Apple: Please Stop the Silent Notifications!
July 7th, 2006Some months back, a new iTunes feature caused havoc. When you clicked on the name of a track on your playlist, tunes of a similar genre appeared at the bottom of the iTunes window in a so-called “mini store.” Talk about havoc, because, in order to accomplish this magic, information about that selected song had to be sent to Apple.
You can imagine what happened next. The critics charged Apple with sending us spyware, so changes were soon made. While you could delete the mini store’s display, an update altered the approach. Now you had to turn on the feature before it became active. Moreover, Apple protested that it really wasn’t collecting any secret information from you, just the name of the song you selected. It didn’t even track the song you actually played.
I had hoped they learned their lesson from that ill-considered scheme, however well intentioned, but that was not to be. But to frame this commentary, let’s harken back to a little trick Microsoft recently pulled on its Windows XP customers, in the form of what masqueraded as just a routine update. Known as Windows Genuine Advantage, it was a beta version of software designed to make sure that you weren’t running a pirated version of Windows. Each day, WGA would phone home to Microsoft’s servers to deliver that information.
Now I have nothing against Microsoft wanting to determine whether or not a copy of Windows was legit or not, but that’s not the point. What you had here was, in effect, a silent agent that would upload information to Microsoft about your system setup without your knowledge or permission. Isn’t that what spyware is all about?
Well, you can imagine what happened next. As litigious customers put their class-action lawsuits into motion, Microsoft relented and changed WGA to sharply curtail the online connections with their servers, and also updated descriptions of the product to better inform customers of what it was going to do.
So what does Apple do in the wake of these controversies? Well, among the “fixes” in the 10.4.7 update was a little element known as the Apple Dashboard Advisory, supposedly a security feature that checks to make sure you are using genuine widgets that are authorized by the company who built them. The checking mechanism apparently works every eight hours while you’re online.
Now as a practical matter, this new feature is designed to protect you, somehow, from running a widget that might compromise your safety. But it’s also compromising your privacy once again, even if the server connection is strictly limited to checking your widgets for authenticity.
Understand that privacy has become a political football in the halls of Congress and this is a very bad time for a company to release software that communicates with the home office without your knowledge or consent. With Apple’s Software Update feature, you can decide whether or not it runs, and how often. The Apple Dashboard Advisory, however, came with no advance warning or mechanism to switch it off.
I am not suggesting that Apple’s behavior here is insidious in any way. In a statement, the company states, “Apple takes protecting user privacy very seriously. The Dashboard Advisory feature is a security tool that ensures that the correct version of a widget has been downloaded from a third-party site and no personal information is transmitted to Apple.”
So far, there’s no evidence that Apple is telling us a fib here. The server connections do not appear to extend beyond what the company represents, and, indeed, no personal or system-related information is being sent. But that’s not the point. You have a right to know what your Mac is doing behind your back.
The solution, of course, would be simple. First put up a prompt in a revised 10.4.7 installer about the feature and what it’s intended to do, and explain how to turn it off. One way would be to add such an option in the Security preference panel.
Alas, Apple hasn’t learned from its mistakes. You and I are told that Macs are more secure, relatively immune from the virus invasion that has engulfed the Windows platform. At the same time, we don’t need anyone else spying on what we do, even if its purpose is to protect us from ourselves.
While I’m sure third parties will develop utilities to turn the thing off, I’m more concerned with Apple’s cavalier attitude about the whole thing. Hopefully an official fix will be in the offing. As for me, I’ll probably leave the Dashboard Advisory active, even if I have the option to shut it down. But I still want to make my own decisions about such matters.
Print This Post
Exactly right. Please leave it up to oureselve to decide whap app should (or should not) ‘phone home’. It’s not such a big thing, just the Dashboard, but what’s next? How can someone think it’s a good idea to install ‘Apple Spyware’ to ‘protect us’ from ‘bad widgets’? I would rather hear about these ‘bad widgets’ and what they might be able to do.
Wow. Let’s face it, Apple has joined the dark side. With the Dashboard Advisory
SpywareFeature, I can think of only a few possible actions. Let’s say they found a rogue Widget on YOUR system. Would they: Disable the Widget remotely; or notify you that you had a problem; or replace it with a valid Widget without your knowledge or just do nothing? If they aren’t going to do anyhing, why are they spying on your system? It seems that would be a waste of bandwidth and server space for Apple.Of course, that’s nothing compared to this Apple provided capability: http://www.oreillynet.com/lpt/wlg/7409
(this only makes sense if you Mac has a built-in iSight) With this they can REALLY spy on you. I’m just guessing it is possible to turn on the camera without turning on the pilot lamp. Is it on now? How would one know? Just trust us, we’re’ here to help?
The unfortunate fact is that any organization that gets large enough, no matter how inspired the leadership, degenerates into a bureaucracy filled with unclear thinkers. Poor Apple, just when things were going so well. Sad, sad, sad.
Proactive measures that enhance the security of a system and does not send any personal info sounds good to me. “Joe User” is not going to stare at his Activity Monitor or watch network packets to see what is going on (much less know what each item is). Nor are they going to learn/want to. We purchase Macs for a variety of reasons, ease of use being one of them (better security/no viruses is another). If we start inundating typical users with pop-ups, preferences to set, etc…..it will become just as annoying and just as secure as Windows.
Dashboard widgits are a very serious security threat. Apple needs check every new widgit ASAP untill they develop software for OSX that can determine the safety of any newly downloaded widgit.
