Posted by Andrew Harrison 25 November 2014
The fightback against Apple on privacy is just beginning
War is over, if you want it. Maybe that was pure optimism from John Lennon, but the same need not be true of privacy. Contrary to what people with vested interests may tell you, our new internet age does not have to mean privacy is over. It just means you have be vigilant for the unending dirty tricks that keep rearing to pull personal information from you for whatever reason.
I’m reminded this month of the constant battle between businesses and governments on the one side, and the private individual and his or her dignity on the other, by some surprising changes in Apple’s new desktop operating system.
Mac OS X, actually just OS X as Apple now styles it, has long been a safer haven for users that don’t want hidden telemetry secretly sending back user data to the brand that makes it. Contrast this with Microsoft Windows that phones home with details about the OS configuration, how it’s being used, which programs are installed and which removed. Whether you want it to or not.
Even Canonical made what’s euphemistically termed a privacy mis-step when it introduced changes to the filesystem search function in Ubuntu Linux 12.10.
The search function is of course used to find files and folders on your computer; nobody expected the update to Ubuntu 12.10 (Quantal Questzal) in October 2010 to give the OS carte blanche to send every local search query to Amazon.com, Inc, with Canonical’s servers as the go-between.
The move was made to raise funds for the open-source Linux business, which paid for the valuable data on Ubuntu users, paying bounties for the opportunity to advertise at them, returning Amazon shopping results related to search keywords.
There was, and currently still is, a way to switch off this data leaking in Ubuntu, hidden away in System Settings/Security & Privacy. But you have to manually opt out – no choice is or was presented to the user at any point during the install or setup process.
The location of the toggle is itself telling, indicating that the by-default harvesting of your search terms most certainly inflicts your security or your privacy. Actually both.
And it wasn’t just Amazon that was getting your personal search queries – Canonical also listed Facebook, Twitter and the BBC as recipients. Make sure you read the privacy policies of every one of these partners to see what they plan to do with your collected data too.
Now the lens turns toward Apple and OS X 10.10 Yosemite. OS X’s system-search facility Spotlight is perhaps the inspiration – in original functionality at least – for Ubuntu’s Unity search function. On the Mac you just click on the magnifying glass icon in the top-right screen corner (shortcut: Cmd-Space) and just type away to find and launch an application, find any user file or folder, even search your email by text content.
Now thogh by default, every letter, space and word you type is sent to Microsoft. And in return you get a search result from Bing fed among any other results.
Your location is also being transmitted to Apple, with this activity deliberately withheld from the Location Services dart icon notification in the menu bar.
Again, users find themselves opted in to this privacy leak without be asked, only this time there is an easy-to-miss warning appearing the first time you go to use Spotlight in Yosemite.
Here Apple explains that ‘if you don’t want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions.
‘If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.’
So you must manually deselect it from various places around the Mac operating system. And what a journey it is.
First you go to System Preferences/Security & Privacy/Privacy, and then hidden deselect ‘Spotlight Suggestions’ under System Services – after unlocking with your admin password.
Then you must untick ticked options at System Preferences/Spotlight/Spotlight Suggestions and System Preferences/Spotlight/Bing Web Searches – this latter one discreetly hidden out of sight at the bottom of a long list of Spotlight functions.
There’s another there to disable that Apple doesn’t mention – Bookmarks & History. You’re advised by some security researchers to deselect that one too.
According to the Yosemite Phone Home Project, though, there’s more. You’re not out of the spyware woods yet, and there are more background privacy violations listed on its page at https://github.com/fix-macosx/yosemite-phone-home.
One we found particularly troubling is their findings that with all possible privacy options enabled, and with analytics disabled, your Safari web browser results are still sent to Apple.
That’s particularly ironic if you should choose DuckDuckGo as your default search engine, a new option added in Yosemite.
How to monitor and block spyware in Yosemite
You can try to keep your private self to your self by installing network monitoring software on your Mac – we were first alerted to these shenanigans by Little Snitch, but other software options include TCPBlock, Hands Off! and Private Eye.
Little Snitch is especially good at letting you build rules for what information you’re willing to leak out of your Mac and sent to outside agents. Or you can try setting rules in your network’s hardware firewall. Not much use when you’re out and about on a MacBook though.
Personally I’d rather not have to jump through these hoops in the first place. But now Apple has shown its hand, and in spite of some public hand waving recently published at www.apple.com/privacy, which rightly points out its business model is not based on selling your profile.
But with any privacy statements like ‘We don’t build a profile based on your email content or web browsing habits to sell to advertisers’ you have to learn to read between the lines – so no, even if Apple doesn’t build a profile to sell to advertisers, as does Google, Facebook and others, it doesn’t say that it doesn’t build a profile on you, starting with one based on your intercepted search history. It seems Apple just wants to spy on you for its own internal ends.
In the continuing battle against privacy intrusions, privacy itself is not over. And for OS X users, the war is not over but has just begun.