Wednesday, 12 November 2014

Apple records


Mac users beware. The war against privacy intrusions has just begun.

War is over, if you want it. Maybe that was pure optimism from John Lennon, but the same need not be true of privacy. Contrary to what people with vested interests may tell you, our new internet age does not have to mean privacy is over. It just means you have be vigilant for the unending dirty tricks that keep rearing to pull personal information from you for whatever reason.

There is a constant battle between businesses and governments on the one side, and the private individual and his or her dignity on the other. This was brought to mind by some surprising changes in Apple’s new desktop operating system.


Mac OS X, actually just OS X as Apple now styles it, has long been a safer haven for users that don’t want hidden telemetry secretly sending back user data to the brand that makes it. Contrast this with Microsoft Windows that phones home with details about the OS configuration, how it’s being used, which programs are installed and which removed. Whether you want it to or not.

Even Canonical made what’s euphemistically termed a privacy misstep when it introduced changes to the filesystem search function in Ubuntu Linux 12.10.

The search function is, of course, used to find files and folders on your computer; nobody expected the update to Ubuntu 12.10 (Quantal Questzal) in October 2010 to give the OS carte blanche to send every local search query to Amazon.com, Inc, with Canonical’s servers as the go-between.

The move was made to raise funds for the open-source Linux business, which paid for the valuable data on Ubuntu users, paying bounties for the opportunity to advertise at them, returning Amazon shopping results related to search keywords.

There was, and currently still is, a way to switch off this data leaking in Ubuntu, hidden away in System Settings/Security & Privacy. But you have to manually opt out – no choice is or was presented to the user at any point during the install or setup process.

The location of the toggle is itself telling, indicating that the by-default harvesting of your search terms most certainly inflicts your security or your privacy. Actually both.

And it wasn’t just Amazon that was getting your personal search queries – Canonical also listed Facebook, Twitter and the BBC as recipients. Make sure you read the privacy policies of every one of these partners to see what they plan to do with your collected data too.

Now the lens turns toward Apple and OS X Yosemite. OS X’s system-search facility Spotlight is perhaps the inspiration – in original functionality at least – for Ubuntu’s Unity search function. On the Mac you just click on the magnifying glass icon in the topright screen corner (shortcut: Cmd-Space) and just type away to find and launch an application, find any user file or folder, even search your email by text content.

Now though by default, every letter, space and word you type is sent to Microsoft. And in return you get a search result from Bing fed among any other results.

Your location is also being transmitted to Apple, with this activity deliberately withheld from the Location Services dart icon notification in the menu bar.

Again, users find themselves opted in to this privacy leak without be asked, only this time there is an easy-to-miss warning appearing the first time you go to use Spotlight in Yosemite.

You must manually deselect it from various places around the Mac operating system. And what a journey it is. First, you go to System Preferences/Security & Privacy/Privacy, and then hidden deselect Spotlight Suggestions under System Services – after unlocking with your admin password. Then you must untick ticked options at System Preferences/Spotlight/Spotlight Suggestions and System Preferences/Spotlight/Bing Web Searches – this latter one discreetly hidden out of sight at the bottom of a long list of Spotlight functions. There’s another there to disable that Apple doesn’t mention – Bookmarks & History.

According to the Yosemite Phone Home Project, though, there’s more. You’re not out of the data-sharing woods yet, and there are more background privacy issues listed on its page at tinyurl.com/pwmmbkm. One we found troubling is their findings that with all possible privacy options enabled, and with analytics disabled, your Safari web browser results are still sent to Apple.

That’s particularly ironic if you should choose DuckDuckGo as your default search engine, an option added in Yosemite. While DuckDuckGo’s privacy statement makes it clear that it doesn’t spy on you (‘DuckDuckGo does not collect or share personal information. That is our privacy policy in a nutshell’) Apple’s handy shortcut to DuckDuckGo within the combined URL address and search bar makes sure that your search queries are being collected and shared with another party – Apple itself.

You can try to keep your private self to your self by installing network monitoring software on your Mac – we were first alerted to these shenanigans by Little Snitch, but other software options include TCPBlock, Hands Off! and Private Eye.

Little Snitch is especially good at letting you build rules for what information you’re willing to leak out of your Mac and sent to outside agents. Or you can try setting rules in your network’s hardware firewall. Not much use when you’re out and about on a MacBook, though.

Personally I’d rather not have to jump through these hoops in the first place. But now Apple has shown its hand, and in spite of some public hand waving recently published at apple.com/privacy, which rightly points out its business model is not based on selling your profile.

In the continuing battle against privacy intrusions, privacy itself is not over. And for OS X users, the war has just begun. ANDREW HARRISON