Apple Snooping via Spotlight

Discussion in 'OS X Yosemite (10.10)' started by joedec, Oct 20, 2014.

  1. joedec, Oct 20, 2014
    Last edited: Oct 20, 2014

    joedec macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #1
    For those of you that care. You may want to read the following link. It appears Apple is interested in your search and location, but only on Yosemite.

    http://www.wired.com/2014/10/how-to-fix-os-x-yosemite-search/

    The down side is you give up a bit of new functionality if you disable this behavior, namely external search.
     
  2. notrack macrumors 6502

    Joined:
    Feb 19, 2012
    #2
    Wouldn't have expected that... Didn't Tim say they weren't in the data collection business?
     
  3. joedec thread starter macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #3
    Actually after posting I got to thinking, the nature of the application is that they try to locate, say a business within your vicinity according to your search and respond accordingly right?

    So to deliver the proper response they have to know your location and search string at Apple, because that's were the search engine and map data live.

    I don't see how you could deliver this information any other way. The thing is, do they (Apple) anonymize the user ID? That's the question for Tim Cook.
     
  4. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #4
    It should be obvious to anyone that as soon as Spotlight searches the Internet too, as was presented during the keynote as well, there will be privacy implications. To avoid this, you just have to disable ‘Spotlight Suggestions’ and ‘Bing Web Searches’ in the Spotlight preferences. It’s good to know that the solution is easy, although the term ‘Spotlight suggestions’ doesn’t really imply web results.

    However, I also share the concern that Apple is not sufficiently transparent. These functions are enabled by default and unless you read the document under Spotlight preferences, which I’m sure only very few will do, you may never realise that Spotlight is transmitting your queries even if you don’t see the relevant search results. I haven’t seen any localised search results yet, but that doesn’t mean that Apple didn’t receive my search queries. So there’s no need for them to receive my queries at this time and I’m a bit surprised that Apple didn’t highlight this more clearly.

    I’m also perplexed by the connection with location services. By default, Spotlight will transmit your location too whenever you search. The best part of this: it’s not really obvious where to disable this. Under the privacy settings in System Preferences, I had to scroll down to the bottom of the list where it said ‘System Services’. There I had to click on the ‘Detailts…’ button to disable Spotlight Suggestions. This is not what I had in mind when Apple was so frank about privacy. This is well-hidden enough for most users to overlook, even when they do care about privacy.
     

    Attached Files:

  5. joedec thread starter macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #5
    I agree, this should be much more obvious, like you said most people won't read everything, I missed it, and I spend an inordinate amount of time picking these things apart.

    Also showing the location icon for "system services" was "off" on my machine, and I don't recall changing that? I would think it would show by default. Of course the upside with Yosemite is they do a much better job with displaying the location icon for various services than past releases, to give credit where credits due.
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #6
    It was turned off for me as well. I presume that is the default setting. Another questionable decision. Showing the icon by default wouldn’t hurt anyone, in fact, it would promote awareness of what you Mac is doing. You don’t get any feedback once you start searching with Spotlight, even if you do get localised search results.

    I am very disappointed with this as well. It’s not like Apple underplayed their privacy commitments lately.
     
  7. Partron22 macrumors 68000

    Partron22

    Joined:
    Apr 13, 2011
    Location:
    Yes
    #7
  8. joedec thread starter macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #8
    It'll be interesting to see how this plays out. This article was written in support of Apple's privacy practices.

    http://www.loopinsight.com/2014/10/...cy-story-on-apple-and-how-they-got-it-wrong/?

    "The anonymous session ID allows Apple to analyze patterns between queries conducted in a 15-minute period. For instance, if users frequently search for “Café phone number” shortly after searching for “Café,” Apple may learn to make the phone number more available in results. Unlike most search engines, however, Apple’s search service does not use a persistent personal identifier across a user’s search history to tie queries to a user or device; instead, Apple devices use a temporary anonymous session ID for at most a 15-minute period before discarding that ID."
     
  9. joedec, Oct 21, 2014
    Last edited: Oct 21, 2014

    joedec thread starter macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #9
    Wow I am really shocked, About My Mac and creating Email for "non" Apple accounts both phone home!

    Apple is way out of line on this OS, they need to come clean. Another story hits the press...

    http://www.theregister.co.uk/2014/10/20/apple_spotlight_privacy_qualms/

    Well some of this I can explain. The "Mail configuration" complaint, sending a non Apple account domain to Apple is because they try to auto configure SMTP, IMAP or POP for you. How else do you get the names of those servers. Everybody does this and has been for a long time.

    The "About This Mac" complaint, checks in with support at Apple. They provide support links, the links point to the hardware you own, this mac, hence the cookie. Better than leaving a hard link on each Mac or type of Mac.
     
  10. joedec, Oct 21, 2014
    Last edited: Oct 21, 2014

    joedec thread starter macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #10
    False alarm

    If I had it to do over I would not have named this thread "Snooping". At this point I don't think Apple is doing anything other that classic cloud strategy. The engineering decisions they are making are actually pretty bright when you look closely.

    In every case listed by these guys at github (https://github.com/fix-macosx/yosemite-phone-home/) there is a perfectly reasonably explanation for sending anonymous data, and whenever Apple needs specifics they query the user for confirmation.

    I think its an important exercise to drill down on these things, I've learned a lot, but in the end this case is a witch hunt.
     
  11. Partron22 macrumors 68000

    Partron22

    Joined:
    Apr 13, 2011
    Location:
    Yes
    #11
    "Perfectly reasonable explanation" is not equal to "Apple asked for permission".
    Nor is their any assurance that Apple meets perfectly reasonable security standards on the information transfer.

    Exactly when and where does anonymizing take place. -If the results are to be useful to me personally, it sure can't be before the data is sent to Apple.
    So just how easy is it for third parties to intercept and interpret these torrents of personal information?
     
  12. bobright macrumors 601

    Joined:
    Jun 29, 2010
    #12
    So for your screenshot there is that how we should have it for better privacy, uncheck Spotlight Suggestions but leave Show location checked?

    Thanks to you and the OP would have never known
     
  13. joedec, Oct 21, 2014
    Last edited: Oct 21, 2014

    joedec thread starter macrumors 6502

    joedec

    Joined:
    Jul 25, 2014
    Location:
    Cupertino
    #13
    If you look at the cookie at github for "About This Mac", it has OS version and Mac Model. None of those identify you, there is nothing about the user there. That cookie information gets passed to the Apple support site which in turn supplies you with the correct URL for you say your user manual. If they need serial number, they prompt because that does identify you.

    The user is anonymized from the start, Apple doesn't tie these queries to email, IP address, or Apple ID.

    I don't think I'll disable this, what am I really giving them, an ID which is a random number as far as I can tell, for 15 minutes, a search string and my location.

    The value proposition is they give me the address, phone, URL, reviews and a map to the business I'm looking for in one quick query.

    Of course you have to trust people a little, just like when you trust the 1000s of mail servers that store your email address, your hostname, the hosts you connected though, etc etc etc. every day.

    Lastly asking for permission should be reserved for things that have sensitivity requiring it. If you nag people too much they'll learn to ignore you. I knew someone that forced the browser to request approval for every cookie, so they click yes every 5 minutes all day, to what end.
     

Share This Page