it asks. Maybe that will get Apple’s attention.

Tom Brand

@jsnell "I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them." - Steve Jobs

I am tired.

Scott

@jsnell @techphotoguy @9to5Mac you say that, but how many times have you told iOS to “always allow” Apple’s own weather app location access, so it can, you know, give you the weather for your current location. “always allow” doesn’t mean “always” to Apple.

charlesesmith

@jsnell @9to5Mac just at some point, any point at all, the OS needs to assume that user is not a complete moron. Or at the very least, assume it's a “person picks a spouse you don't like” argument. You're allowed to ask once “are you sure?" After that don't be surprised if you don't get invited over any more.

MacBalance

@jsnell @9to5Mac Please tell me it’s not the full screen recording loop of grant permissions and restart the app.

But, yes, Apple needs to empower user, not make them paranoid and stressed. Was it Vista when Microsoft went crazy with security pop up’s and we learned that if overdone people just approve without comprehending?

Brandon Butler

@jsnell Could I make an app that auto allows permissions?

Brandon Butler

@jsnell Still could be worth it. One app you manually allow to auto allow the rest


ă”ă‹ăˆă‚Š

@jsnell

Remember at some old WWDC they used to poke fun at windows for security confirmation dialogues? 😂

FLEEECY

@jsnell @9to5Mac Apple is losing a lot of credibility by forcing stupid alerts on its users. All while refusing to provide a functional, usable method for remote support on its platforms outside of Apple Support’s methods. Nice wallpapers won’t fix this.

Steve Tibbett

@jsnell @9to5Mac If this is the way it’s going to be then Apple themselves need to start blessing apps that have proven themselves trustworthy. Some new sketchy app might need this but Zoom? CleanShot? Give them an entitlement.

Joe Kissell

@jsnell @9to5Mac I’ve been seeing multiple requests per day for each app, even though I haven’t restarted or logged out. This is really evil. What does Apple think “I expressly permit this” means?

Michael Argentini

@jsnell @9to5Mac I heard that Sequoia comes with a child safety seat as well. Was Apple acquired by Fisher Price?

nSonic

@jsnell @9to5Mac and what happens if you have installed 10 of such apps?
Would this insane dialog show up every day for another app? Or will it ask every Monday 10 times?

Are they drunk, mad or stoned or all of it at Apple? What happened? đŸ˜©

Tom_Pagano

@jsnell @9to5Mac This is particularly upsetting because they have a good model for this on iOS. For apps with full location access every (few months?) it pops up a dialog that says something like “hey
just a reminder that this app knows everywhere you go... just confirming you still want that”. That's way better than a blanket nag every week, and Apple invented it! I too prefer a “always allow" button but I’ll take a reminder every few months.

Nate

@jsnell so...now that Rewind AI has become a whole lot more tedious, how long until apple announce their own version that doesn't nag you as much?

pixelbud đŸłïžâ€đŸŒˆ

@jsnell oh no. I don’t think people realize how many 3rd-party apps use screen recording permissions: most menu bar utilities (Bartender, etc), CleanShot, OBS, Kap, Screen Studio, Sim Daltonism ( color blind test), and the list goes on. As a content creator and designer
 sigh
 this is a terrible user experience.

gumbario

@jsnell @timo Because of that, people just get used to giving apps this permission and don’t read it anymore. Like, I haven’t read any cookie banner on the web for years. I’m just used to clicking on something when I open a website.

John Socks

@jsnell so, I don't use Macs, and I am pretty much an outside observer.

To be honest this (admittedly strange) solution makes me wonder, what the heck are they responding to?

Have there been some particularly horrific crimes? Theft of plain people's money? Or has this led to hacks of Apple itself!

Maybe if the crimes were bad enough the heavy hammer is justified.

John Socks

@jsnell Maybe I should add my general expectation. It is that normal users will not be using general computer systems much into the future.

General computer systems require educated and responsible administration.

We've kind of faked that as a society since the dawn of the PC, but we are living on borrowed time.

iOS, Android, even Chromebook, are nice because they are NOT general computing environments.

Chris Adams

@jsnell @nicklockwood @9to5Mac personally, I agree but there are problems like spyware which get nasty (did “you” approve it or was that your abusive spouse when you used the bathroom?) which makes me wish they had put the effort into visibility so there isn’t a way to capture the screen without user awareness.

.

@jsnell it’s the same as on iOS where it asks you for continuing confirmation about location-tracking or background-refresh permissions. Not exactly intrusive and helps stop the “grant all permissions to everything, forever” mindset.

.

@jsnell I can get why power users are upset. They feel like they’re not being trusted in some way. But this is to make regular Joe user aware of some quite open-to-abuse permissions.

Go Up