The latest version of Apple’s operating software for its Mac computers, OS X Yosemite, turns out to be just a bit leaky where some of your personal information is concerned. Yosemite, it turns out, is configured by default to send local-search terms and your location information back to Apple and its third-party search partners.
Apple acknowledged that it does glean some information from Spotlight, the Mac’s built-in search tool for finding files in your computer or conducting online searches. But it denies that it uses any personally identifiable information itself and says it only passes along very general data to partners like Microsoft.
But maybe you don’t want to take any chances. So here’s how to shut down the tracking—a simple process, although one that’s not exactly obvious.
How To Turn Off Spotlight Snooping
To prevent your Mac from transmitting Spotlight search data, take these steps (courtesy of Fix-MacOSX.com, a site set up by security researcher Landon Fuller):
Disable “Spotlight Suggestions” and “Bing Web Searches” in System Preferences > Spotlight > Search Results.
Safari also has a “Spotlight Suggestions” setting that is separate from Spotlight’s “Spotlight Suggestions.” This uses the same mechanism as Spotlight, and if left enabled, Safari will send a copy of all search queries to Apple.
You’d be forgiven for thinking that you’d already disabled “Spotlight Suggestions,” but you’ll also need to uncheck “Include Spotlight Suggestions” in Safari > Preferences > Search.
What’s Caught In The Spotlight
It’s now common knowledge that companies like Google save your Internet searches for a variety of reasons, among them to tailor both services and advertising more closely to your interests. What’s interesting about this case is that it involves searches on your own computer, not the Internet at large.
That can lead to unexpected results, as former Washington Post national-security reporter Barton Gellman noted Monday on Twitter:
You're not searching the Internet. You're searching your own files, e.g. "secret plans Obama leaked me." Apple harvests them by default?
— Barton Gellman (@bartongellman) October 20, 2014
It’s not uncommon for companies to collect user data or track behavior for purposes of “improving the service” (whatever that means). But many make the activity obvious and offer clear opt-out instructions. Apple did neither.
True, Apple does inform users about its tracking behavior—by burying the disclosure in a terms of service statement most Mac users will likely bypass. Its “About Spotlight & Privacy” terms read: “When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple.”
The company also states that if location services is on when you use Spotlight, your whereabouts will be sent to Apple too.
In a statement, Apple further clarifies its actions:
For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn’t retain IP addresses from users’ devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn’t use a persistent identifier, so a user’s search history can’t be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.
We also worked closely with Microsoft to protect our users’ privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users’ IP addresses.
Washington Post writer and independent security researcher Ashkan Soltani called the Spotlight leakage “probably the worst example of ‘privacy by design’ I’ve seen yet.”
Lead photo by nolifebeforecoffee