In principle, certainly. The point is that there was no warning this was going to happen. And, how do you know that the information being sent isn’t personal? You can only find that out by examining the outgoing packets (that’s assuming that the data aren’t encrypted, which would in turn require identifying the key used etc.).
I’m sure that’ll be their top priority, once they’ve solved this little thing called the Halting Problem.
In my view, this story is a little alarmist. This feature is not like the iTunes feature, one that did return personal information to Apple without asking. I’m happy to agree that was mis-judged. And it is certainly not like the Windows feature attempting to check up on piracy and threatening to mess up your system if it smelled foul. Rather, It is a very routine feature that transmits no personal information to Apple and offers some protection to your computer.
I think mixing it up with the very different iTunes and Windows stories is, well, mis-judged. Isn’t it shading close to being disingenous to say that you are not suggesting Apple insiduous behaviour? Perhaps, I’m misreading the tone of the piece and the real thrust is that Apple should aim to remain whiter than white and beyond even quite unreasonable suspicion. But even if this is right, I have some reservations. For my part, I’m happy if Apple behave in a professional and sensible manner. I feel it would be a shame if they became unreasonably cautious about implementing useful and non-invasive measures in the face of stories that run together features with what I see as very different characteristics.
bests wishes
Danny
I think people are overreacting just a bit here. Just what, exactly are you worried about? Apple knowing that you know what tomorrow’s date is? What the weather forecast for your area is? Haven’t you ever heard of “Software Update”?
Due to the nature of Dashboard Widgets, there is the risk a vector that allows the security of your system to be compromised (or perhaps you haven’t read the info on the security updates that have come out since 10.4.0). Apple keeping a close eye on the situation is a “good thing” people, not some sinister “Big Brother” threat. Having to click through all those stupid end user licensing agreements is annoying enough as it is. I can hardly wait for the time I have to click through a privacy policy notice every time I try to do something on my computer (kinda like the stack of papers you get handed every time your doctor looks in your direction).
You’re starting to sound like the people who sue McDonald’s because you weren’t warned by signed affidavit that hot coffee is hot.
When Widgets start asking for your credit card and social security numbers and starts taking pictures with your iSight camera, then I’d start to worry.
By which time it is too late to worry.
Apple’s error was to assume that their customers don’t want to know about everything that goes on inside their computers. As it turns out, they very much want to know.
10.4.7 phones home 3 times a day, every day, 365 days a year. And that’s not a privacy issue, given that Apple didn’t tell anybody about this new feature, or provided an option for disabling it?
What I can’t understand is why Apple dicided to use this ‘phone-home’ feature without giving us the ability to deactivate it. Or to tell us about it. Thet MUST know someone would find out about it and all these reactions from macusers would pop up.
And how is it possible a WEBSITE can activate the iSight an enclose it on there site??? My god. Talk about ‘big brother’… I’m glad I’ve got an old-fashion iSigh. At least I have to phisically turn it’s head to activate it. When it’s off, it’s off and closed.
I hate to say, but I suspect most people have no idea what their computers are doing. For instance, if I start up Activity Monitor there are many activities running I otherwise would have been unaware. If I use a tool like TinkerTool, I can find a zillion files that Apple has hidden from me. Apple does not advertise these things, and nobody is complaining. I do not want to see all those files I have no use for, and I do not want to see all those processes running in my dock.
Apple most likely made its widgets decision because it thought it was doing users a service, just like it did when it made a decision to hide files and run some processes in the background away from users eyes. Heck, most widgets simply will not work if they do not call home because that is how they get the information they provide. Moreover, there are so many Widgets out there, it would be pretty easy for people to create imposter widgets to wreck havok on a computer. I buy Macs because I want ease of use, and trust Apple to provide me security. I also understand if that is what I want, Apple has to make some decisions for me. Accordingly, Apple did not act unreasonably, and accordingly, I do not think it made a mistake in the way it handled itself.
For what it is worth, people who care about these things should get a program like Little Snitch which informs you of all the calls out of your computer. If you do not like the call outs, you can prevent the applications from doing so.
PS:
Scott says:
“You’re starting to sound like the people who sue McDonald’s because you weren’t warned by signed affidavit that hot coffee is hot.”
For the record, MacDonalds WAS NOT sued because it did not warn a lady about the obvious fact that hot coffee is hot. It was sued because it broke a law that was designed to protect people from being burned by coffee served above the legally allowed temperature. Moreover, it was repeatedly warned by customers that the coffee was unreasonably hot. Finally, its own expert witness admitted the coffee was served dangerously hot, the lady was not driving, and the accident happened in MacDonald’s parking lot. Of course, the mainstream media left most of these easily verfiable facts out of the case.
While it is true you and I know coffee is hot, and we may be willing to take the chance of being burned while drinking coffee in a car, that does not mean we expect the coffee to be so hot it will give us third degree burns if some spills on us. I am willing to risk some red skin while driving with my coffee, but not the actual loss of multiple layers of skin so severe I have to be hospitilized for days.
The case was simple. MacDonalds is subject to certain health code laws and has to act reasonably. It is not above the law. It broke the law, a woman was hospitilized for days with third degree burns. MacDonalds was held accountable. Nothing unjust about that.
Worse, MacDonalds excluded facts when leaking this story in order to lobby for tort law reforms so that it could act unreasonably and break the law while not having to pay for damages it caused.