Which SSL Reviews

HTTPS

Apple’s Yosemite and Privacy- There is a Good Connection

October 21, 2014 | By Editor 

Summary

During the early hours of October 20th, an unexpected security concern in Apple’s new Yosemite OS was called on by leading U.S. daily, The Washington Post.The addition of a new Suggestions feature to the Yosemite OS, which directs to external websites relevant to a keyed search term, was the cause of anxiety.The new feature was added by Apple’s Spotlight feature that was previously used in indexing material on a user’s hard drive.This means that search terms should be sent back to Apple with loads of additional information, including location data.

HTTPS

Yosemite and Privacy

But when looked closely, most of the claims are of less concern. Apple has already got a privacy policy for the new feature, and other technical specifications according to the iOS security report. The report breaks down the information into five different kinds transmitted in a search:

  • Approximate location
  • Device type
  • Client Application (either Spotlight or Safari)
  • Language settings of the mobile
  • The previous three applications called by the user

The most important thing here is that all the information is grouped under a brief session ID that auto resets every 15 minutes, making it very difficult to trace a specific user. Since a string of searches will not yield desired results, privacy issue with Yosemite OS is not really a concern.

This also makes data significantly less important to marketers, since it cannot track the behavior of an user over any meaningful time length. More importantly, intercepting data is impossible, since it is being transmitted over an HTTPS connection.

The only concern is that users might inadvertently search their own system for an important file unwittingly revealing the specific search term to Apple more broadly.
But with the new feature there would not be anything of this sort other than a tie to the ephemeral ID. Also, concerned users can easily disable the Suggestions feature, effectively disabling any attack.

Update from Apple

  • In the late hours of October 20th, Apple further detailed how the Spotlight Suggestions work behind the scenes. The tech giant has said it has taken steps to blur location on its devices, use temporary session identifiers, and let users opt out of the Suggestions feature completely.
  • Committed to safeguarding its users’ security and privacy, Apple has built privacy right into its products. With Spotlight Suggestions, the firm minimizes the amount of data sent to it. Further, Apple does not retain the IP addresses from users’ devices.
  • The Spotlight Suggestions blurs the user location on the device and does not use a persistent identifier. The former never sends a user’s location Apple while the latter does not allow Apple to create a user’s search history. Apple devices make use of a temporary unknown session ID for 15 minutes before discarding the ephemeral ID.

Apple is also working closely with Microsoft to safeguard its users’ privacy

The company forwards only the most commonly searched terms and city-level location details to Microsoft-owned search engine Bing. Microsoft doesn’t receive users’ IP addresses or store search queries. Users can also opt out of Spotlight Suggestions, Location Services for Spotlight, or Bing whenever they want.

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory