Apple May Want To Protect Your Phone Data From Snooping, But It's Snarfing Up Your Local Desktop Searches
from the oops dept
So, Apple got plenty of kudos from security and privacy folks in deciding to encrypt mobile phone data, but over on the desktop side, apparently the message hasn't quite gotten through. Instead, it appears that the latest Mac operation system has the company automatically sending all of your desktop searches back to Apple. These aren't internet searches, but just what you're searching for locally.The function is part of Spotlight search, which was updated with last week’s launch of new Mac computers and Apple’s latest operating system, Yosemite OS X, which also is available for download to owners of older machines. Once Yosemite is installed, users searching for files – even on their own hard drives -- have their locations, unique user IDs and search terms automatically sent to the company, keystroke by keystroke.And, if you think there's no big deal in having this data collected, think again.
A pop-up window discloses the change, saying collecting the data helps provide results “more relevant to you” as Spotlight also looks beyond individual computers to gather information across the Internet, much like popular search engines such as Google already do. But privacy advocates worry that users won’t understand what information is collected and how to stop the transmission of data to Apple, which happens by default.
Testing by The Washington Post found that the locations revealed in Spotlight searches can be strikingly precise, placing a user within a particular building in Washington, D.C., even though the disclosure box on Spotlight refers to collecting “your approximate location."You can (and perhaps should) turn off this "feature" -- and you can see how in some specific cases there may be beneficial reasons for individuals to share this information, the idea of having it on by default just seems like a privacy nightmare.
In addition to sharing information with Apple, Spotlight also actively downloads relevant Web pages and Wikipedia articles about the topics covered by a search query, revealing potentially sensitive information about the user’s activities to other Web sites as well.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: mac os, privacy, search, yosemite
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
maybe not quite so much
the Verge did a bit more digging into what is actually happening.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Canonical initially sent a trademark C&D to fixubuntu.com. As Apple is historically more litigious than Canonical, I guess we can expect them to react with a nastygram before long... (Not that I'm looking forward to it. It'd suck for the people involved.)
In any case, way to destroy that modicum of goodwill you might have temporarily had with your phone encryption, Apple. Though, somehow, I don't think the backlash will be as loud as Canonical had it... fanboi will be fanboi.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
I don't understand this trend to unified searches at all. Not only does it make searching locally using your OS dangerous from a privacy point of view, but it degrades the actual search. If I'm searching my hard drive for something, I never want online search results to be included for it, and vice versa.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Is this the same Washington Post that thinks there is a difference between a 'Golden Key' and a backdoor?
According to an Apple statement published on Ars Technica:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Much in the same way as the wolves & foxes worked to protect the well-being of chicken, I presume.
[ link to this | view in chronology ]
This is a bad move on Apple's part and it's going to ultimately backfire on the company.
[ link to this | view in chronology ]
Re:
This unified search sends your query over to Apple who then pass it to Bing to return web results alongside your local search.
It is a feature that can easily be disabled.
I'm not a fan of Apple, but this is really no different to what Microsoft are doing with Windows 8, Ubuntu is doing with unity etc. I have no doubt Microsoft use IP geolocation if they don't tap into your location directly.
The main issue is that it also sends Apple your location and other identifying information - which the Apple statement addresses.
[ link to this | view in chronology ]
Re: Re:
Perhaps.
Perhaps today.
But the history of such things is that their mere existence is a serious security/privacy threat, because -- in time -- they will become ever more deeply embedded and harder to disable. And of course they make an attacker's job much simpler: they need not craft all the code required to do this, they only need to hijack code that already exists.
I excised all instances of Ubuntu from my data center in response to Canonical's decision to spy on users and forward their data to spammers. (Yes, really. Look it up.) This "feature" doesn't need to be disabled, it needs to be removed immediately.
[ link to this | view in chronology ]
Re: Re:
This is true, and it's equally objectionable in those systems as well.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
I cut my Linux teeth with Ubuntu (well actually, it was Damn Small Linux first because I had a crappy laptop then) and I switched over to Debian around this time because of this fiasco and also because of Canonical wanting make their software app store an integral part of the OS and the push to make Unity the default desktop.
I don't feel like I have lost out on very much since Canonical pushes their updates back downstream to Debian anyways.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Thanks for bringing that up.
systemd wasn't on my radar at all because I really haven't been keeping up on all dev talk surrounding Linux lately. I will also have to keep an eye how that all pans out.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re:
Can't you just turn off systemd?
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re:
Technically, yes. In practice, no -- because there are a lot of very important applications that depend on the GTK, which depends on systemd.
This is the thing that makes systemd poisonous -- it's not just an init system. It replaces so many non-init portions of the OS in a nonstandard way that the resulting upstream dependencies make it nonoptional.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re:
Well I can see why it's controversial - that strikes me as pretty smelly (as in "code smell").
[ link to this | view in chronology ]
Re: Re:
Mac OS X Yosemite sends location, search data to Apple [Updated] makes it appear that it not that easy to disable, and unless all the required steps are taken, you only stop the search being executed by Apple, while still sending them the data.
[ link to this | view in chronology ]
Re: Re: Re:
This is the same company that defines "personally identifiable information" to specifically exclude obvious pieces of PII such as your location or the ID number associated with the device.
[ link to this | view in chronology ]
When we collect the information, its not a breach of your rights but a a means of giving you better service or protection. Its only when the bad guys, whoever they are, get the information that it is a breach of your rights.
They do not see that they are part of the problem, as they would never misuse the data, where their uses of the data are not misuses, and neither are their own governments uses. Some foreign governments may abuse the data that they demand from them, but that is the price of doing business in those countries.
[ link to this | view in chronology ]
"Snarfing"?
[ link to this | view in chronology ]
Re: "Snarfing"?
We can hope so, but there's a simpler explanation.
https://en.wikipedia.org/wiki/Snarfing
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Privacy
Our privacy is no problem to the people who are expected to provide it for us, and we get surprised when it is discovered that "they" are watching [almost] every move we make. It shouldn't be a surprise; it's all part of the deal now. We can't prevent it, we can only go shopping for the next provider of our wares for the promised protection they expound.
I honestly don't think that Apple is keeping Phone data all that private as well, given the free reign they recently displayed with the 1/2 billion uploads Apple & U2 recently dumped. This was done without user permission, but somehow, somewhere it is loosely translated in the service agreement that Apple could actually do this -
http://www.dailytech.com/U2s+Bono+Apologizes+for+Forced+Songs+of+Innocence+Albums+Downloads/article3 6721.htm -
So, is it so unexpected that Apple is collecting this data? Not really IMO, but then, I've reached the point where I really don't give a shit anymore. Someone somewhere is going to see my traffic/visits/choices et al, and as long as I'm the only one with the passwords, whatever...
Nice post Masnick :)
[ link to this | view in chronology ]
Re: Privacy
While this does eliminate some attack vectors (the internet, the cloud, etc.), you do understand that your phone calls, texts, and physical location are just as spied on as anyone with a smart phone, right?
[ link to this | view in chronology ]
Protect Who
[ link to this | view in chronology ]
So typical
Such "enhancements" almost always grab more control over your life and turn over more data to the company. Or else "twice as much enhancing spam!"
"Enhancement" translates to "enhance our bottom line" and if the customer doesn't like it, too bad.
[ link to this | view in chronology ]
[ link to this | view in chronology ]