Slashdot Mirror
If You're Connected, Apple Collects Your Data
fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?
2015 will the the year of Desktop Linux!
Of course it's much worse than the data collection from a "technical preview". It's whole purpose is to discover how people use the damn thing and you sign up to be a guinea-pig in exchange for getting the advanced access.
However, it's "to be expected" from Apple. You don't own their phones or laptops, they own you.
That why I just use my Mac for work, and everything elses on my Linux box.
Microsoft is testing a release candidate and is informing users of what they're monitoring.
So far no one has complained about onerous licensing agreements with Yosemite, which seems to imply that Apple is not informing users about it.
Until Microsoft has a production release, it's not even fair to compare the two.
I do not fail; I succeed at finding out what does not work.
So lets see, they have 3 cases of "tracking" here.
1) A tracking cookie gets set on apple.com, subsequent loads of apple.com send the cookie to the server [closed: behaves correctly] - this is exactly how cookies are meant to work. The only possible issue here is that there appears to be a bug that all applications using some API to load the URL (I'd bet on NSURLConnection) are sharing the same cookies
2) When you search for something in Apple's browser, it contact's Apple's server and asks it what types of search it should do for that input. That also seems like a [closed: behaves correctly]
3) When you input a mail server to talk to, it appears to send the mail server's address to Apple, and the server responds with the same mail server. I expect that it's possible that this can return different URLs to talk to, most likely this is to help catch commonly mistyped URLs (e.g. typing gmail.com incorrectly). Also [closed: behaves correctly].
Honestly, I don't see what the fuss is here.
Friends with wireless access and iphones coming to my place seem to be phoning home in some way.
I detected apple trying to connect to some UDP ports on my router only when those iphones were around.
Everything I write is lies, read between the lines.
Even if you change search engines in safari, it doesn't disable Spotlight suggestions in Safari. That's a separate checkbox in the Search tab in the Safari preferences. (There are a bunch of options in the Search preferences in Safari)
um no.
you didn't read the link the string was sent to duck duck go and also sent to apple there is no need for the search string to go to both.
if the user was using apple to search then of course the search string should go to apple but if its sent to google then it shouldn't go to apple as well.
Blarney Quality Restaurant, Plants
Oh, I read it. But you didn't read my response to your other comment, which was,
Searching maps is part of Spotlight suggestions
From TFA:
Or why when setting up an email account does the mail app send the domain name you enter to apple?
I say all this as a person who has been using mac laptops for the last 9 or 10 years. I'm obviously not an apple hater but this seriously makes me question whether I'll buy another one. It's a pretty astounding intrusion demonstrating some rather staggering hubris.
What changed under Obama? Nothing Good
So just out of ideal thought.... This wouldn't have anything to do with the settings clearly available for adjustment within the System Preferences -> Security & Privacy pane and then select the "Privacy" tab. Inside there you see a lot of clearly defined options for opting in or out of various settings:
Location Services: Enable/Disable as a whole; Disable by specific user allowed apps
Contacts: Allow/Disallow apps chosen by user to use your contacts
Calendars: Allow/Disallow apps chosen by user to use your calendars
Reminders: Allow/Disallow apps chosen by user
Accessibility: Allow/Disallow apps chosen by user to control the computer
Diagnostics & Usage: Allow/Disallow "Send diagnostic & usage data to Apple" as well as Allow/Disallow "Share crash data with app developers"
Seems pretty obvious to me and very easy to find and adjust settings as desired by each user. Apple even goes a step further and within the "Diagnostics & Usage" option they have a button titled "About Diagnostics & Privacy" that provides the following information:
Or why when setting up an email account does the mail app send the domain name you enter to apple?
It's part of the automatic configuration settings. When you first set up a new email address using "Add other Mail Account" in Mail.app, it just asks your for your name, email address, and the password for the account. It then sends the domain to Apple to get the imap/pop3/smtp servers and other configuration information for that domain, if it is available, so the user doesn't have to enter them all separately. It's part of a good UI.
For most users, complete privacy from all internet services is not an option. When you enter a query into a search engine, you are providing the server with knowledge of your often very private interests. Your IP address and cookies make it easy for anyone determined to discover your identity as a person.
So the first question is, do you directly benefit from your personal information being collected and retained? In case of a search query, collecting it for the purpose of showing search results is obviously necessary. Long term retention in the form that can be traced back to you is murky. Forwarding it to Apple seems unnecessary and I hope that the company provides an explanation.
As far as safeguards go, it's reasonable that available information is provided to authorities with a subpoena which is narrowed down to minimum required for investigation. Like a list of queries with specific, obviously incriminating keywords made in the last month.
But the notion of complete anonymity is about as practical for most people as living in the cabin in the woods. As a matter of principal, I don't think either should be made illegal. But most people will not be happy with the results, and most crooks will be too dumb to follow these lifestyles so strictly that they don't slip up and get caught.
Apple has an excellent track record on privacy issues. Not because they are super nice people, but because that's not their business model.
They don't make money by selling user information to third parties or by selling ads, they make money by selling actual physical objects to end-consumers. I'm not sure what you mean by "it's to be expected from Apple", but I'm pretty sure you just made that up because you don't like Apple's customers (probably because you met somebody who likes Apple products who has a more expensive haircut than you).
So...we all done here?
Are you joking? Why not have the local program test the server itself with the usual prefixes for mail servers? Then the local app can try the usual ports for SSL. Then it can tell the user the results. After a failure, it could even say, "hey, that server isn't responding to the usual requests, would you like me to check with Apple to see if there is something special about it and Apple knows that secret sauce?"
Do you want to tell me with a straight face that this interaction could not be programmed into a local application that sends nothing to Apple (except by express request on the user's part)? That this interaction is so amazingly hard, it has to be done remotely on a bank Apple's servers?
What changed under Obama? Nothing Good
They specifically said they turned off Spotlight suggestions.
No, he said he turned off Spotlight suggestions in Spotlight. Not Spotlight suggestions in Safari. (Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
Even if that were not so, changing search engine should never mean you have to find another configuration option to turn off the old search engine. That's just wrong.
It's in the same window!
He turned off Spotlight suggestions for Spotlight, not Spotlight suggestions in Safari.
(Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).
*nix on the desktop has been discussed for yeaaaaaaaaaaaaaaaars but if Joe and/or Jane and/or little Billy Average ever get serious about privacy, could that cause a dramatic shift to open source? And where the users go, the devs are sure to follow. Just need to shift away from 99% of command-line configuration/installation/navigation and Billy Joe Jane Smooth, IMHO, will finally get on board. I'm a 25+ year nerd with my beginnings on an IBM PS/2 (shudder). 36 now, on Windows 7, and I pretty much loathe the command-line. Text UI be damned! To the depths of Mount Doom!
You can dance if you want to.
Because then you are sending a lot of requests to random domains that may not be designed to handle the traffic? And a lot, a hell of a lot of mail servers out there for common email services use legacy mail servers not related to the domain of the email address (because the mail servers were set up before that particular email domain became popular).
Super quick example, if you have a @windowslive.com email address, the IMAP server is imap-mail.outlook.com. The Exchange ActiveSync server is s.outlook.com. Neither one would be found but your suggestion of randomly hitting subdomains.
There is actually an included list of common Mail Servers and common mail configurations. Mail.app only sends the domain when the domain is not on the list or the configuration fails. It also means that if enough users look for a domain, Apple can immediately include the information without waiting for an update.
Have you ever done tech support for email problems before? It's a nightmare. Anything to help the user is best.
Still, do you think that they changed the search engine, left all those options for smart search on, then went to the OS setting for spotlight and turned that off, then sounded the alarm? Would seem a bit like manufactured outrage to me, but I suppose it's not impossible.
Yes, yes, that is what I think Landon did.
MS only phones home if there is no driver (or a generic universal driver with only the most basic functionality) locally. It does that to get the driver that will allow best performance. You can turn it off it it makes a difference to you...
if you ask siri where to bury the body, she needs to go back to the apple servers to get the info.
In other words, assuming the data is being collected in order to improve the OS, will they actually be able to analyze this huge amount of data and come up with actual fixes?
I'm asking because my past experience as an OSX user is that there is a massive amount of garbage warnings and errors in the OS's system logs, which never seem to get fixed (and that's kinda annoying). You would think that they would analyze the data and fix those issues, being the "thorough" and "detail oriented" people they purport to be.
All those moments will be lost in time, like tears in rain... time... to... die...
It doesn't matter if they sit back and accept it or not... it *IS* the new normal.
Of course, it is much easier to live in a reality where you believe what makes you happier about living in the first place... so the desire to want to resist this sort of thing is entirely normal.
File under 'M' for 'Manic ranting'
It doesn't matter. Enough of them already have, so that the rest have no choice if they want to use Apple products.
“He’s not deformed, he’s just drunk!”
Indubitably. Win10 Test is a product demo. So Microsoft is going to monitor it in a way that would be unfeasible for a shipping OS. They're trying to collect user data to make sure people are using Win10 the way they THINK people are going to use it. This is a byproduct of the Windows 8 metro/modern UI fiasco. If they don't disable/remove this level of monitoring when the OS ships, corporate customers will simply opt not to run with the OS...AGAIN.
Seriously, NO company that's in ANY way serious about security is going to put up with a built in keylogger that's reporting back to MommySoft.
Apple is doing the same thing with a live, shipping OS. Which is completely fucking heinous.
Now, will they get away with it?
Probably, because the rabid, turtleneck-and-jeans brigade of Mac fanatics will buy absolutely ANYTHING from Apple, so long as it has the Apple logo on it.
Chas - The one, the only.
THANK GOD!!!
What kind of antisocial fiend would blame Apple for wanting to play a role in customer's lives? After all, isn't that sort of why Apple people buy Apple in the first place, the need to belong, to be involved in something bigger than themselves? You know: every sparrow, etc, etc.
When I installed Yosemite the EULA said
"Terms and Conditions: Important: Use of your Mac computer, ... is subject to these Terms and Conditions"
Note: It didn't say just say "use of this software", it said "Use of your Mac computer". It's effectively claiming if I don't follow the terms I'm not allowed to use the hardware period :(
Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.
Apple didn't do that.
The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.
This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.
Did anybody seriously even consider that they would not do that?
That would require an even bigger violation. They would have to have the client send the actual configuration to Apple as well so they can have the data. Not all businesses would appreciate that.
I'm not so sure - most email providers provide all this information on their web pages anyway. Unless you are suggesting that Apple's mail client is waiting for people to manually set up some email and then sending that information to Apple for use by future users, I don't see any problem for Apple to notice that they are getting lots of requests for email accounts at "someplace.com" and then someone at Apple looking up setup info for someplace.com and pushing that data out to users as needed.
While this type of "auto-setup" is extermely useful (especially on iOS where typing stuff and cut/past and switching between the settings and the web-browser are less than ideal), I do wish it was a bit easier to get straight to the "manual" configuration dialogues. For times when I know that the auto-setup is going to do it in a way I do not want, I usually start by entering a bad domain which does not return a useful result and that lets me do the setup completely manually.