Apple Snooping via Spotlight

joedec · Oct 20, 2014

For those of you that care. You may want to read the following link. It appears Apple is interested in your search and location, but only on Yosemite.

http://www.wired.com/2014/10/how-to-fix-os-x-yosemite-search/

The down side is you give up a bit of new functionality if you disable this behavior, namely external search.

notrack · Oct 20, 2014

Wouldn't have expected that... Didn't Tim say they weren't in the data collection business?

joedec · Oct 20, 2014

notrack said:
Wouldn't have expected that... Didn't Tim say they weren't in the data collection business?

Actually after posting I got to thinking, the nature of the application is that they try to locate, say a business within your vicinity according to your search and respond accordingly right?

So to deliver the proper response they have to know your location and search string at Apple, because that's were the search engine and map data live.

I don't see how you could deliver this information any other way. The thing is, do they (Apple) anonymize the user ID? That's the question for Tim Cook.

KALLT · Oct 20, 2014

It should be obvious to anyone that as soon as Spotlight searches the Internet too, as was presented during the keynote as well, there will be privacy implications. To avoid this, you just have to disable ‘Spotlight Suggestions’ and ‘Bing Web Searches’ in the Spotlight preferences. It’s good to know that the solution is easy, although the term ‘Spotlight suggestions’ doesn’t really imply web results.

However, I also share the concern that Apple is not sufficiently transparent. These functions are enabled by default and unless you read the document under Spotlight preferences, which I’m sure only very few will do, you may never realise that Spotlight is transmitting your queries even if you don’t see the relevant search results. I haven’t seen any localised search results yet, but that doesn’t mean that Apple didn’t receive my search queries. So there’s no need for them to receive my queries at this time and I’m a bit surprised that Apple didn’t highlight this more clearly.

I’m also perplexed by the connection with location services. By default, Spotlight will transmit your location too whenever you search. The best part of this: it’s not really obvious where to disable this. Under the privacy settings in System Preferences, I had to scroll down to the bottom of the list where it said ‘System Services’. There I had to click on the ‘Detailts…’ button to disable Spotlight Suggestions. This is not what I had in mind when Apple was so frank about privacy. This is well-hidden enough for most users to overlook, even when they do care about privacy.

joedec · Oct 20, 2014

KALLT said:
It should be obvious to anyone that as soon as Spotlight searches the Internet too, as was presented during the keynote as well, there will be privacy implications. To avoid this, you just have to disable Spotlight Suggestions and Bing Web Searches in the Spotlight preferences. Its good to know that the solution is easy, although the term Spotlight suggestions doesnt really imply web results.

However, I also share the concern that Apple is not sufficiently transparent. These functions are enabled by default and unless you read the document under Spotlight preferences, which Im sure only very few will do, you may never realise that Spotlight is transmitting your queries even if you dont see the relevant search results. I havent seen any localised search results yet, but that doesnt mean that Apple didnt receive my search queries. So theres no need for them to receive my queries at this time and Im a bit surprised that Apple didnt highlight this more clearly.

Im also perplexed by the connection with location services. By default, Spotlight will transmit your location too whenever you search. The best part of this: its not really obvious where to disable this. Under the privacy settings in System Preferences, I had to scroll down to the bottom of the list where it said System Services. There I had to click on the Detailts button to disable Spotlight Suggestions. This is not what I had in mind when Apple was so frank about privacy. This is well-hidden enough for most users to overlook, even when they do care about privacy.

I agree, this should be much more obvious, like you said most people won't read everything, I missed it, and I spend an inordinate amount of time picking these things apart.

Also showing the location icon for "system services" was "off" on my machine, and I don't recall changing that? I would think it would show by default. Of course the upside with Yosemite is they do a much better job with displaying the location icon for various services than past releases, to give credit where credits due.

KALLT · Oct 20, 2014

joedec said:
I agree, this should be much more obvious, like you said most people won't read everything, I missed it, and I spend an inordinate amount of time picking these things apart.

Also showing the location icon for "system services" was "off" on my machine, and I don't recall changing that? I would think it would show by default. Of course the upside with Yosemite is they do a much better job with displaying the location icon for various services than past releases, to give credit where credits due.

It was turned off for me as well. I presume that is the default setting. Another questionable decision. Showing the icon by default wouldn’t hurt anyone, in fact, it would promote awareness of what you Mac is doing. You don’t get any feedback once you start searching with Spotlight, even if you do get localised search results.

I am very disappointed with this as well. It’s not like Apple underplayed their privacy commitments lately.

Partron22 · Oct 20, 2014

The problem is a bit more pervasive than just Spotlight.
Github is collecting instances here: yosemite-phone-home
Discussed at Slashdot, here: If You're Connected, Apple Collects Your Data

joedec · Oct 20, 2014

Partron22 said:
The problem is a bit more pervasive than just Spotlight.
Github is collecting instances here: yosemite-phone-home
Discussed at Slashdot, here: If You're Connected, Apple Collects Your Data

It'll be interesting to see how this plays out. This article was written in support of Apple's privacy practices.

http://www.loopinsight.com/2014/10/...cy-story-on-apple-and-how-they-got-it-wrong/?

