Yosemite & Privacy?

[KALLT]

But my point is the Apple servers don't know which country you are in without the initial location info.

It doesn’t only use your data to verify this, Spotlight is also programmed to take into account your system language and regional settings (just try it).

Its opt out because users are more likely to not, due to it being a hassle. Its well known by data collectors etc that opt out works better than opt in. Thats why apple is using it.

Or a smoother user experience?

pick one

Apple said it’s not ‘in the business to collect data’. Why should Apple care whether users actually use the feature or not? The data collection would only be incidental to actual usage of the features.

Although they claim that they care about their users’ privacy and do put up some measures to reduce the collection and sensitivity of the data, it is still a bad practice to hide the transmission from plain sight from your users.

What’s more, Apple has, by default, hidden the visual indicator in the menu bar that shows up when your location data is accessed by a program. As a result, you are giving out location data without even knowing. Every other third-party app is required to ask explicit permission first, but not Apple’s own apps. Spotlight’s location access is also well-hidden behind an obscure setting called ‘System Services’ under System Preferences > Privacy > Location Services. Why not mention Spotlight in the list itself and put the checkbox of the visual indicator outside of the list view? This kind of sneaky behaviour I would expect from companies like Google, but not from Apple.

 

[Brian Y]

It doesn’t only use your data to verify this, Spotlight is also programmed to take into account your system language and regional settings (just try it).



Apple said it’s not ‘in the business to collect data’. Why should Apple care whether users actually use the feature or not? The data collection would only be incidental to actual usage of the features.

Although they claim that they care about their users’ privacy and do put up some measures to reduce the collection and sensitivity of the data, it is still a bad practice to hide the transmission from plain sight from your users.

What’s more, Apple has, by default, hidden the visual indicator in the menu bar that shows up when your location data is accessed by a program. As a result, you are giving out location data without even knowing. Every other third-party app is required to ask explicit permission first, but not Apple’s own apps. Spotlight’s location access is also well-hidden behind an obscure setting called ‘System Services’ under System Preferences > Privacy > Location Services. Why not mention Spotlight in the list itself and put the checkbox of the visual indicator outside of the list view? This kind of sneaky behaviour I would expect from companies like Google, but not from Apple.

You're confusing two separate things.

Country/Region != location.

A country/region is something that you personally set on your Mac. You physically go through and choose. They can bear no resemblance to your actual location - and the most information they give is which country you're in (if Apple was fussed about that - they likely already know).

Your "location" is just that - the *current* location of the machine, as indicated by the IP address, WiFi Geolocation, etc. There is a huge difference between the two. Spotlight doesn't know your current location - and it uses the last known location from the Maps app t give results.

Oh, and they haven't hidden the location indicator by default, it's still there. I just fired up maps, hit my location marker, and the icon was there.

 

[KALLT]

You're confusing two separate things.

Country/Region != location.

A country/region is something that you personally set on your Mac. You physically go through and choose. They can bear no resemblance to your actual location - and the most information they give is which country you're in (if Apple was fussed about that - they likely already know).

Your "location" is just that - the *current* location of the machine, as indicated by the IP address, WiFi Geolocation, etc. There is a huge difference between the two. Spotlight doesn't know your current location - and it uses the last known location from the Maps app t give results.

I know the difference. Spotlight still seems to take your regional settings into account when you switch your region to the United States. Even though a query will obviously not result in local results for you, Spotlight will still present the initial information window for you, even though it just doesn’t work.

[Edit] To give you an example: my region is set to a country that is not supported. When I type in a word, say ‘Tim Cook’ it doesn’t give me any results. As soon as I switch my region to United States, Spotlight will show Wikipedia entries and news results (e.g. Yahoo! Search). As soon as I switch back to an unsupported country, it won’t work anymore. Spotlight is well aware of your regional settings, so I suppose it does take it into account as well, even though you won’t ever get localised results (unless you spoof your location with a VPN or proxy).

And that’s my point: why should Apple still transmit my queries and location even though Spotlight doesn’t show the results to begin with? I’ve tested it with a network tracker. As soon as I start typing, Spotlight will make a connection to Apple servers and the visual indicator shows that Spotlight has accessed my location. That shouldn’t be at all necessary.

