If You're Connected, Apple Collects Your Data

fyngyrz (762201) writes It would seem that no matter how you configure Yosemite, Apple is listening. Keeping in mind that this is only what's been discovered so far, and given what's known to be going on, it's not unthinkable that more is as well. Should users just sit back and accept this as the new normal? It will be interesting to see if these discoveries result in an outcry, or not. Is it worse than the data collection recently reported in a test version of Windows?

Yay :D

[jimmetry]

2015 will the the year of Desktop Linux!

Re:Yay :D

[anagama]

Yeah, it should be opt-in. At the very least, opt-out.

Re:Yay :D

[davydagger]

at least in debian you can dpkg-reconfigure popularity-contest, and it asks you if you want to participate and is fairly transparent about the proccess.

Re:Yay :D

[peragrin]

except you can turn it all off. I have. Yosemite still works as it should. I just lose some safari and spotlight options

Re:Yay :D

[mysidia]

Yeah, it should be opt-in. At the very least, opt-out.

The challenge is that it will skew the statistics.

Collecting anonymized UI instrumentation data doesn't really have privacy concerns, other than revealing your OS.

However, whether you choose to opt-in or opt-out says something about you that may very well be closely connected to other behavior traits that affect your usage of the user interface --- such as whether you prefer GUI or CLI, how much computer/Linux expertise you have, how comfortable you are editing text-based config files, etc.

I personally believe that the more experienced computer users are likely to have acquired more skepticism surrounding software vendors, and users who are more ignorant are also likely to be more trusting of the marketing message, resulting in skewed data due to selection bias: in other words, less useful data which mostly only reflects a segment of the audience.

Re:Yay :D

[anagama]

In TFA, the author claims he did turn stuff off. Have you run a network sniffer to watch your computer's behavior, or are you trusting that "off" means off.

Re:Yay :D

[anagama]

There is a distinction in how you interact with a browser, and the actual content of your searches. Blurring this line is pretty ugly. Apple needs to know stuff like: The user clicked in the search field, typed stuff, and then because of a 60s delay in executing the search, probably couldn't see or understand the search icon, and clearly didn't know to press return (or the phone rang). To get this, Apple doesn't need to know what the person typed. But if that is the claim -- the need to know what is typed -- why not just enable the video camera and microphone too -- that would make it easier to figure out if the person is having problems with the Safari interface, or just answering a text on his phone. I'm guessing people would be sort of grossed out by that, but it fits right in with what you say they need, so why not go total surveillance?

Re:Yay :D

[fuzzyfuzzyfungus]

TFA specifically notes that the behavior described was observed with all visible 'privacy' settings adjusted. Presumably the story is even cheerier if those aren't switched off.

Re: Yay :D

[fuzzyfuzzyfungus]

If you don't trust an OS vendor, isn't using a network monitoring tool on a different host entirely, with physical access to the wire, pretty much the only way to go? If they were so motivated, the OS would basically be a rootkit with device drivers and a userspace API...

Re:Yay :D

[Sarten-X]

Enabling the video camera or microphone won't actually help. You'd need both to determine if the user was actually using their phone, and the processing cost needed to perform that kind of recognition on a large scale would be so ridiculously expensive that it would undermine any additional benefit from the research.

Statistically, a user waiting 60 seconds before searching is uninteresting. It's an outlier, so the developers really don't care what happened. Far more useful would be an observation that 75% of users use the center enter key to submit queries, 20% use the mouse, and 5% use the enter key on the numeric keypad, combined with an observation that 80% of mouse users move the cursor around after a period of inactivity before clicking. To a design team, that means that the users' attention has shifted to typing, and they've forgotten where the mouse is. Perhaps the mouse should highlight in some way when it first moves...

Similarly, the actual content of searches doesn't matter from a UI perspective. If you're having trouble searching for something, it doesn't matter if you're looking for instructions to knit a sweater for a kitten, or the mixture used in the Oklahoma City bombing. On the other hand, the exact search text is useful to the folks developing the search engine, so they can put the most relevant results at the top of the list. Of course, the search engine team doesn't care about how long it takes the user to find their mouse cursor.

This leads to one of the most entertaining aspects of the whole privacy debate. Gathering data is easy, but proper anonymizing is hard. Practically speaking, the analysis of the gathered data is often easier than ensuring that data is anonymous. For example, there are certain combinations of ZIP code and state that identify as few as 30 people within the continental United States, so any data set that includes both ZIP code and state is probably not sufficiently anonymous. It's far easier to simply collect only what's needed for a particular team, and make sure nothing else can be connected to that record. One database records that somebody searched for "geriatric german grandmas spanking spanish men", and another knows that user submitted a search with a mouse, and perhaps another knows that the user is located in western Iowa. With no way to connect the records, the business need is fulfilled and the user's privacy is effectively safe... but the legal disclosure will still simply say that the company collects all those things, stirring up a nice panic.

Re:Yay :D

[Rosyna]

TFA specifically notes that the behavior described was observed with all visible 'privacy' settings adjusted. Presumably the story is even cheerier if those aren't switched off.

He only disabled Spotlight Suggestions in the Spotlight preferences, he did not disable it for Safari, which is in the Safari preferences, right next to the search engine preference.

  (Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).

Yes, worse

[Zaelath]

Of course it's much worse than the data collection from a "technical preview". It's whole purpose is to discover how people use the damn thing and you sign up to be a guinea-pig in exchange for getting the advanced access.

However, it's "to be expected" from Apple. You don't own their phones or laptops, they own you.

Re:Yes, worse

[bloodhawk]

The Windows one is not even a privacy wrong, it is more an example of the right way to do it. You are signing up to provide them feedback, they state it when you download it to install, it is part of the conditions.

Re:Yes, worse

Putting something nefarious in the fine print does not mean that something nefarious is not going on.

Of course it's worse

[msobkow]

Microsoft is testing a release candidate and is informing users of what they're monitoring.

So far no one has complained about onerous licensing agreements with Yosemite, which seems to imply that Apple is not informing users about it.

Until Microsoft has a production release, it's not even fair to compare the two.

ET Phone home

[ls671]

Friends with wireless access and iphones coming to my place seem to be phoning home in some way.

I detected apple trying to connect to some UDP ports on my router only when those iphones were around.
   

Re:no, its not good thou

[Rosyna]

Even if you change search engines in safari, it doesn't disable Spotlight suggestions in Safari. That's a separate checkbox in the Search tab in the Safari preferences. (There are a bunch of options in the Search preferences in Safari)

Re:If you want results from the web

[blackest_k]

um no.
you didn't read the link the string was sent to duck duck go and also sent to apple there is no need for the search string to go to both.

if the user was using apple to search then of course the search string should go to apple but if its sent to google then it shouldn't go to apple as well.

Re:If you want results from the web

[Rosyna]

Oh, I read it. But you didn't read my response to your other comment, which was,

Even if you change search engines in safari, it doesn't disable Spotlight suggestions in Safari. That's a separate checkbox in the Search tab in the Safari preferences. (There are a bunch of options in the Search preferences in Safari)

Searching maps is part of Spotlight suggestions

Re:If you want results from the web

[anagama]

From TFA:

Having read DuckDuckGo's privacy statements, you might decide to switch Safari's default search to DuckDuckGo. If we enter a new search in Safari, we can then search the logged data to see who the search terms are actually sent to.

The logs show that a copy of your Safari searches are still sent to Apple, even when selecting DuckDuckGo as your search provider, and 'Spotlight Suggestions' are disabled in System Preferences > Spotlight.

Or why when setting up an email account does the mail app send the domain name you enter to apple?

I say all this as a person who has been using mac laptops for the last 9 or 10 years. I'm obviously not an apple hater but this seriously makes me question whether I'll buy another one. It's a pretty astounding intrusion demonstrating some rather staggering hubris.

System Preferences - Security & Privacy

So just out of ideal thought.... This wouldn't have anything to do with the settings clearly available for adjustment within the System Preferences -> Security & Privacy pane and then select the "Privacy" tab. Inside there you see a lot of clearly defined options for opting in or out of various settings:
Location Services: Enable/Disable as a whole; Disable by specific user allowed apps
Contacts: Allow/Disallow apps chosen by user to use your contacts
Calendars: Allow/Disallow apps chosen by user to use your calendars
Reminders: Allow/Disallow apps chosen by user
Accessibility: Allow/Disallow apps chosen by user to control the computer
Diagnostics & Usage: Allow/Disallow "Send diagnostic & usage data to Apple" as well as Allow/Disallow "Share crash data with app developers"

Seems pretty obvious to me and very easy to find and adjust settings as desired by each user. Apple even goes a step further and within the "Diagnostics & Usage" option they have a button titled "About Diagnostics & Privacy" that provides the following information:

About Diagnostics & Privacy

Apple would like your help improving the quality and performance of its products and services. OS X can automatically collect diagnostic and usage information from your Mac and send it to Apple for analysis. The information is sent only with your consent and is submitted anonymously to Apple.

If you opt-in to sharing diagnostic data with app developers, Apple may share your crash data with app developers so they can improve their products.

If you opt-into sending diagnostic andusageinformation to Apple, it may include the following information:
Details about app or system crashes, freezes, or kernel panics
Information about events on your Mac (for example, whether a certain function, such as waking your Mac, was successful or not)
Usage information (for example, data about how you use Apple and third-party software, hardware, and services)

Diagnostic and usage data contains your computer’s hardware and software specifications, including information about devices connected to your Mac and the versions of the operating system and apps you’re using on your Mac. If you want to add a description of your actions when the problem occurred, click the disclosure triangle and enter your comments. Please do not provide personal information.

Data can be sent automatically or manually if one of these events occurs:
An app quits unexpectedly
You choose to force an app to quit
A system error occurs that causes your Mac to restart, or requires you to restart your Mac

Report anonymously

All diagnostic and usage information is collected and sent to Apple anonymously. None of the information submitted identifies you personally.

Set reporting options

If automatic reporting is off and a diagnostic event occurs, you’re offered the opportunity to collect information about the problem and send it to Apple.

You can specify one of these options for information collection:

Automatic reporting: When prompted, make sure “Don’t ask me again” is selected, then click OK. After you click OK, automatic reporting of diagnostic and usage information begins, and information is periodically sent to Apple anonymously. You are not prompted again unless you deselect “Send diagnostic & usage data to Apple” in the Privacy pane of Security & Privacy preferences.

No reporting: When prompted, make sure “Don’t ask me again”

Re:If you want results from the web

[Rosyna]

Or why when setting up an email account does the mail app send the domain name you enter to apple?

It's part of the automatic configuration settings. When you first set up a new email address using "Add other Mail Account" in Mail.app, it just asks your for your name, email address, and the password for the account. It then sends the domain to Apple to get the imap/pop3/smtp servers and other configuration information for that domain, if it is available, so the user doesn't have to enter them all separately. It's part of a good UI.

Benefits and safeguards

[iamacat]

For most users, complete privacy from all internet services is not an option. When you enter a query into a search engine, you are providing the server with knowledge of your often very private interests. Your IP address and cookies make it easy for anyone determined to discover your identity as a person.

So the first question is, do you directly benefit from your personal information being collected and retained? In case of a search query, collecting it for the purpose of showing search results is obviously necessary. Long term retention in the form that can be traced back to you is murky. Forwarding it to Apple seems unnecessary and I hope that the company provides an explanation.

As far as safeguards go, it's reasonable that available information is provided to authorities with a subpoena which is narrowed down to minimum required for investigation. Like a list of queries with specific, obviously incriminating keywords made in the last month.

But the notion of complete anonymity is about as practical for most people as living in the cabin in the woods. As a matter of principal, I don't think either should be made illegal. But most people will not be happy with the results, and most crooks will be too dumb to follow these lifestyles so strictly that they don't slip up and get caught.

Re:Benefits and safeguards

[lucm]

That's why I carry a Linux TAILS bootable SD card in my wallet. Portable peace of mind.

Re:Doesn't look like much

[anagama]

I think I understand -- you are saying the software operates as designed, so no problems here.

I think what you aren't getting is that the way the software is designed is what ticks off people who care about their privacy.

Seriously, why should mail.app inform apple that I set up an account randomMailHost.com? That the software does leads you to write [closed: behaves correctly]. This is not at all "correct" from many users' points of view -- you should use a phrase that is more factual and uses words with less judgment involved, for example: [closed: behaves as _designed_ (and if you don't like the design, suck it)].

That's absurd, aim your hate cannon elsewhere.

[Brannon]

Apple has an excellent track record on privacy issues. Not because they are super nice people, but because that's not their business model.

They don't make money by selling user information to third parties or by selling ads, they make money by selling actual physical objects to end-consumers. I'm not sure what you mean by "it's to be expected from Apple", but I'm pretty sure you just made that up because you don't like Apple's customers (probably because you met somebody who likes Apple products who has a more expensive haircut than you).

Re:That's absurd, aim your hate cannon elsewhere.

[LynnwoodRooster]

They don't make money by selling user information to third parties or by selling ads,

Funny, Apple has this thing called iAd where you pay Apple to place targeted ads, and it's currently being sued for selling user info to 3rd parties. Are these activities Apple's primary revenue model? No, but they are part of the revenue stream nevertheless.

Re:That's absurd, aim your hate cannon elsewhere.

[beakerMeep]

Agreed, they have a very good track record but...

They don't make money by selling user information to third parties or by selling ads

Huh? http://advertising.apple.com/

Sure, it's not their main cash cow, but they do sell ads, with targeting and analytics.

Re:That's absurd, aim your hate cannon elsewhere.

[Rosyna]

They don't make money by selling user information to third parties or by selling ads,

Funny, Apple has this thing called iAd where you pay Apple to place targeted ads, and it's currently being sued for selling user info to 3rd parties. Are these activities Apple's primary revenue model? No, but they are part of the revenue stream nevertheless.

iAd is only for iOS Devices (not Yosemite) and your second link is extremely misleading. They're being sued for asking customers that purchase high priced items for their zip code as an additional form of data to verify with the credit card processor to prevent fraudulent transactions. Maybe merchants that have a high amount of fraud do this type of verification.

Re:That's absurd, aim your hate cannon elsewhere.

[fuzzyfuzzyfungus]

People love to hate Apple. It's a thing. Also, is there any evidence this data is not anonymised by Apple?

'Anonymised' is mostly a weasel word. It isn't always impossible; but the more interesting the dataset is, the more likely it is that there's a clever re-identification attack with good odds of success. If you are serious about preventing those, you tend to have to nuke the data so hard that they aren't of much interest anymore.

Unless robustly demonstrated to the contrary, it's an essentially worthless claim.

Re:That's absurd, aim your hate cannon elsewhere.

[LynnwoodRooster]

The GP didn't specify "Yosemite only" - but Apple as a whole. And asking for ZIP code is apparently illegal in MA - which is where they are being sued.

Re:That's absurd, aim your hate cannon elsewhere.

[brantondaveperson]

Yes - and they didn't (acknowledge that) they had actually been *hacked*. But that the celebs in question had either had their account details phished, or their 'security questions' guessed.

This is most certainly *not* the same as icloud being hacked.

I mean, perhaps they were hacked, and are currently lying about it. Possibly - who knows? Does seem a bit unlikely though, given the difficulty of hacking large security systems vs. the relative ease of phishing and guessing the answers to public figure's security questions.

Re:That's absurd, aim your hate cannon elsewhere.

[BitZtream]

What Apple applications embed iAds?

Hint: none

When you pay for an Apple product they don't spy on you.

