Slashdot Mirror
If You're Connected, Apple Collects Your Data
fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?
2015 will the the year of Desktop Linux!
Of course it's much worse than the data collection from a "technical preview". It's whole purpose is to discover how people use the damn thing and you sign up to be a guinea-pig in exchange for getting the advanced access.
However, it's "to be expected" from Apple. You don't own their phones or laptops, they own you.
That why I just use my Mac for work, and everything elses on my Linux box.
Microsoft is testing a release candidate and is informing users of what they're monitoring.
So far no one has complained about onerous licensing agreements with Yosemite, which seems to imply that Apple is not informing users about it.
Until Microsoft has a production release, it's not even fair to compare the two.
I do not fail; I succeed at finding out what does not work.
If you want live search results from the web, of course the client has to send the search string to a server each time the search string changes. Why is this surprising? If you don't want live search results from the web, disable it (in the Spotlight preferences and/or in the Safari Preferences) and the search string will stop being sent.
If you want any kind of information from the internets, some data has to be sent to a server on the internets at some point in time. There's no way around this.
No, they shouldn't. Are they? Yup. About 90% of them won't even be aware it's going on.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Windows 10 is in preview, and there's pretty straightforward language around Microsoft collecting telemetry for bug fixing purposes - that's the quid pro quo for early access.
Apple, on the otherhand...who knows what & why they're collecting data in a released OS...
Wouldn't it be possible to poison their data somehow? Something like SETI sending bullshit to Apple? The same goes for other companies collecting crap about everyone.
So lets see, they have 3 cases of "tracking" here.
1) A tracking cookie gets set on apple.com, subsequent loads of apple.com send the cookie to the server [closed: behaves correctly] - this is exactly how cookies are meant to work. The only possible issue here is that there appears to be a bug that all applications using some API to load the URL (I'd bet on NSURLConnection) are sharing the same cookies
2) When you search for something in Apple's browser, it contact's Apple's server and asks it what types of search it should do for that input. That also seems like a [closed: behaves correctly]
3) When you input a mail server to talk to, it appears to send the mail server's address to Apple, and the server responds with the same mail server. I expect that it's possible that this can return different URLs to talk to, most likely this is to help catch commonly mistyped URLs (e.g. typing gmail.com incorrectly). Also [closed: behaves correctly].
Honestly, I don't see what the fuss is here.
And hipster Mac fans keep trying to convince me that they don't... While they live in a world of denial under a legacy of lies of a marketing genius who never ever wrote a single line of a code in his life....I'll be enjoying my bloat free custom android ROM - Cyanogen.
Seems Apples picking up searches from safari, even when told not too.
microsoft decided to log all your key strokes. Both experiences are negative but the later situation seems worse although niether are acceptable why should safari be sending "where to bury the body" back to apple, perhaps they have been "asked" for this information.
Blarney Quality Restaurant, Plants
Friends with wireless access and iphones coming to my place seem to be phoning home in some way.
I detected apple trying to connect to some UDP ports on my router only when those iphones were around.
Everything I write is lies, read between the lines.
According to the excellent John Siracusa review of Yosemite, diagnostic and usage data is sent to both Apple and third-party app developers by default.
WHAT. THE. FUCKING. FUCK.
This is why I'm still using Snow Leopard.
Same review:
Exactly.
So just out of ideal thought.... This wouldn't have anything to do with the settings clearly available for adjustment within the System Preferences -> Security & Privacy pane and then select the "Privacy" tab. Inside there you see a lot of clearly defined options for opting in or out of various settings:
Location Services: Enable/Disable as a whole; Disable by specific user allowed apps
Contacts: Allow/Disallow apps chosen by user to use your contacts
Calendars: Allow/Disallow apps chosen by user to use your calendars
Reminders: Allow/Disallow apps chosen by user
Accessibility: Allow/Disallow apps chosen by user to control the computer
Diagnostics & Usage: Allow/Disallow "Send diagnostic & usage data to Apple" as well as Allow/Disallow "Share crash data with app developers"
Seems pretty obvious to me and very easy to find and adjust settings as desired by each user. Apple even goes a step further and within the "Diagnostics & Usage" option they have a button titled "About Diagnostics & Privacy" that provides the following information:
They burrow into the skin of a host and then over a period of months or years they slowly make their way to the brain where they attach themselves to lay eggs and feed on brain tissue. The eggs eventually hatch and the resultant flood of Yose Mites then kill the host organism. That's how the Yose Mite do.
The reason they (and Microsoft) want people to run the beta builds is to see how they are being used. This allows them to build software that people actually want. If you don't want them watching how you use their software then don't be a beta tester.
For most users, complete privacy from all internet services is not an option. When you enter a query into a search engine, you are providing the server with knowledge of your often very private interests. Your IP address and cookies make it easy for anyone determined to discover your identity as a person.
So the first question is, do you directly benefit from your personal information being collected and retained? In case of a search query, collecting it for the purpose of showing search results is obviously necessary. Long term retention in the form that can be traced back to you is murky. Forwarding it to Apple seems unnecessary and I hope that the company provides an explanation.
As far as safeguards go, it's reasonable that available information is provided to authorities with a subpoena which is narrowed down to minimum required for investigation. Like a list of queries with specific, obviously incriminating keywords made in the last month.
But the notion of complete anonymity is about as practical for most people as living in the cabin in the woods. As a matter of principal, I don't think either should be made illegal. But most people will not be happy with the results, and most crooks will be too dumb to follow these lifestyles so strictly that they don't slip up and get caught.
Ubuntu is the only mainstream Linux distribution that I was able to get up & running quickly on my Lenovo Yoga 2 Pro. I know that with some tinkering anything can work on anything but I don't find that entertaining anymore.
I tried (in that order, based on past experience):
CentOS
Fedora
OpenSUSE
Mandriva
Slackware
Each of those proved difficult to install on that laptop. Some even required specific bios settings just to start the setup wizard (such as UEFI or AHCI options).
I'm not a big fan of Debian (or sudo) so the Ubuntus were at the very end of my list. I tried Linux Mint (Cinnamon). It worked immediately, but got all messed up as soon as the automatic update ran. Also I could not enable themes and many options did not work as documented.
So I ended up installing Ubuntu. It worked immediately with three exceptions (that were also present with all other distros):
-an incredibly lousy framebuffer performance (screen is Lenovo HiDPI, 3800x1200)
-a tweak to unblock the wifi
-a tweak to enable the trackpad, it gets disabled for some reason once in a while
Overall I am impressed. All components work, power management works, etc. The Software Center applet is fantastic; some stuff in the default repos is out of date (like Netbeans 7) but overall this is an incredibly smooth way to install applications. Now that LVM encryption is available in the setup wizard that's definitely my #1 distro for future desktop installations.
lucm, indeed.
Apple has an excellent track record on privacy issues. Not because they are super nice people, but because that's not their business model.
They don't make money by selling user information to third parties or by selling ads, they make money by selling actual physical objects to end-consumers. I'm not sure what you mean by "it's to be expected from Apple", but I'm pretty sure you just made that up because you don't like Apple's customers (probably because you met somebody who likes Apple products who has a more expensive haircut than you).
So...we all done here?
Maybe now you'll stop being a marketing tool.
*nix on the desktop has been discussed for yeaaaaaaaaaaaaaaaars but if Joe and/or Jane and/or little Billy Average ever get serious about privacy, could that cause a dramatic shift to open source? And where the users go, the devs are sure to follow. Just need to shift away from 99% of command-line configuration/installation/navigation and Billy Joe Jane Smooth, IMHO, will finally get on board. I'm a 25+ year nerd with my beginnings on an IBM PS/2 (shudder). 36 now, on Windows 7, and I pretty much loathe the command-line. Text UI be damned! To the depths of Mount Doom!
You can dance if you want to.
Windows is a TEST VERSION...MS talked loudly and publicly about the data collection and said it was for troubleshooting and optimization and that it will be ripped out of the final bits...Apple is doing this sneakily and for no clear benefit to the end user or the community of users as a whole.
The last line of this summery is just flame bate...Editors, please edit these things!
It as been known about for ages Apple is called the spy system. Microsoft Windows is even worse plug a USB storage device into your computer and the outgoing IP address it connects to is Microsoft. Linux desktops do this also. Debian is the only system which by default is opt out you have to select allow programmers? to collect data for blah blah blah reasons. With individual programs you simply block the outgoing IP addresses. with the large corporations you know you are being spied on and you know the information is shared with the NSA. With individual programmers on Linux you know there are spyware programs. Internet providers by default in the U.S. Canada Australia New Zealand and the U.K. collect information about every website you visit. In the U.K. they collect everything from all forms of telecommunications they match it with CCTV images, the U.K. has CCTV on almost every street lighting lamp posts they track people and number plates, license plates. They say the British, system puts China to shame. When ever the U.S. wishes to justify something they say on U.S. television its ok with the Brits so it must be ok for us. The next time you sit on a toilet to have a shit have a quick look down their first there might be a NSA dildo with a camera to check your anus for terrorists.
than NSA
In other words, assuming the data is being collected in order to improve the OS, will they actually be able to analyze this huge amount of data and come up with actual fixes?
I'm asking because my past experience as an OSX user is that there is a massive amount of garbage warnings and errors in the OS's system logs, which never seem to get fixed (and that's kinda annoying). You would think that they would analyze the data and fix those issues, being the "thorough" and "detail oriented" people they purport to be.
All those moments will be lost in time, like tears in rain... time... to... die...
It doesn't matter if they sit back and accept it or not... it *IS* the new normal.
Of course, it is much easier to live in a reality where you believe what makes you happier about living in the first place... so the desire to want to resist this sort of thing is entirely normal.
File under 'M' for 'Manic ranting'
Looked through the logs in the GitHub repo. Kinda fun that Apple completely neglected to require authentication on pretty much all of their background calls, so you can reverse engineer them easily with any REST client.
Some are indeed bad, like the streaming of Safari/Spotlight chars to Apple with suggestions turned off. Based on the data in the requests ("context=com.apple.Maps"), it may have something to do with a bug or overeaching feature in Apple Maps.
Meanwhile, there's stuff that is mostly harmless. The request sent by Apple Mail is for the automatic IMAP/POP/STMP configuration process. This feature has been around for years and saves normal users the annoyance of looking up mailserver settings for their ISP. Below is an example lookup for ye 'ol AOL.
Sending POST Request via HTTPS:
mac-services.apple.com/iconfig/dconf
POST (form urlencoded) Payload:
version=1&capabilities=MACOSX&domain=aol.com
Returns a little blob of XML with the config info:
<domain>
<name>aol.com</name>
<description>AOL</description>
<service>
<hostname>imap.aol.com</hostname>
<port>993</port>
<protocol>IMAP</protocol>
<ssl/>
<requires>MACOSX</requires>
<authentication>PLAIN</authentication>
<usernameIncludesDomain/>
</service>
<service>
<hostname>smtp.aol.com</hostname>
<port>465</port>
<protocol>SMTP</protocol>
<ssl/>
<requires>MACOSX</requires>
<authentication>PLAIN</authentication>
<usernameIncludesDomain/>
</service>
</domain>
Why is Apple even responsible for tracking that kind of information?
Can I sue them if they get it wrong, rendering my mail client unable to connect to the correct server (or revealing my credentials to a third party) because it followed their instructions instead of mine? No, that wasn't a typo, but thank you for redirecting my login credentials to the wrong server, which then stole them and used them...
It doesn't matter. Enough of them already have, so that the rest have no choice if they want to use Apple products.
“He’s not deformed, he’s just drunk!”
In a perfect world that would be exactly what the data would be used for.
I worked in tech support for many years and I can tell you that one of two things happens with this diagnostic data:
1. It's aggregated and used for analysis to identify priority problems based on keywords. This almost never happens even when companies say they are doing it. In fact, most of the bugs (even at Microsoft) are cherry picked by programmers who work on whatever bug they feel like in whatever order seems best to them unless it's a priority zero bug.
2. It goes into a database that nobody ever looks at. This one is much more common. You see, the "report a problem" feature doesn't exist for customers to actually get information about their problem to the company that makes the software. If that was how it worked, you'd need a staff of hundreds of support personnel working round the clock doing nothing but processing problem reports. The "report a problem" feature serves to give the user a feeling that someone will see their problem and that they'll be working on it, so the user won't call tech support. As a result the software company can save money on support rep hours.
Indubitably. Win10 Test is a product demo. So Microsoft is going to monitor it in a way that would be unfeasible for a shipping OS. They're trying to collect user data to make sure people are using Win10 the way they THINK people are going to use it. This is a byproduct of the Windows 8 metro/modern UI fiasco. If they don't disable/remove this level of monitoring when the OS ships, corporate customers will simply opt not to run with the OS...AGAIN.
Seriously, NO company that's in ANY way serious about security is going to put up with a built in keylogger that's reporting back to MommySoft.
Apple is doing the same thing with a live, shipping OS. Which is completely fucking heinous.
Now, will they get away with it?
Probably, because the rabid, turtleneck-and-jeans brigade of Mac fanatics will buy absolutely ANYTHING from Apple, so long as it has the Apple logo on it.
Chas - The one, the only.
THANK GOD!!!
What kind of antisocial fiend would blame Apple for wanting to play a role in customer's lives? After all, isn't that sort of why Apple people buy Apple in the first place, the need to belong, to be involved in something bigger than themselves? You know: every sparrow, etc, etc.
Maybe need to disable Location + Spotlight Suggestions + Bing Search??
About Spotlight Suggestions & Privacy
When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services.
If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.
You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Macby clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region.
Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy.
lets empower (bazinga) the ISPs. They are collecting / managing my data for 3rd parties anyway (read 3 letter .gov s). so they can do that for real, service, for real customers who pays them in first place. So ISP send me $$$ for every MB uploaded to Apple, Google, Microsoft, Facebook....
Poor ISP s doing "all this labor of love" for free for .gov s anyway?, one more wouldn't hurt them!!
yeah no kidding. thing is, bug fixes at apple aren't sexy and don't get attention. apple has EIGHTY THOUSAND EMPLOYEES, you'd think they could find a dozen engineers to squash bugs.
When I installed Yosemite the EULA said
"Terms and Conditions: Important: Use of your Mac computer, ... is subject to these Terms and Conditions"
Note: It didn't say just say "use of this software", it said "Use of your Mac computer". It's effectively claiming if I don't follow the terms I'm not allowed to use the hardware period :(
Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.
Apple didn't do that.
The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.
This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.
Did anybody seriously even consider that they would not do that?
At the moment there is virtually no escape. If you use a computer, you'll be spied upon. This also includes Free Software, Open Source Software. Even if you somehow manage to run your very own clean OS/code, at the very least since UEFI you cannot trust the Hardware you run it on.
So.... either use no Computer at all or if you do might as well use an Apple.
I'm not familiar with OSX but won't it be possible to circumvent those calls home by routing them to a local app that takes those data and throws them away?
(Waiting for Apple to tell us why they knowing those information is good for us.)
Hasn't this been the norm for years? Google, Facebook, and all that? People even carry Google portable devices tracking them everywhere they walk. Where's the news in this? To me the news is that Apple apparently wasn't doing it already.
I added to my mac app some google analytics which collected the country you are from and time of use, added documentation about it, the source code is on github (free, open source), and added a switch to the user and question to turn this on/off. Yet they rejected the app update because the default was set to "Yes, allow sending anonymous information".
Morons.
Cow goes mooooooooooooo
"If any question why we died, Tell them because our fathers lied."
...I pretty much loathe the command-line. Text UI be damned! To the depths of Mount Doom!
If you only knew the power of the dark side!
Bash is not the most fun programming language, but CLIs (as distinct from TUIs) are the easiest way to interact with a computer system programmatically. There is such thing as graphical programming, but...ew. On the one hand, you've been able to install and use Linux for about a decade now without ever seeing a command line. On the other, the Internet would not exist if it weren't for CLIs.
I think we're gonna need to confiscate your geek card.
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
...
</quote>
Found it!
Those who advocate genocide deserve every protection afforded by law, and none afforded by common human decency.
Tired of the ludicrous, anecdotal and totally unsubstantiated claims of private data being sent back to Apple with privacy settings set to not share. Show me the packets that contain this data after settings are turned off to share data and I'll believe you. Until then, you're spouting nonsense.
If you know something is going on that's sending private data then SHOW ME THE PACKETS!
Please stop beating it. Everyone collects data. Live with it.
It needs to be robustly demonstrated or else it is essentially a worthless claim.
That's the problem with insisting on a proof of a negative--it's really just a transparent way of spouting lies.
It's so misleading that it is effectively dishonest. Apple makes approximately 0% of their revenue off of ads; they make hundreds of billions of dollars selling actual hardware to willing consumers. It would be absurd for them to threaten their main cash cow by building a perception that they are spying on their customers.
The truth is: they needed to enable advertising supported applications and so they created a platform which supported demographic targeting and analytics while properly anonymizing user info and keeping third party companies in-line.
Again, this has nothing to do with their 'ethics', it has everything to do with economics.
That's odd as I though Apple not to be interested in user data - just their money.
Someone needs to make a proxy blocker that blocks all this collection garbage.
For real entertainment value, setup a sniffer to watch your wifi AP, make sure all other wifi devices are turned off and boot your Iphone.
