Apple’s OS X Yosemite Spotlight Privacy Issues

Keep on Guard!


So Apple pushed out it’s latest and great OS X version 10.10 called Yosemite, but it’s facing a bit of an uproar at the moment about some Spotlight privacy issues. For those who are not familiar, Spotlight is some kinda of super desktop search that searches everything on your computer (and now also the Internet) – which is not cool as every search means your physical location & search term is sent to Apple (and 3rd parties like Microsoft) every time you use Spotlight.

OS X Yosemite Spotlight Privacy Issues

The upside? Yosemite is pretty cool and also security wise it comes with patches for both POODLE and Shellshock.

Even so, Apple should know better than this and respect privacy by default as they surely understand how something like can blow up.

There’s growing disquiet over Apple’s desktop search app Spotlight, which sends queries for things back to the company’s servers to process.

Spotlight phones home in OS X Yosemite, version 10.10, and it is enabled by default: it can be switched off, but with Apple insisting that it now takes people’s privacy seriously, the software has raised some eyebrows. It appears Spotlight sends queries, along with your location, back to Apple over the internet so the company can suggest related things from the web using Microsoft’s Bing engine. Apple says it needs to see your queries so it can improve Spotlight’s algorithms for suggesting things.

So, for example, searching for “weather” on a Register Mac running OS X 10.10 reveals files, folders and installed applications (such as the Windows 8.1 weather app in Parallels) on the machine containing the keyword; that’s the local search part. This is what you’d expect to see.

But then Spotlight contacts Apple remotely to get recommended software from the Apple App Store, and a search by Bing for any relevant websites.


I can see why they turn it on by default though, the majority of users wont know what is happening and they will enjoy the richer search experience that Spotlight gives them now – ala Facebook style. Do something that pisses off a small subset of more technical users, and see how the public backlash is – if it’s not too bad you profit.

This has spread far and wide though, reaching some mainstream news sites – I’m not exactly sure if the average user will be enraged though as we seem to live in a post-privacy kind of society now where people accept companies collect their data.

Yosemite was released late last week after a string of betas were made available to developers, the first in June. The OS was finalized as Apple chief exec Tim cook started waving around his company’s alleged efforts to safeguard privacy; Cook hopes to use privacy as a differentiator in the iGiant’s ongoing battle against arch rival Google.

But the people behind Fix-macosx.com reckon Spotlight isn’t the only component of OS X Yosemite that unnecessarily phones home. “A myriad system and user processes are sending data to Apple in a default configuration, and we want to fix those, too,” they promise.

A collaborative project to identify additional data collected by Apple and other third parties has been set up by the Fix Mac OS X team. “This work is powered by Net-Monitor, our open-source toolkit for auditing phone home behaviour system-wide,” the developers add.

Apple’s collection of search queries in its cloud is not limited to OS X Yosemite: the Spotlight Suggestions and Bing Web Results are also included in iOS 8. “It has to do with sending data to Apple,” Sean Sullivan, a security advisor at F-Secure, told The Register. “It’s a being-spied-on-by-the-cloud issue.”

How to restore your privacy

Disable these options:

Disable Spotlight Options

  • Disable “Spotlight Suggestions” and “Bing Web Searches” in System Preferences > Spotlight > Search Results.
  • Safari also has a “Spotlight Suggestions” setting that is separate from Spotlight’s “Spotlight Suggestions”. This uses the same mechanism as Spotlight, and if left enabled, Safari will send a copy of all search queries to Apple.
  • You’d be forgiven for thinking that you’d already disabled “Spotlight Suggestions”, but you’ll also need to uncheck “Include Spotlight Suggestions” in Safari > Preferences > Search.

There’s also a Python script to do it here – fix-macosx.py

Source: The Register

Posted in: Apple, Privacy


Latest Posts:


Uber Paid Hacker To Hide 57 Million User Data Breach Uber Paid Hackers To Hide 57 Million User Data Breach
Uber is not known for it's high level of ethics, but it turns out Uber paid hackers to not go public with the fact they'd breached 57 Million accounts.
RDPY - RDP Security Tool For Hacking Remote Desktop Protocol RDPY – RDP Security Tool For Hacking Remote Desktop Protocol
RDPY is an RDP Security Tool in Twisted Python with RDP Man in the Middle proxy support which can record sessions and Honeypot functionality.
Terabytes Of US Military Social Media Spying S3 Data Exposed Terabytes Of US Military Social Media Spying S3 Data Exposed
Once again the old, default Amazon AWS S3 settings are catching people out, the US Military has left terabytes of social media spying S3 data exposed.
SNIFFlab - Create Your Own MITM Test Environment SNIFFlab – Create Your Own MITM Test Environment
SNIFFlab is a set of scripts in Python that enable you to create your own MITM test environment for packet sniffing through a WiFi access point.
Skype Log Viewer Download - View Logs on Windows Skype Log Viewer Download – View Logs on Windows
Skype Log Viewer allows you to download and view the Skype history and log files, on Windows, without actually downloading the Skype client itself.
Ethereum Parity Bug Destroys Over $250 Million In Tokens Ethereum Parity Bug Destroys Over $250 Million In Tokens
If you are into cryptocurrency or blockchain at all, you will have heard about the Ethereum Parity Bug that has basically binned $280 Million + ETH.


2 Responses to Apple’s OS X Yosemite Spotlight Privacy Issues

  1. bab October 21, 2014 at 8:16 am #

    Well, it’s not like Apple is hiding it — there is a very complete description in the “About Spotlight Suggestions & Privacy” button within the Spotlight prefpane.

    • Darknet October 21, 2014 at 6:15 pm #

      I wouldn’t exactly say putting it in the about pane or t&c is being open about it, being open is prompting you on update if you want to have it enabled and explaining the implications in plain English. Or just not having it on by default.