Oh, and they haven't hidden the location indicator by default, it's still there. I just fired up maps, hit my location marker, and the icon was there.

I’ve heard different reports about this. It was disabled for me, I had to enable it. I’m quite sure, because I was annoyed by it.

 

[Zxxv]

I enabled location icon too. It's part of owning a device. You read the destruction manual. Well you don't if your a man haha in such case you poke around under the hood pushing every button and setting to see what it does. I would prefer apple to do all the setting up decisions for me but it still wouldn't stop me poking around into every corner.

 

[Partron22]

Apple has a pretty good page here: http://www.apple.com/privacy/privacy-built-in/ explaining what gets sent where and why.

Mail and Notes are not encrypted on the servers.

 

[wiredup72]

Thank you to everyone who posted in the thread. Even if you honestly don't care. I may think I am funny, but know I'm just a cog in the meat grinder.

I don't require agreement to reinforce my own beliefs. I appreciate honest debate.

I was genuinely curious if there are more than a few people in the OSX community that were bothered by what one poster properly named IMO "the direction Apple is headed".

All responses are legitimate in my opinion. Even if I mock that opinion

I just want to keep the conversation going so that more people have time to digest this type of data creep and then decide if they want to voice their concerns to apple through the written word or their wallet. I will be exercising both.

 

[bbfc]

I’m not saying that anyone should care about other people’s feelings, but at least recognise the privacy issues that matter to others even if you don’t care about them yourself.



In some countries, including my own, Spotlight doesn’t give any localised or vertical search results. It’s disabled. It still transmits the data and location, however. Why does it do that? Location isn’t only to city level, Apple explained that it used a technique it called ‘blurring’ to make the location data less exact. But within cities, it is a lot more accurate than just ‘city level’. As I said above, not using a unique identifier is not necessarily the same as being anonymous. Depending on the data collected, identification may still be possible.

That you can turn it off is a good thing, but I’m arguing that Apple should have included an information panel when Spotlight is first started and give users an option to opt in or out before even making their first search.



You clearly avoid the issue I’m talking about. The point still is, Apple enabled Spotlight Suggestions by default and it doesn’t give a heads up in countries where these services are not even enabled. It still collects some data in that process for no apparent reason. Preventing unnecessary data collection is always the better option than relying on some company’s privacy policy and PR what they do with the data collected.

I'm not saying I don't care that people are concerned by this; all I'm saying is that it doesn't bother me. I respect other people's opinions and I recognise that some people might be concerned by these issues. I'm not.

----------

#facepalm

That's my opinion. I don't have anything to hide so I don't care about them logging my searches etc. why should I. Also doesn't bother me that the UK has the most surveillance cameras. I am not up to no good so it doesn't bother me. A few of my friends have the same view.

 

[Zxxv]

I'm not saying I don't care that people are concerned by this; all I'm saying is that it doesn't bother me. I respect other people's opinions and I recognise that some people might be concerned by these issues. I'm not.

----------



That's my opinion. I don't have anything to hide so I don't care about them logging my searches etc. why should I. Also doesn't bother me that the UK has the most surveillance cameras. I am not up to no good so it doesn't bother me. A few of my friends have the same view.

I think the point face palm was making is you don't have anything to hide until the law changes and you do. Frog boiling slow. also if you have nothing to hide then they have no business with you. So why let them have full access?

 

[Phil A.]

Mail and Notes are not encrypted on the servers.

Do any mainstream mail providers encrypt email on their servers?

 

[simonsi]

I think the point face palm was making is you don't have anything to hide until the law changes and you do. Frog boiling slow. also if you have nothing to hide then they have no business with you. So why let them have full access?

"Full access" isnt involved here, just some limited information that is made anonymous and secure in transit, that you can disable if you wish.

Using the term "full access" is just spreading FUD....

 

[Zxxv]

"Full access" isnt involved here, just some limited information that is made anonymous and secure in transit, that you can disable if you wish.

Using the term "full access" is just spreading FUD....

Turn the heat up slowly and the victim feels nothing until it's too late. But that's been said by others.