Holy HELL does it talk to a lot of addresses. ( ~30 or so: even with very few apps installed. I have maybe 4 ? ) Much of which is across port 443 so no info for jhou ! It starts up conversations with more remote sites than my desktop does by a rather large amount.
My 11 year old son decides to buy an MP3 player, he goes to store with mom, and decides the Nano 16GB is the best deal.
Of course, upon returning home can't figure out how to load music to it. Seems the store had already activated it for some odd reason. Can't do it with his PC which has iTunes installed for some reason.
Now the interesting thing is, after looking into it those jerks at Apple make it impossible to manage anything on that device except through the very crappy iTunes software, which only runs on OsadX and Winbloze. And after mounting the piece of garbage ipod nano in "disk mode" I can see they obfuscate the entire file system. Why are they so protective of the hardware? Because their only profits come from spyware.
I'm not sure what you're alleging is illegal, since the last time I put gas in the car here in MA, the machine asked for my billing zip code.
And for those pesky web searches you'll want to visit System Preferences -> Spotlight and deselect the following options:
Spotlight Suggestions
Bing Web Searches
And of course there's a nice "About Spotlight Suggestions & Privacy" button which provides the following information:
A) No shit welcome to 1950, everyone's watching everything you do. This is the Surveillance States of America, after all.
B) Windoes 10 Tech Preview is gathering data. No shit. It's an open beta, that's what it's for. Did you honestly thing they didn't already track you on previous versions?
> Is it worse than the data collection recently reported in a test version of Windows? yes, because the 'test' of windows, as you put it a) states that it collects data b) is a test, and you're there to test it - it's not a lot to expect that usage data is collected c) microsoft have said many times that you shouldn't use it as a production or main pc.
The submitter can be bothered to capture some data and submit a link to such to slashdot for commentary, comparing apple's actions to Microsofts (but not Ubuntu's, but that's a different story), but can't be bothered to summarize the data at the very least, even better would be to actually write an article explaining what they found. I'm not going to spend hours clicking through git to find out what the submitter is complaining about, and i doubt that most anyone commenting on this article will have done so either.
Personally, I hate anonymous gripes!
... this anonymous comment is a counterexample to your argument.
I'm paying $120 for the weekly cleanup (3h @ $40). The deal includes laundry, dishes, taking out the trash, etc. The lady is very good, she even cleans inside the cupboards. It's worth it even if she stays only 2h, except when I come home and I find that bedsheets or towels are still damp because she did not want to wait for the last batch in the dryer.
It's not easy to find a reliable local cleaner. Years ago it was easy to find one on Craigslist, but lately a lot of startups like Cleanify have appeared; they have nice websites and apps but basically it's just a bunch of part-time students booking local cleaners, and they offer less services to be able to crunch more appointments in a single day. So independent, local cleaners are now enslaved like employees of big cleaning companies and they rush from one half-done job to the other. They won't touch dishes, they won't do laundry, even changing bedsheets comes at a premium. They are like hotel maids who have 15 minutes to clean one room.
A good local cleaner is fantastic. A big chain that only does half the job is useless. And startups that just inject themselves as middlemen are the worst.
lucm, indeed.
There's no reason these rules can't be applied locally, without giving the information to Apple to retain indefinitely. What starts with developer overcentralization (read: cloud hosting) and laziness ends in a corrupt US government taking all the data under threat of force/imprisonment.
>"Is it worse than the data collection recently reported in a test version of Windows?"
Both are infinitely more than what is collected in any of my Linux distros. I find this trend of companies spying on users totally unacceptable (and yes, throw Google in there too).
RTFA
There needs to be a Linux distro for Macs; like an Ubuntu remix (Macbuntu maybe?) that works perfectly on any Intel mac.
This reminds me of an article, from years ago, about the iPhone -- sending data and 'pings' to URLs when you access services, etc. It seems to me it should all be opt-in. But if we can't opt-in (or opt-out), maybe there's a way to scramble the data sent to them, making it useless. Or use some clever filtering to block, etc. Probably more trouble than it's worth.
I don't think Apple is alone with this -- I'm guessing most connected products report metrics of one sort or another without (or regardless of) our consent. Big data = big money.
I told you so when they release the 10.10, so fuck you now
Which is why no connection to any log-on sites with real password and with real data is made, so the test is not acual test but a contrived test. I use simulated stuff no actual connections to real stuff,
Regards Eion MacDonald
Its strange when the government sies this there is a massive out cry but when corperations do it the out cry is so small incomparison it seems no one cares
Terrible summary, kind of interesting article.