Apple and iTunes: The encryption of traffic across the web is now mandatory, or almost mandatory, as Apple chooses not to encrypt downloads from iTunes.
You usually know when a page uses HTTPS encryption from the small green padlock on the left side of the URL line. If there is not the little padlock something happens. This was remarked by Disconnect researchers in iTunes and the Apple App Store.
Every time you download an app or something information από το App Store ή μια ταινία, μια τηλεοπτική εκπομπή ή ένα song from iTunes, the download comes via HTTP without TLS.
This makes it at least theoretically easier for an ISP, a hacker, or even someone in public network Wi-Fi to track your movements.
Please note that each unencrypted download also includes an Apple-created code. Called Destination Signaling Identifier, it is a unique device ID generated by iCloud and periodically changed.
Disconnect researchers report that attackers could use DSID to track one's habits or the applications he uses.
"There is so much you can learn about someone by downloading an app" he says Patrick Jackson, Cisco's Disconnect, and a former NSA researcher.
Disconnect researchers reported the bug to Apple in September, highlighting their concerns. Apple replied that this is not an error and that downloads via HTTP are "expected". The response essentially confirms that the downloads are not encrypted, and according to the researchers, the company declined to comment further on the use of HTTP in the downloads.
While it is surprising that a company claiming to be in favor of privacy does not use secure connections, iOS researcher Will Strafach says he believes the non-use of TLS serves a specific purpose.
By sending downloads over HTTP instead of encrypted connections, system administrators, especially in large business environments, can create a sort of staging ground by caching large applications and files on their local network for faster distribution. This means that it will not consume bandwidth if an application, an updated one version or some other file is downloaded again and again on multiple devices. If connections were encrypted between Apple's servers and devices, the creation of an intermediate station offering temporary storage would not be possible.
However, Apple's specific behavior is not safe. Let's say if the above reason why the company does not add encryption to downloads, the friends of the company will have to think again about giving their money. Let's remind you that we are talking about one of the richest technology companies.
________________________
- TDSSKiller free Rootkit removal from Kaspersky
- Microsoft, Apple, Google, Facebook, Amazon and captivity
- Bugatti Chiron from Lego, it works normally!
