After the #bendgate scandal took the world by storm we all learned a valuable lesson about the inevitable backlash induced by the introduction of a new Apple product—in this day and age sometimes even a crisis isn’t all it’s cracked up to be. So, as the whole world of Apple aficionados are busy updating their operating systems, what are we to make of the claims that Apple’s new OS X Yosemite is casually spying on our spotlight searches and making our personal search data available to both Microsoft’s Bing search engine and a range of remote Apple servers?
Before this new catastrophe scores it’s own hashtag or threatens the health of the NASDAQ, let’s take a few minutes to examine what all the fuss is about and whether you should consider ditching your new Mac altogether or simply take a few minutes to review your privacy settings.
The Low-down on Spotlight Search
First, let’s get our facts straight—the feature in question, OS X’s Spotlight search, has been an operating system staple since the introduction of OS X Tiger back in 2005, allowing Mac users to search system-wide for files, documents, applications and downloads right from the search bar at the top of the screen. However, with the release of OS X Yosemite, Spotlight has been refined, re-tooled and refurbished with a new look, a new location and a new set of source data to pull from.
OS X Yosemite’s Spotlight Search not only indexes all of the files available on a user’s hard drive, but also sources news headlines, maps, Bing web searches, the App Store, the iTunes Store, independent websites, and movie showtimes to bring you answers to your spotlight query.
So, for example, if you were to search “Gone Girl” using the new OS X Yosemite spotlight search, you would not only find that diary entry of yours from the other night safely saved in your “Private” folder, but also links to the feature film available online and any references to Gone+Girl in your email account, as well as any previous web searches related to Gone Girl or calendar appointments containing the term “Gone Girl.”
Now, in and of itself, the ability to search via your desktop or laptop for results locally on your own computer and across the world wide web isn’t inherently problematic. What has raised hackles among privacy advocates is this—if a Mac user has his or her location services turned on (and to be clear “on” is the default setting for location services) then the search terms as well as the user’s location will be sent off to Apple’s remote servers as well as Microsoft’s Bing Search engine in an effort to “make suggestions more relevant to you.”
With the NSA listening in on our phone calls and the unwelcome revelation that our cloud-based photo storage is not as safe as we may have hoped it was, it’s not hard to imagine how the revelation that search and location data are being siphoned straight from our operating systems into the corporate abyss would send privacy advocates and concerned citizens into quite the tizzy.
However, as per usual when it comes to Apple scandals, everything is not quite as it seems when it comes to privacy and the Spotlight search function.
Privacy vs. Performance
Apple has also responded complaints about the security of Spotlight searches in a written statement to The Verge, saying:
We are absolutely committed to protecting our users’ privacy and have built privacy right into our products. For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn’t retain IP addresses from users’ devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn’t use a persistent identifier, so a user’s search history can’t be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.
We also worked closely with Microsoft to protect our users’ privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users’ IP addresses.
You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight.
Ultimately, the bleeding heart of this latest scandal seems to be the opt-in versus opt-out issue—while there are ways to opt out of both Spotlight Suggestions (thereby restricting your searches to your local files and omitting any internet-based responses to your query) and / or Location Services (preventing Spotlight from transmitting your location to both Apple Servers available remotely and Microsoft’s search engine), you do have to actively opt-out. Spotlight’s default setting does not make your privacy it’s highest priority.
And, while claims that Apple is sending your home address and search terms to corporate clients have been greatly exaggerated, Apple is aggregating more and more consumer data under the guise of giving customers more of what they want in the way of tailored results to specific queries.
Moreover, further research by Landon Fuller, a software engineer and CEO of Plausible Labs indicates further trespasses on consumer privacy courtesy of OS X Yosemite, including the revelation that any time a user selects “About this Mac” the operating system contacts Apple with a unique analytics identifier whether or not the Apple user has selected to share analytics data of this kind with Apple. And, any time a new email address is added to the Apple mail application, the domain of the address is transmitted directly to Apple.
Spying, Stealing or Just Sharing?
So, is apple spying on you courtesy of the oh-so-sexy new OS X? No. Is the Spotlight scandal as serious the NSA phone hacking controversy or Google’s illegal harvesting of consumer wifi data? No. Is Apple marking a dramatic shift in its position on privacy by switching to an Opt-out rather than an Opt-In model? Yes, absolutely. And if you care about keeping the majority of your search and location data private, it’s up to you to protect yourself by taking a good hard look at your settings with this upgrade and every iteration of OS X to come.