Slashdot Mirror

← Back to Stories (view on slashdot.org)

If You're Connected, Apple Collects Your Data

Posted by timothy on from the so-they-can-notify-next-of-kin dept.

fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?

10 of 313 comments (clear)

  1. Re:Yay :D by anagama · · Score: 4, Interesting

    Yeah, it should be opt-in. At the very least, opt-out.

    --
    What changed under Obama? Nothing Good
  2. ET Phone home by ls671 · · Score: 3, Interesting

    Friends with wireless access and iphones coming to my place seem to be phoning home in some way.

    I detected apple trying to connect to some UDP ports on my router only when those iphones were around.
       

    --
    Everything I write is lies, read between the lines.
  3. Re:Yay :D by mysidia · · Score: 3, Interesting

    Yeah, it should be opt-in. At the very least, opt-out.

    The challenge is that it will skew the statistics.

    Collecting anonymized UI instrumentation data doesn't really have privacy concerns, other than revealing your OS.

    However, whether you choose to opt-in or opt-out says something about you that may very well be closely connected to other behavior traits that affect your usage of the user interface --- such as whether you prefer GUI or CLI, how much computer/Linux expertise you have, how comfortable you are editing text-based config files, etc.

    I personally believe that the more experienced computer users are likely to have acquired more skepticism surrounding software vendors, and users who are more ignorant are also likely to be more trusting of the marketing message, resulting in skewed data due to selection bias: in other words, less useful data which mostly only reflects a segment of the audience.

  4. Re:Yay :D by anagama · · Score: 4, Interesting

    In TFA, the author claims he did turn stuff off. Have you run a network sniffer to watch your computer's behavior, or are you trusting that "off" means off.

    --
    What changed under Obama? Nothing Good
  5. Re:If you want results from the web by anagama · · Score: 4, Interesting

    Are you joking? Why not have the local program test the server itself with the usual prefixes for mail servers? Then the local app can try the usual ports for SSL. Then it can tell the user the results. After a failure, it could even say, "hey, that server isn't responding to the usual requests, would you like me to check with Apple to see if there is something special about it and Apple knows that secret sauce?"

    Do you want to tell me with a straight face that this interaction could not be programmed into a local application that sends nothing to Apple (except by express request on the user's part)? That this interaction is so amazingly hard, it has to be done remotely on a bank Apple's servers?

    --
    What changed under Obama? Nothing Good
  6. Re:Benefits and safeguards by lucm · · Score: 3, Interesting

    That's why I carry a Linux TAILS bootable SD card in my wallet. Portable peace of mind.

    --
    lucm, indeed.
  7. Re:Yay :D by Sarten-X · · Score: 4, Interesting

    Enabling the video camera or microphone won't actually help. You'd need both to determine if the user was actually using their phone, and the processing cost needed to perform that kind of recognition on a large scale would be so ridiculously expensive that it would undermine any additional benefit from the research.

    Statistically, a user waiting 60 seconds before searching is uninteresting. It's an outlier, so the developers really don't care what happened. Far more useful would be an observation that 75% of users use the center enter key to submit queries, 20% use the mouse, and 5% use the enter key on the numeric keypad, combined with an observation that 80% of mouse users move the cursor around after a period of inactivity before clicking. To a design team, that means that the users' attention has shifted to typing, and they've forgotten where the mouse is. Perhaps the mouse should highlight in some way when it first moves...

    Similarly, the actual content of searches doesn't matter from a UI perspective. If you're having trouble searching for something, it doesn't matter if you're looking for instructions to knit a sweater for a kitten, or the mixture used in the Oklahoma City bombing. On the other hand, the exact search text is useful to the folks developing the search engine, so they can put the most relevant results at the top of the list. Of course, the search engine team doesn't care about how long it takes the user to find their mouse cursor.

    This leads to one of the most entertaining aspects of the whole privacy debate. Gathering data is easy, but proper anonymizing is hard. Practically speaking, the analysis of the gathered data is often easier than ensuring that data is anonymous. For example, there are certain combinations of ZIP code and state that identify as few as 30 people within the continental United States, so any data set that includes both ZIP code and state is probably not sufficiently anonymous. It's far easier to simply collect only what's needed for a particular team, and make sure nothing else can be connected to that record. One database records that somebody searched for "geriatric german grandmas spanking spanish men", and another knows that user submitted a search with a mouse, and perhaps another knows that the user is located in western Iowa. With no way to connect the records, the business need is fulfilled and the user's privacy is effectively safe... but the legal disclosure will still simply say that the company collects all those things, stirring up a nice panic.

    --
    You do not have a moral or legal right to do absolutely anything you want.
  8. Re:That's absurd, aim your hate cannon elsewhere. by fuzzyfuzzyfungus · · Score: 3, Interesting

    People love to hate Apple. It's a thing. Also, is there any evidence this data is not anonymised by Apple?

    'Anonymised' is mostly a weasel word. It isn't always impossible; but the more interesting the dataset is, the more likely it is that there's a clever re-identification attack with good odds of success. If you are serious about preventing those, you tend to have to nuke the data so hard that they aren't of much interest anymore.

    Unless robustly demonstrated to the contrary, it's an essentially worthless claim.

  9. Re:It is opt-out in OSX. by DocHoncho · · Score: 4, Interesting

    Considering that the Feds probably get a copy of everything they gather in the first place, I can hardly see them fining Apple for doing their work for them! The very idea of Apple turning all this data over to the Feds for "disposal" is utterly ludicrous. There may still yet be some areas of the US government that work for the people, but the DOJ and Intelligence agencies are clearly serving one interest: their own.

    --
    Celebrity worship is a poor substitute for Deity worship and costs more to boot.
  10. Apple just made a big legal mistake. by Animats · · Score: 4, Interesting

    Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.

    Apple didn't do that.

    The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.

    This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.