[grooot]

There is absolutely nothing malicious that has been shown.

[vorpalhex]

Scanning your images and followong links in them without user consent is pretty malicious.

[JimDabell]

How is it malicious? “Malicious” doesn’t mean “unwanted behaviour”. You are saying that Apple intend to do harm with this. How?

[smoldesu]

On the one hand, I get where you're coming from and I agree that this specific example isn't malicious (as I've highlighted elsewhere in the thread)

...on the other hand, this is the exact same technology Apple lets China use to hunt down their religious and political minorities. Maybe they don't intend harm to Americans, but one thing is for certain; Apple doesn't treat privacy as a human right. If you can live with that, then more power to you.

[JimDabell]

> this is the exact same technology Apple lets China use to hunt down their religious and political minorities.

QR codes? HTTP requests? I’m not sure what technology you’re referring to.

> one thing is for certain; Apple doesn't treat privacy as a human right.

They have put a huge amount of effort into privacy technology; more than any comparable company I can think of. I don’t think your certainty is even remotely justified.

[0xFEE1DEAD]

Seems a bit like a witch hunt to me. It's your PC executing the request. Nowhere does it say this data gets send to apple servers.

[grooot]

What are you talking about? It sounds like you don’t understand what is going on here. Perhaps you think some data is going to Apple?

[vorpalhex]

Having read the article I entirely understand what is going on here.

Do you expect your images to be scanned on disk and the links in them to be opened, leaking your ip? What if you do something as simple as screenshot an address bar in a browser? Save a menu QR code?

Now you are sending out traffic, accidentally, with your full ip to random places due to a service Apple inserted that you have no knowledge of.

[dev_tty01]

I don't know, but I wouldn't be surprised if this is being done via Apple's private relay. If so, your IP address is not being leaked to anyone.

[martin_a]

The thread says she got an information that somebody requested the URL and it was her own IP address. So no private relay here.

[grooot]

Do you seriously believe that your IP is private?

Do you know every site that has received your ip address?

I think the honest answer to both of these questions has to be no.

[vorpalhex]

http://letstrack.you/?id=grooot

Throw that to disk for me so I can map where you are, where you go, when your machine is up and how often your search indexing runs.

[_justinfunk]

I think the idea is that it is a way for your IP address to leak without a user-initiated request.

I could send you a QR code that I've setup specifically to get your IP address.

[flyinghamster]

If you have the misfortune of living in a country where accessing $BANNED_WEBSITE can get you a nighttime visit from the local goon squad, this could well get you tortured or killed.

[cycomanic]

There have been reported cases of using qr codes for phishing/malware distribution. Previously they still required users to actually use a qr code scanner, now I need to simply glue some qr code at a famous tourist photo spot and bang lots of people accessing the site (does the indexer execute js?).

[smoldesu]

I agree. The problem is that it's rather annoying, and there are many such behaviors on MacOS (many of which you can't disable). Stuff like this is another good example of esoteric, almost curious behavior taking place without any input or prompt from the user. It's really absurd stuff.