macOS Sonoma silently enabled iCloud Keychain despite my precautions

Original Article ↗ Hacker News Discussion ↗

Apple’s Privacy Posture and Trust

  • Many see Apple’s “we take privacy seriously” as mostly marketing, especially given incidents like PRISM participation and past on-device scanning proposals.
  • Others argue Apple has made real trade-offs (reduced functionality for privacy), and that dismissing it as “only marketing” is overly cynical.
  • Distinction is made between trusting Apple’s intent (not nefarious) vs. trusting the security of any cloud service, including Apple’s.

iCloud Keychain Bug and User Responsibility

  • Core complaint: macOS Sonoma appears to have silently re‑enabled iCloud Keychain despite it being explicitly disabled.
  • Some blame the user for being signed into an Apple account at all; others note valid reasons (Find My, App Store, development, testing) that don’t imply consent to cloud-syncing passwords.
  • A recurring frustration: “off” toggles not being honored, and settings reverting to less private defaults, likened to similar behavior on Windows.
  • Debate over incompetence vs. intentional dark patterns; repeated similar “bugs” make some doubt it’s accidental.

Platform Trade-offs and Threat Models

  • Some argue that if one fundamentally distrusts Apple, they shouldn’t use its platform for sensitive data at all.
  • Counterpoint: one can trust Apple more than many competitors yet still reject specific features like cloud keychains, especially for legal/ethical obligations (e.g., handling others’ confidential data).
  • Discussion of nuanced threat models: government, medical, legal contexts vs. ordinary personal use.

Alternatives and Mitigations

  • Suggested password alternatives: Bitwarden, 1Password, KeePassXC, Codebook, password-store; plus local encryption (e.g., GPG, Cryptomator).
  • Some advocate privacy-focused OSes (Qubes OS, Asahi Linux on Apple Silicon) to avoid “call-home” behavior.
  • Detailed hardening strategies: disabling iCloud via MDM/Configurator, blocking Apple IP ranges and CDNs, strict Wi‑Fi/MDM policies, Faraday cages and SDRs for verification, or hardware radio modifications.

Apple QA and Software Quality

  • Numerous anecdotes of persistent bugs across Apple Watch (including Ultra), iOS, iCloud services, and macOS, fueling a sense of declining quality.
  • Some report essentially bug‑free experiences, highlighting strong variability.
  • Comments describe under-valued, monotonous QA work, reliance on contractors, resistance to automated testing, and a de facto “test in production” culture.