Uh Oh, Apple Phones Home… Serious? Feh…
A few blogs are reporting that Mac OS X 10.4.7 has a “phone home” feature for Dashboard. Every day, apparently, your Mac checks Apple’s server to see if your Dashboard widgets are up to date. A few bloggers are going (mildly) ballistic, suggesting that this is evil, perhaps as much as what the iTunes Music Store’s MiniStore does.
Feh.
All it’s doing is checking to see if you have the latest versions of the widgets you use. It’s simply checking for updates, as OS X does regularly (according to the settings you choose in the Software Update preference pane), or as many, many other programs do, unless you turn off their auto-check features.
Why do people panic at the slightest packet of data? Why don’t they think a bit about what is actually being sent? For the iTunes Music Store, personal information is indeed being sent to Apple; but for Dashboard, it’s only the widgets’ names and version numbers…
Too many people are on the edges of their chairs just waiting for a chance to show that Apple is like Microsoft, using your computer as a switchboard to shunt personal information to and from their servers. It’s not the case (this time), so don’t worry.
Bravo for having common sense. It seems to be serious lacking in some of the
mac blogging community.
Cheers!
When RealPlayer got caught with spyware in 1999 they were hauled into court
and treated pretty harshly.
When Sony got caught in 2005 they had to give everyone involved a free CD.
Odd, considering Sony was guilty of spyware, the rootkit, and lying about it.
Also, I don’t recall hearing about any action or punishment directed at First 4
Internet or Sunncom.
Apple was next with the "MiniStore", and the result was that they changed the
offending bit of code so it’s off by default.
I see a trend.
If the only thing to consider is what information is actually being sent, then I
accept your point, because the information about my widgets is not serious
to me, and I see the reason for checking them.
On the other hand, I consider the trend to be a serious and growing problem.
Seven months ago Apple was taken at their word that they were not
"collecting" the information, despite evidence to the contrary, and despite the
fact that their "word" was second hand from an un-named source.
A large majority gave Apple the benefit of the doubt, and assumed that the
way the MiniStore was introduced was just a terrible PR blunder. Are we to
assume that they have made the same blunder twice? This time there is no
easy way for most people to turn the offending software off. Not everyone
has Little Snitch or understands the command line.
In seven months, they have not given any public explanation for 2o7.net, or
why 2o7.net requires PII.
They have not addressed this new flow of information in either the "Privacy
Agreement" or the iTunes EULA. This means that even if they are not
harvesting your data for their own use today, they can start doing it tomorrow
with less notice than you got when the software was installed.
They have not addressed the fact that any pro level server software will by
default store the sent information in it’s logs. The "Privacy Agreement" is
quite clear about the fact that they DO keep and use the log data.
Looking back at how Apple handled the MiniStore, I am less than thrilled that
they have once again granted themselves a new way to access information on
my HD, regardless of how trivial that information may seem.
Apple learned an ugly truth last January, and a bad precedent was set. As
long as they can say you might benefit somehow from them sticking their
nose in your HD, they don’t need your permission, you don’t need to be
informed, and if you do find out and ask questions, they are under no
obligation to give you any details about what they took or what they did with
it.
Lets face it, by plan or by blunder, everybody is getting conditioned to the
idea that just because it’s your computer doesn’t mean the information on it
is private, or yours. I think that is very a serious problem.
One last point. Apple is very protective of it’s privacy and trade secrets, and
has shown no problem dragging anyone who breaches it’s privacy straight
into court. Sometimes they appear excessive in their quest for protection of
what seem to me to be unimportant secrets. Fortunately for Apple, I don’t
get to decide which of their secrets are serious, and which are unimportant.
Shouldn’t it work the other way too?
It’s my information. It’s my computer. I’ll decide what is serious and what is
trivial. If Apple doesn’t know what I’ve decided, they should ask me.
Fair enough?
LampieTheClown
—
If at first you don’t succeed, skydiving probably isn’t your sport.
Lots of programs do the same thing. You can block it with software that
prevents specific programs from accessing a network, if you’re really worried. I
understand your feelings, but I disagree – as I’ve written here, the iTunes Mini
Store sent a unique identifier; this is merely checking to see if your widgets are
up to date.
I did not mean to imply that the widget checker carries the same weight as
the MiniSpy. Like I said, if you are only considering what information is sent,
the Ministore is in a different league. My point is that once the precedent has
been set, you will have a hard time arguing breach of privacy when the data
finally crosses the line of what you personally consider trivial.
Apple will always be able to show that they are acting in your best interest,
even if it’s just better advertising. The burden will then be on you to explain
why the information is private. That’s difficult to do while keeping the
information, uh … private.
Remember, the fact that they accessed it without your permission is no
longer good enough.
A matter of degree can always be argued. "… and the lines on the map, move
from side to side".
"All of it" is easier to defend, and it’s ours to begin wwith. Why start by
giving
some up, when you know that in the end you’ll be fighting for the last inch?
I’d rather stop it now while the burden is on Apple (and other companies) to
prove they have a right to access ANY information 1)without permission, 2)
without defining limits (privacy agreement), and 3)without full disclosure
(2o7.net – PII).
Saying that "Lots of programs do the same thing", kind of proves my point
about setting a precedent. How many posts have you read defending Apple
or the Ministore that started with "Applications ABC and CDDB already do
something like this, so what’s the big deal?"
Because of the Ministore, that can now be said about apps that phone home,
phone third parties, send information about what local file you are accessing
at this moment, and add a personal identifier to the transmission. Now, with
this widget update, they can add "and they don’t have to give you a way to
turn it off". The software doesn’t have to come from Apple, either. It stands
to reason that If Apple doesn’t have to ask, or disclose, why should Micro$oft
or Sony?
Do you think Apple has told us the truth about the Ministore data? Of course
not.
Then why do you trust them now? Consider this.
If you were going to design the widget checker, how would you do it?
I’d create a database with the checksums of the all the widget titles so that it
could be securely downloaded. The software then checks locally to see if the
installed widgets match the downloaded database. If they do, the software
just watches the widgets for changes, and checks any new widgets against
the database. If the database doesn’t have the new widget title or version,
then it gets an updated database from Apple, or sounds the alarm. It would
connect to the internet once or twice a year on my computer, because I don’t
have much use for widgets, yet it would be secure.
So why does Apple’s plan have the software phoning home three times a day?
There may be a good reason, but who can say? Apple refuses to tell us why
our computers will call home 1095 more times this year than last. Why do
you think Apple won’t tell?
It’s much easier to defend our rights than it is to get back the ones we’ve let
slip away. How personal or trivial we rate the data has nothing to do with the
issue.
The issue is this.
Apple is getting into the habit of putting undocumented code into updates
that do not respect privacy or property rights, and are not covered by the
privacy agreement or the EULA.
The final insult is, Apple says it’s none of our business how it works, who it
phones, what it sends, or why it does it three times a day.
That’s enough for me to say no, no matter what their intentions are.
Lampie
—
If at first you don’t succeed, skydiving probably isn’t your sport.
Again, I agree in principle, but the widget checker is not sending any "personal
information" any more than Software Update is. And I don’t think they’re
"collecting" any such information…
You can say that it’s a can of worms, and the fact that people accept it is a
problem. But for widgets, this is meant as a security feature, not spyware. There
was enough hue and cry about the lack of security in widgets early on, so I find
Apple’s approach laudable.