Post Ai0CGSj3vAtn75SL5c by wonderfall@mastoid.dev
 (DIR) More posts by wonderfall@mastoid.dev
 (DIR) Post #Ai0CGQEVBpGVNj8uB6 by wonderfall@mastoid.dev
       2024-01-12T18:51:41Z
       
       0 likes, 0 repeats
       
       Apple's TCC (permission model) on macOS feels a bit theatre for apps that aren't sandboxed. Like sure, you can deny access to standardized directories such as Documents/Pictures, but what if you have private keys in .ssh?Well, you shouldn't have plain private SSH keys on any desktop OS to begin with. On macOS, use Secretive, or (and on any other desktop OS) FIDO2-based 2FA.And of course, be extra careful when running non-sandboxed apps on macOS.
       
 (DIR) Post #Ai0CGSj3vAtn75SL5c by wonderfall@mastoid.dev
       2024-01-12T18:55:15Z
       
       0 likes, 0 repeats
       
       How to know if the app is sandboxed?First off, if downloaded from the app store, it is sandboxed - that doesn't mean it can't ask for very invasive permissions (accessibility, input monitoring, screen recording, and so on), so watch out for those.For other apps, either run them and display the "sandboxed" column in Activity Monitor to show their sandboxing status (yes/no), or use codesign in your terminal.Be very careful when storing secrets in non-protected directories.