For those interested, here's the specific language Apple offers to explain what Spotlight is doing. I didn't see it elsewhere so I figured I'd post it. From the Spotlight preferences pane:
"When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services."
"If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac."
"You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region."
"Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy."
A domain, a python script, to effectively achieve tapping a couple toggles in sys prefs? And this is quite difficult for the average non terminal using person.
> This site _criticizes_ Apple for certain privacy-invading features of Mac OS X and teaches users how to fix them. So, obviously, the site is not approved by Apple.
Not to mention that it encourages possibly not technically inclined users to execute random scripts from the internet, which should be a capital crime.
What like downloading a tarball over http? Watch your own binary/source traffic for a day, we are downloading random ass executable content all day long.
Yes. One single annotated screenshot would have been simpler, more explicit in what it does, it wouldn't have trained users to execute random code from the internet, and at the same time taught them how to revert the changes.
Howdy. Author here. By way of introduction, I'm also the author of PLCrashReporter (https://www.plcrashreporter.org/), ported Java 6 to Mac OS X (a.k.a Soylatte), and -- this might lower some folk's estimation of me here -- started the MacPorts project almost 15 years ago at Apple, along with co-workers Jordan Hubbard and Kevin Van Vechten.
That slightly snarky disclaimer you quoted actually has a serious backstory; the language came from https://fixubuntu.com (whose AGPL code was used here), and it was added after Ubuntu sent a legal demand that "Ubuntu" be removed from the fixubuntu domain name and website:
I actually toned down the snark -- just slightly -- from the original disclaimer.
It's remarkably easy to miss Spotlight's privacy disclosure in Yosemite -- the instant you start typing in the Spotlight search box, the disclosure disappears, and seemingly stays gone. There's no single "local search only" toggle, and you have to cross-reference the documentation provided in System Preferences against the list of "Search Results" to figure out which of the options actually sends your queries to Apple.
I wanted something simple, that I knew worked, and I could just tell family to run themselves, so I put this together. It's a convenient way to apply the settings, a jumping-off point for a more involved effort to resolve some of the other remaining privacy issues on Yosemite, and a handy way to get the privacy message across.
If you're interested in chipping in on the OS X privacy front, there's a lot more to look at than just Spotlight; my next goal is to get https://github.com/fix-macosx/sslsplit transparently capturing traffic in a Yosemite VM so that we can start nailing down exactly what is being sent from the myriad of daemons (and spotlight!) that are sending data outwards in a default configuration.
I'm very sympathetic to the "random internet code" issue, so I struck a balance by:
1) Displaying the source inline in the page (of course, there's no guarantee that it matches the downloaded code, but the goal here is to highlight the important of knowing what you're running).
2) Making the actual script URL a clickable link, so that folks that don't blindly execute curl scripts (myself included) can easily download the script and examine it.
3) Used a variation of the usual pipe approach (curl -O … && ./…) so that anyone downloading it would actually have a copy of what they just ran.
Thank you for taking the time respond, and for your impressive body of work.
My knee-jerk reaction to everything about this site can definitely be attributed to ignorance. Something worth considering, in my opinion, for the goal of the project.
fix-osx: I didn't know it needed fixing (in the context of what this site declares is wrong). I am open to being wrong, and that it would need fixing, but my gut response is that it doesn't. It is not intended to attack/dispute your messaging, but rather explain how it could be read by someone unfamiliar with how it is indeed that way.
Expanding on that, I don't hold that OSX inherently betrays user privacy. While this can be considered a privacy leak by ux design (it is, I agree), it's not something that would lead me to the conclusion that the OS has no privacy by design. I'll be looking more into this now, however.
Regarding the disclaimer... That backstory certainly validates the tone, but a disclaimer for the disclaimer would be nice for the uninitiated :-
Thanks for the feedback; I committed a rephrasing of the trademark disclaimer (https://github.com/fix-macosx/fix-macosx) and I'll push that out when I next have the chance.
Just to clarify, the submission's title of "No Privacy, by Design" doesn't represent my own position; it's not a phrase that's used on fix-macosx.com.
So at first I was wondering why it was python. Then I saw that you could import Foundation and directly edit settings. Needless to say now I'm intrigued and kinda want to write an ansible plugin for this as I already use ansible to set this junk up as it is.
The problem with telling people to run this for themselves, is now they have to trust both you and apple.
If you really want to educate people, why not also provide directions on how to do it via the UI? Are you trying to scare people?
The privacy disclosure and instructions are perpetually available in spotlight settings by pressing the giant button labelled 'About Spotlight Suggestions & Privacy', which is probably the largest button in the entire OS.
If you're referring to the POODLE SSLv3 bug, it doesn't break authentication/key exchange or MAC, but instead, confidentiality of the symmetric encryption.
In other words (assuming an attacker can modify a sufficient amount of SSL traffic in transit), they could decrypt the python source code, but they can't insert new data without triggering a MAC validation failure on the client.
I've just about wrapped up support for correlating connections with the local responsible program (see branch macosx-process-info); I also need to put some thought into how to handle non-TCP traffic.
I'll be posting Yosemite setup instructions later today; my plan is to collect a corpus of data from a default installation. One thing I could really use help with is providing a web-based visualization of that data.
So, the title, as well as being innuendo, is false - it's not 'by design' it is 'by default', and only for search terms.
I think it's fair enough to point out that these search terms are transmitted to Apple. It's also reasonable to complain that the option is hidden, and the terms and conditions where this is pointed out are glossed over.
This site, however, is counterproductive theater designed to look hackerish and scary, as well as to mislead users. It commits exactly the same error as Apple is accused of committing - it hides the fact that there is a simple UI to control this function, and that users should be educated to make the choice for themselves.
"When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services."
"If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac."
"You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region."
"Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy."