Yosemite, Spotlight, and Privacy

Russell Brandom, writing for The Verge, responding to a mostly-wrong piece in The Washington Post on Yosemite Spotlight and privacy:

But on closer inspection, many of the claims are less damning than they seem. There’s already a public privacy policy for the new feature, as well as a more technical look at the protections in the most recent iOS security report. That document breaks down five different kinds of information transmitted in a search: the approximate location, the device type, the client app (either Spotlight or Safari), the device’s language settings and the previous three apps called up by the user. More importantly, all that information is grouped under an ephemeral session ID which automatically resets every 15 minutes, making it extremely difficult to trace a string of searches back to a specific user. That also makes the data significantly less useful to marketers, since it can’t track behavior over any meaningful length of time. And most importantly, the data is transmitted over an HTTPS connection, so it can’t be intercepted in transit.

I’m not sure how anyone would think these suggestions would work if information weren’t being sent back to Apple. The only thing Apple could do differently is make this another one of the you-have-to-explicitly-opt-in stages when you first upgrade to Yosemite or create an account on a new Mac. But there are a lot of those on-boarding screens already — to Apple’s credit! — and in this case, even if you are using the feature, Apple has seemingly gone out of their way to protect your privacy.

Monday, 20 October 2014