 

[bbfc]

I think the point face palm was making is you don't have anything to hide until the law changes and you do. Frog boiling slow. also if you have nothing to hide then they have no business with you. So why let them have full access?

What laws? And they don't have FULL ACCESS. My bank details are not being transmitted (thought I do use iCloud Keychain), or any other sensitive information. Just what I search.

If I want to turn it off I can, but I'm not bothered if I dont or can't.

 

[simonsi]

Turn the heat up slowly and the victim feels nothing until it's too late. But that's been said by others.

Sure but misrepresenting the facts by wild exageration, as here, harms, not helps the case.

FUD as I said.

 

[Partron22]

I think the point face palm was making is you don't have anything to hide until the law changes and you do.

This assumes encyclopedic knowledge of all applicable law. I don't have that. I doubt Justice Scalia has it either; although he probably got photobombed by Osama bin Laden back in 93. That'd land him on an NSA 'person of interest' list. Nothing to hide or not, that outcome is still undesirable.

 

[Partron22]

Do any mainstream mail providers encrypt email on their servers?

Lavabit did until the Feds shut them down.


I find the policy of saving notes in the clear more bothersome.
Why store them that way? I'm sure lots of great ideas and sensitive information end up in notes. Why leave that open to hackers or governments?

 

[Phil A.]

Lavabit did until the Feds shut them down.


I find the policy of saving notes in the clear more bothersome.
Why store them that way? I'm sure lots of great ideas and sensitive information end up in notes. Why leave that open to hackers or governments?

I believe notes are stored in an e-mail folder on the server so they're just another email type as far as iCloud is concerned.

 

[Zxxv]

This assumes encyclopedic knowledge of all applicable law. I don't have that. I doubt Justice Scalia has it either; although he probably got photobombed by Osama bin Laden back in 93. That'd land him on an NSA 'person of interest' list. Nothing to hide or not, that outcome is still undesirable.

Ignorance of the law is not a defence. Like I say your fine until they change the law for you not to be. Then your oh I have nothing to hide so they can see everything I do gets you in trouble but you won't listen or see reason.

 

[sharon22]

but I’d prefer if they would just offer an opt-in at the first launch of Spotlight with a brief explanation of what it does.

You're my hero! After reading this suggestion of your's, I think it is an excellent idea.

I first found out about what Spotlight was doing from a post, somewhere, that somebody made, about the article that someone wrote about what Apple was doing (in other words, really, really third-hand information).

And, that's what really irked me.

Now, if, like you said, a pop-up window or some kind of alert *straight from Apple* showed up on my screen saying, "Hey guys and gals, it's Apple here, just letting you know this is what's gonna happen when you type into Spotlight," I believe I would be totally cool with that!

I would know that info was being sent to Apple, and, if, let's say I wanted to search for my banking computer password file, I would simply choose not to use Spotlight. And, I'd be cool with everything.

But the fact is, I NEVER knew anything about it, until I heard the third-hand information. THAT'S what irks me.

So, your suggestion for Apple to do a "first time alert" is an excellent one!

 

[simonsi]

Like I say your fine until they change the law for you not to be.

Out of interest do you have an example of this actually happening?

 

[Zxxv]

Out of interest do you have an example of this actually happening?

examples of the future? your just proving your not reading what I'm writing

 

[simonsi]

examples of the future? your just proving your not reading what I'm writing

So this risk of a law being introduced as you stated, you have no examples of that ever happening?

I'm reading what you are writing, just want to be clear if this is a practical concern or a purely hypothetical one.

 

[Zxxv]

So this risk of a law being introduced as you stated, you have no examples of that ever happening?

I'm reading what you are writing, just want to be clear if this is a practical concern or a purely hypothetical one.

Your not understanding the problem.

 

[simonsi]

Your not understanding the problem.

Well I'm just asking you to explain your own example.

 

[Zxxv]

Well I'm just asking you to explain your own example.

your asking me to talk about the future which has been outlined in the topic previous that you either ignored or didn't understand but i repeat myself...for the last time

 

[simonsi]

your asking me to talk about the future which has been outlined in the topic previous that you either ignored or didn't understand but i repeat myself...for the last time

Yep, so all the talk of "full access" and "changing the law" is just paranoia....LOL