More like this

Security

FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for

It's on by default – didn't you read the small print?

There has been growing disquiet over Apple's desktop search app Spotlight, which sends queries for things back to the company's servers to process.

Spotlight phones home in OS X Yosemite, version 10.10, and it is enabled by default: it can be switched off, but with Apple insisting that it now takes people's privacy seriously, the software has raised some eyebrows.

It appears Spotlight sends queries, along with your location, back to Apple over the internet so the company can suggest related things from the web using Microsoft's Bing engine. Apple says it needs to see your queries so it can improve Spotlight's algorithms for suggesting things.

If you know where to look, it's laid out in the operating system's fine print:

Taking privacy very seriously ... The terms and conditions of using Spotlight (click to enlarge)

So, for example, searching for "weather" on a Register Mac running OS X 10.10 reveals files, folders and installed applications (such as the Windows 8.1 weather app in Parallels) on the machine containing the keyword; that's the local search part. This is what you'd expect to see.

But then Spotlight contacts Apple remotely to get recommended software from the Apple App Store, and a search by Bing for any relevant websites.

What's the weather like up there? Ask Apple (click to enlarge)

Google and Microsoft provide similar services. But the presence of this feature in OS X has taken so many people by surprise, it's prompted unofficial advice from some quarters on how to disable to the privacy-bothering search system.

You can find a Python script to switch off the remote search, and step-by-step instructions for doing it by hand, on fix-macosx.com (clue: System Preferences > Spotlight > Search Results, and Safari > Preferences > Search).

This new website explains why it is advising Mac users to disable Spotlight's suggestions, both within preferences for the OS and options for the bundled Safari browser, as well as how to sideline Bing web searches:

If you've upgraded to Mac OS X Yosemite (10.10) and you're using the default settings, each time you start typing in Spotlight (to open an application or search for a file on your computer), your local search terms and location are sent to Apple and third parties (including Microsoft).

Mac OS X has always respected user privacy by default, and Mac OS X Yosemite should too.

According to Apple, the data sent by Spotlight is encrypted using HTTPS. The company's privacy policy web page also says steps are taken to blur the identity of Spotlight users – although it does concede that the service is opt-out rather than opt-in. Don't look up anything too personal, especially anything identifying, if you haven't switched off the remote search:

Before it answers, Spotlight considers things like context and location while protecting your privacy by using an anonymous identifier that refreshes every 15 minutes. You can always opt out of Suggestions and continue to use Spotlight solely for local search on your device.

You are also free to opt out of having Spotlight use Location Services any time you want. If you opt out, Spotlight will still use your IP address to determine a general location to make your searches more relevant. Unlike our competitors, we don’t use a persistent personal identifier to tie your searches to you in order to build a profile based on your search history.

We also place restrictions on our partners so they don’t create a long-term trail of identifiable searches by you or from your device.

Yosemite was released late last week after a string of betas were made available to developers, the first in June. The OS was finalized as Apple chief exec Tim cook started waving around his company's alleged efforts to safeguard privacy; Cook hopes to use privacy as a differentiator in the iGiant's ongoing battle against arch rival Google.

But the people behind Fix-macosx.com reckon Spotlight isn't the only component of OS X Yosemite that unnecessarily phones home. "A myriad system and user processes are sending data to Apple in a default configuration, and we want to fix those, too," they promise.

A collaborative project to identify additional data collected by Apple and other third parties has been set up by the Fix Mac OS X team. "This work is powered by Net-Monitor, our open-source toolkit for auditing phone home behaviour system-wide," the developers add.

Apple's collection of search queries in its cloud is not limited to OS X Yosemite: the Spotlight Suggestions and Bing Web Results are also included in iOS 8. "It has to do with sending data to Apple," Sean Sullivan, a security advisor at F-Secure, told The Register. "It’s a being-spied-on-by-the-cloud issue."

Spotlight on OS X and iOS is problematic in other respects, some of which have only come to light over the last week or so. For example, if email, calendar events and other categories of information are checked in the Spotlight preferences, the operating system will index the material so that it can be quickly located and retrieved.

In the case of a Mac desktop, that index may be leaked to a USB drive and shared with another computer user; it's an issue explored in a blog post by F-Secure. There is a straightforward workaround but it means disabling functionality to avoid a security risk, so it's a bit crude.

"Don’t check Mail and Events and it can’t leak. But then you can’t search through your email and calendar, which is what I mean by limiting your functionality," Sullivan explained. "It’s a poor workaround – users should be able to index mail and events so it’s available to be searched without the worry that it leaks to USB." ®

Sponsored: Cluster speeds molecular dynamics research with NVIDIA GPUs