Nothing referenced in the github site shows otherwise as best as I can tell. Everything they've listed has logical reasons. For example, the email domain is sent to apple to see if Apple has the mail server info registered with them, in which case the server (at Apple) responds with all the setup info so you don't have to fill in host names, ports and server types, ect. It's a useful feature and part of the "it just works" magic.

Yes, they do offer a service to developers, but they don't use it themselves in any app I'm aware of.

Re:If you want results from the web

[anagama]

Are you joking? Why not have the local program test the server itself with the usual prefixes for mail servers? Then the local app can try the usual ports for SSL. Then it can tell the user the results. After a failure, it could even say, "hey, that server isn't responding to the usual requests, would you like me to check with Apple to see if there is something special about it and Apple knows that secret sauce?"

Do you want to tell me with a straight face that this interaction could not be programmed into a local application that sends nothing to Apple (except by express request on the user's part)? That this interaction is so amazingly hard, it has to be done remotely on a bank Apple's servers?

Re:It is opt-out in OSX.

[chihowa]

From the article:

The following occur with all privacy options enabled -- including disabling analytics (i.e., Diagnostics and Usage Data).

So even though it is presented as opt-out, it apparently isn't actually opt out.

I've noticed the same thing. With all of the "privacy" related options enabled, there is still a great deal of chatting with Apple servers. I'm seeing this with Little Snitch.

Re:If you want results from the web

[Rosyna]

They specifically said they turned off Spotlight suggestions.

No, he said he turned off Spotlight suggestions in Spotlight. Not Spotlight suggestions in Safari. (Because you may not want Spotlight sending strings to Apple when searching for files on the computer, but you may not care if you are only searching the internets via safari).

Even if that were not so, changing search engine should never mean you have to find another configuration option to turn off the old search engine. That's just wrong.

It's in the same window!

Re:If you want results from the web

[Rosyna]

Because then you are sending a lot of requests to random domains that may not be designed to handle the traffic? And a lot, a hell of a lot of mail servers out there for common email services use legacy mail servers not related to the domain of the email address (because the mail servers were set up before that particular email domain became popular).

Super quick example, if you have a @windowslive.com email address, the IMAP server is imap-mail.outlook.com. The Exchange ActiveSync server is s.outlook.com. Neither one would be found but your suggestion of randomly hitting subdomains.

There is actually an included list of common Mail Servers and common mail configurations. Mail.app only sends the domain when the domain is not on the list or the configuration fails. It also means that if enough users look for a domain, Apple can immediately include the information without waiting for an update.

Have you ever done tech support for email problems before? It's a nightmare. Anything to help the user is best.

Re: IP addresses

[anthony_greer]

MS only phones home if there is no driver (or a generic universal driver with only the most basic functionality) locally. It does that to get the driver that will allow best performance. You can turn it off it it makes a difference to you...

Re:It is opt-out in OSX.

[DocHoncho]

Considering that the Feds probably get a copy of everything they gather in the first place, I can hardly see them fining Apple for doing their work for them! The very idea of Apple turning all this data over to the Feds for "disposal" is utterly ludicrous. There may still yet be some areas of the US government that work for the people, but the DOJ and Intelligence agencies are clearly serving one interest: their own.

Not allowed to use Mac

[greggman]

When I installed Yosemite the EULA said

"Terms and Conditions: Important: Use of your Mac computer, ... is subject to these Terms and Conditions"

Note: It didn't say just say "use of this software", it said "Use of your Mac computer". It's effectively claiming if I don't follow the terms I'm not allowed to use the hardware period :(

Apple just made a big legal mistake.

[Animats]

Sending the content of every search request to Apple? Notifying Apple if the user sets up a non-Apple email account? That's a blatant violation of the Computer Fraud and Abuse Act unless Apple properly discloses that up front and gets the user's consent.

Apple didn't do that.

The EULA for MacOS isn't on line on Apple's own site. This matters. It violates the FTC's "clear and conspicuous" rule on disclosures. It's just like bundling spyware, which the FTC and state attorneys general have routinely hammered vendors for trying.

This puts Apple in the uncomfortable position Sony was in when they put a root kit on an audio CD.