Oct
24
“Behind People’s Backs”
Filed Under Computers & Tech, Security on October 24, 2014 at 2:08 pm
I’m fed up with people being dishonest about the new search feature in Yosemite. You can have reasonable discussions about the pros and cons of this feature, but for goodness sake enough with the fact-free hyperbole.
I’ve lost count of how many people insist Apple is sending this information back to Apple “behind people’s backs”. Sorry, but that is a fact-free assertion. The screenshot below shows the search feature in question:
Here it is again with the important aspects highlighted:
If that’s “behind people’s backs” then I’m the pope!
Something I will agree with critics on is that I think that link to instructions should be a button or checkbox to disable the feature. A link to instructions is nice, a button would be perfect!
This data is not being sent for no reason, it’s being sent to offer people a richer search experience, and Apple were actually playing catchup in this regard. Here’s what Microsoft say Windows 8.1 does:
By default, the Search charm searches the apps, files, and settings on your PC and OneDrive, plus the web.
The real question is whether or not Apple have thought about our privacy when implementing this feature, and whether or not they have designed the feature well. Here is what Apple say they do:
We are absolutely committed to protecting our users’ privacy and have built privacy right into our products. For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn’t retain IP addresses from users’ devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn’t use a persistent identifier, so a user’s search history can’t be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.
We also worked closely with Microsoft to protect our users’ privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users’ IP addresses.
You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight.
So, your searches are not tied to your Apple ID or any other persistent ID, instead, your device creates a new random identifier every 15 minutes, so your searches are anonymous, and most importantly, they can’t be profiled because the IDs are ephemeral. The fact that the device fuzzes the location before sending it on is also very good. The fact that IP details are not logged is also good. Finally, the fact that only a sub-set of the request is sent on to Bing is great.
I do not believe Apple would blatantly lie to users. For a start, as a publicly traded company that would almost certainly be criminal, but even leaving that aside, it would be spectacularly damaging for Apple to be caught lying about stuff like this.
Bottom line, Apple have been very open about this, Apple have implemented this feature with privacy in mind, and this feature is not unique to Apple OSes. Finally, if you want to opt-out, you can.
If this really is such a scandal, why is Windows 8.1 not coming under the same fire? *cough* link bait *cough*
[…] Important Security News: ———————— * Microsoft warn of zero-day attacks using a Power Point vulnerability in Windows – http://technet.microsoft.com/en-us/library/security/3010060.aspx (provides ‘fix it’ workaround – https://support.microsoft.com/kb/3010060) * Whisper is not actually anonymous – http://www.theguardian.com/world/2014/oct/16/-sp-revealed-whisper-app-tracking-users (CTO tries to defend the company’s actions – the response is not positive – http://arstechnica.com/security/2014/10/whisper-cto-says-tracking-anonymous-users-not-a-big-deal-really/) * A hack of a 3rd party website leaks 13GB of SnapChat images – yet again showing how SnapChat is NOT ephemeral – http://arstechnica.com/security/2014/10/snapchat-images-stolen-from-third-party-web-app-using-hacked-api/ * Apple respond to reports that someone (perhaps the Chinese Government) is attempting MITM attacks against iCloud with a very clear instruction page to help people protect themselves: http://support.apple.com/kb/HT6550 (bottom line, if you get a certificate warning, don’t just ignore it!) * Apple publish iOS Security Guide (including Apple Pay details) – http://www.macobserver.com/tmo/article/apple-publishes-ios-security-guide-with-apple-pay-details * A kerfuffle erupts over OS X Yosemite’s Spotlight. Gruber’s short summary covers the bases IMO – http://daringfireball.net/linked/2014/10/20/yosemite-spotlight-privacy (or you can read my mini-rant – https://www.bartbusschots.ie/s/2014/10/24/behind-peoples-backs/) […]
[…] Bart’s take in the whole thing – http://www.bartbusschots.ie/… […]