> The application ā¦ makes a lot of connections to [site], a website that sells tickets to live music events
This is a common use for residential proxies. Ticket touts buy use of the infected users to make requests to try beat restrictions on access from data-centre hosts or high-volume access from and other hosts, to increase their charge of getting valuable tickets for later resale.
A number of backdoored (by the creator, by someone cracking into their source repositories, or in this case by buy-out) free browser extensions, VPN apps, and such, turn the user's machines into a proxy like this.
I hate silent takeovers so much. Chrome developer extensions are another very popular thing for bad actors to buy out and replace with malware, and it sucks.
>> It is an alternative to the built in macOS automatic mode which only switches when the user steps away from the computer.
Huh? Setting a schedule/location for nightshift and setting the dark mode setting to auto will always change instantly. If you use a launcher or spotlight then a simple one line applescript can change the setting as well. (tell application "System Events" to tell appearance preferences to set dark mode to not dark mode).
It looks like Apple has revoked the developer certificate. Anyone know if there's a public log somewhere showing when it was revoked?
The app was blocked from loading, but I still saw the two dylibs running. I wondered if it was because the certificate was revoked after they had already started. However, logging out and back in still showed them running. Perhaps they're persisting through log outs?
As well, I got a prompt from the macOS firewall to allow the mentioned AutoUpdate binary to listen for connections. That makes me think all of this was deployed in the last few days.
Edit: A reboot gave me the `āNightOwlā will damage your computer. You should move it to the Trash.` dialog. Allowing that did not fully clean things up (leaving a non-functional `/Users/*/Library/LaunchAgents/NightOwlUpdater.plist` in place and the usual preference files). For me, Hazel cleans those up.
I think for non-technical users who may not be familiar with the terminal would be to direct them to reboot.
MacOS pulled it for me, refused to open it
Replaced it with NightFall https://github.com/r-thomson/Nightfall
There's gotta be some law that could be passed about stuff like this. Software should have an implicit contract that it does what it says and not something wildly different than it, with harsh penalties for violations.
> It also tries to open a UPnP port forward on your router, but fails on mine because the key names are jumbled:
This should fail on any router as you should have UPnP disabled.
"WHEREAS, NightOwl app enables Users to share internet traffic by modifying their deviceās network settings to be used as a gateway for internet traffic. Additionally, the Userās device acts as a gateway for NightOwl appās Clients, including companies that specialize in web and market research, SEO, brand protection, content delivery, cybersecurity, etc."
Fuck that with a chainsaw. Burn it. Burn it with fire.
Little Snitch would help detecting to which IPs and addresses app connects and allow to block those connections
Kind of off topic. But is there any app/service/extension for parsing these TOS with an LLM to catch all these shady things? If not, would one be useful? (Iām also a bit surprised this is in the TOS in the first place, but theres already a thread about that.)
If anyone is looking for an alternative, I have been using my script below for two years without any issue.
--edit--
I do not know how to format code here.
--edit--
Another attempt to format code here.
# Step 1 Save script below to your local drive. For example, `/Users/xxxx/Documents/Scripts/DarkMode/darkModeWatcher.sh`
#!/bin/zsh
# ref: https://unix.stackexchange.com/a/526097
# start time is 18:33 -> 18 * 60 * 60 + 33 * 60 = 66780
# end time is 07:33 -> 07 * 60 * 60 + 33 * 60 = 27180
# install gdate via `brew install gdate`
if [[ $(uname -m) == 'arm64' ]]; then
secsSinceMidnight=$(( $(/opt/homebrew/bin/gdate +%s) - $(/opt/homebrew/bin/gdate -d '00:00:00' +%s) ))
else
secsSinceMidnight=$(( $(/usr/local/bin/gdate +%s) - $(/usr/local/bin/gdate -d '00:00:00' +%s) ))
fi
if [[ $secsSinceMidnight -lt 27180 || $secsSinceMidnight -gt 66780 ]]; then
# turn on dark mode
osascript -e 'tell app "System Events" to tell appearance preferences to set dark mode to true'
else
# turn off dark mode
osascript -e 'tell app "System Events" to tell appearance preferences to set dark mode to false'
fi
# cron job for enabling macOS dark mode periodically
# darkModeWatcher script is executed 60s after reboot. After that, it is executed at 35 mins of each hour if the display is not asleep.
# replace xxxx with your username
@reboot sleep 60 && /bin/zsh /Users/xxxx/Documents/Scripts/DarkMode/darkModeWatcher.sh >> /Users/xxxx/Library/Logs/systemDarkModeWatcher.log 2>&1
35 */1 * * * if [[ -n "$(/usr/sbin/system_profiler SPDisplaysDataType | /usr/bin/grep 'Asleep')" ]]; then newDisplayStatus=0; else newDisplayStatus=1; fi && if [[ $newDisplayStatus == 1 ]]; then /bin/zsh /Users/xxxx/Documents/Scripts/DarkMode/darkModeWatcher.sh >> /Users/xxxx/Library/Logs/systemDarkModeWatcher.log 2>&1 ; fi> sudo zsh -c "rm /Users/*/Library/LaunchAgents/NightOwlUpdater.plist"
Why do you need to call out to zsh for this command instead of just running it in the current shell?
Apple is locking down macOS more and more, and yet there is no built in feature like Little Snitch or LuLu neither in MacOS or iOS. So basically they donāt mind apps spying on you, as long as it is approved by Apple.
Coming from Linux, I also have to say that I was shocked how many apps on mac os are only available as closed source.
In 2018, I contacted the developer and tried to purchase this app. He turned me down, and seemed like he wasnāt in it for the money. Seems like he picked the wrong buyer when he did finally sell out.
Feck, I'm uninstalling right now.
I assume this is being used by those services that sell scrapers "real domestic IP addresses", where in fact they are selling a botnet.
We can't just have nice things can we.
I did a small Automator action that just switches dark mode on my computer, and I activate it with the cmd-alt-shift-P hotkey; itās truly convenient and thereās no need for a third-party :)
Just want to say: amazing write up. I hope to write like this some day.
Nice writing style. Straight to the point because the author actually had something useful to say. A nice departure from the usual āpad it outā approach that sadly you even see people take for their personal writing. So many people will lament recipe authors including 6 paragraphs of preamble, but will happily do it when theyāre telling you about how they pwned their toaster or whatever.
When it gets down to brass tacks, I.e. the technical details section, it could really do with a once-over. One too many run-on sentences.
Not to be confused with NightOwlConnect, which allows one to remotely access NightOwl-brand security camera DVRs.
I'd not be surprised to find that that app has some sketchiness baked into it as well.
This makes me really weary of all apps more generally. How many other apps are doing this crap already and just havenāt been noticed / called out for it yet?
An interesting other-side of this, a Chrome add-on dev published how they continuously receive monetary offers from the kind of organisation that does exactly this:
"The application, at least the time of writing, and the installations Iāve been made aware of, makes a lot of connections to https://stubbs.frontgatetickets.com/, a website that sells tickets to live music events for a restaurant in Austin, TX."
Stubbs BBQ?
So this seems to be the app on VirusTotal: https://www.virustotal.com/gui/file/375ef0eb310d3fa82ddb5357...
wow and this is built into macOS now as NightShift right?
Does no one else find it difficult to read pure white on black sites? Ironic when the post is about a dark mode app I know.
I'm all for dark mode, but give me an option to switch back if it's a wall of pure white text please!
As a side note I want to mention that I use Night Shift on mac os and every day!!! I need to switch it back on because there is no option to leave it enabled all day long.
I installed this app earlier this year, and uninstalled it a few days later after I noticed it constantly using obscene amounts of my internet data.
It seems kinda weird to Dox the guy's home address.
While my comment might be borderline off-topic, is this functionality somehow replicated on Linux, especially in KDE?
Developers who sell out their app to entities like this deserve to be ostracized from the profession.
Software as rugpull model
Is this a MacOS app? From the App Store?
And this is why we run little snitch!
Was expecting a clickbait article. No sir!
Great piece.
Wow, thatās scummy and desperate
Is this same for Dropbox?
[dead]
[flagged]
I know this happens with some frequency, I wonder how frequently the companies update the TOS with language like this. The very idea of a self-updating TOS that will govern all usage into perpetuity feels like it should have been legally stuck down years ago. This company's current language on indistinct modification rights:
> We reserve our right to alter the terms in this Agreement and/or the pricing information and method detailed in NightOwl app's website at any time. In case the Agreement is amended as described, we will post an updated version of it in our website, at which time it becomes active and binding.
> In case NightOwl app alters the Agreement in a way which will be deemed material to the relations and/or obligations of the parties by NightOwl app's sole decision, we will inform you of these changes on our website or via our social media accounts and other established communication channels.
Great, a website update for a locally installed application. Definitely going to subscribe to your social feed to get an update.