"The anonymous session ID allows Apple to analyze patterns between queries conducted in a 15-minute period. For instance, if users frequently search for Café phone number shortly after searching for Café, Apple may learn to make the phone number more available in results. Unlike most search engines, however, Apples search service does not use a persistent personal identifier across a users search history to tie queries to a user or device; instead, Apple devices use a temporary anonymous session ID for at most a 15-minute period before discarding that ID."

joedec · Oct 21, 2014

Partron22 said:
The problem is a bit more pervasive than just Spotlight.
Github is collecting instances here: yosemite-phone-home
Discussed at Slashdot, here: If You're Connected, Apple Collects Your Data

Wow I am really shocked, About My Mac and creating Email for "non" Apple accounts both phone home!

Apple is way out of line on this OS, they need to come clean. Another story hits the press...

http://www.theregister.co.uk/2014/10/20/apple_spotlight_privacy_qualms/

Well some of this I can explain. The "Mail configuration" complaint, sending a non Apple account domain to Apple is because they try to auto configure SMTP, IMAP or POP for you. How else do you get the names of those servers. Everybody does this and has been for a long time.

The "About This Mac" complaint, checks in with support at Apple. They provide support links, the links point to the hardware you own, this mac, hence the cookie. Better than leaving a hard link on each Mac or type of Mac.

joedec · Oct 21, 2014

False alarm

If I had it to do over I would not have named this thread "Snooping". At this point I don't think Apple is doing anything other that classic cloud strategy. The engineering decisions they are making are actually pretty bright when you look closely.

In every case listed by these guys at github (https://github.com/fix-macosx/yosemite-phone-home/) there is a perfectly reasonably explanation for sending anonymous data, and whenever Apple needs specifics they query the user for confirmation.

I think its an important exercise to drill down on these things, I've learned a lot, but in the end this case is a witch hunt.

Partron22 · Oct 21, 2014

joedec said:
In every case listed by these guys at github (https://github.com/fix-macosx/yosemite-phone-home/) there is a perfectly reasonably explanation for sending anonymous data, and whenever Apple needs specifics they query the user for confirmation.

"Perfectly reasonable explanation" is not equal to "Apple asked for permission".
Nor is their any assurance that Apple meets perfectly reasonable security standards on the information transfer.

Exactly when and where does anonymizing take place. -If the results are to be useful to me personally, it sure can't be before the data is sent to Apple.
So just how easy is it for third parties to intercept and interpret these torrents of personal information?

bobright · Oct 21, 2014

KALLT said:
It should be obvious to anyone that as soon as Spotlight searches the Internet too, as was presented during the keynote as well, there will be privacy implications. To avoid this, you just have to disable Spotlight Suggestions and Bing Web Searches in the Spotlight preferences. Its good to know that the solution is easy, although the term Spotlight suggestions doesnt really imply web results.

However, I also share the concern that Apple is not sufficiently transparent. These functions are enabled by default and unless you read the document under Spotlight preferences, which Im sure only very few will do, you may never realise that Spotlight is transmitting your queries even if you dont see the relevant search results. I havent seen any localised search results yet, but that doesnt mean that Apple didnt receive my search queries. So theres no need for them to receive my queries at this time and Im a bit surprised that Apple didnt highlight this more clearly.

Im also perplexed by the connection with location services. By default, Spotlight will transmit your location too whenever you search. The best part of this: its not really obvious where to disable this. Under the privacy settings in System Preferences, I had to scroll down to the bottom of the list where it said System Services. There I had to click on the Detailts button to disable Spotlight Suggestions. This is not what I had in mind when Apple was so frank about privacy. This is well-hidden enough for most users to overlook, even when they do care about privacy.

So for your screenshot there is that how we should have it for better privacy, uncheck Spotlight Suggestions but leave Show location checked?

Thanks to you and the OP would have never known

joedec · Oct 21, 2014

Partron22 said:
"Perfectly reasonable explanation" is not equal to "Apple asked for permission".
Nor is their any assurance that Apple meets perfectly reasonable security standards on the information transfer.

Exactly when and where does anonymizing take place. -If the results are to be useful to me personally, it sure can't be before it gets sent to Apple.
Just how easy is it for third parties to intercept and interpret these torrents of information?

If you look at the cookie at github for "About This Mac", it has OS version and Mac Model. None of those identify you, there is nothing about the user there. That cookie information gets passed to the Apple support site which in turn supplies you with the correct URL for you say your user manual. If they need serial number, they prompt because that does identify you.

The user is anonymized from the start, Apple doesn't tie these queries to email, IP address, or Apple ID.

I don't think I'll disable this, what am I really giving them, an ID which is a random number as far as I can tell, for 15 minutes, a search string and my location.

The value proposition is they give me the address, phone, URL, reviews and a map to the business I'm looking for in one quick query.

Of course you have to trust people a little, just like when you trust the 1000s of mail servers that store your email address, your hostname, the hosts you connected though, etc etc etc. every day.

Lastly asking for permission should be reserved for things that have sensitivity requiring it. If you nag people too much they'll learn to ignore you. I knew someone that forced the browser to request approval for every cookie, so they click yes every 5 minutes all day, to what end.

Search

Search

Apple Snooping via Spotlight

joedec

macrumors 6502

notrack

macrumors 6502

joedec

macrumors 6502

KALLT

macrumors 603

Attachments

joedec

macrumors 6502

KALLT

macrumors 603

Partron22

macrumors 68030

joedec

macrumors 6502

joedec

macrumors 6502

joedec

macrumors 6502

Partron22

macrumors 68030

bobright

macrumors 601

joedec

macrumors 6502

Our Staff