When it comes to talking about privacy and security, technology companies are not well regarded, in general. We spent the last year and a half seeing several mentions of them in the international and Brazilian press, involving, for example, research schemes, backdoors to capture user data directly from data centers Americans, and even spying on politicians' email boxes by American officials.
In general, it is always very easy to point out flaws in others' grass. But information security professionals eventually believe and create opportunities to educate users, disseminate knowledge and make room for contributions on what can be done to lead to better computing services and experiences. Apple is a company that has made a huge public effort to present itself with respect for the privacy and security of its users, making improvements for this purpose in OS X El Capitan and iOS 9.
But there are considerations to watch out for in your approach, as well as that of any other company. The motivation for this first article came from a last indication from our reader Virgil Hawkins: Lendon Fuller, active contributor on projects for Apple platforms and Unix / Linux, has been collaborating on GitHub for the project fix macosx, in order to alert users about privacy concerns raised by recent features built into OS X which in some cases also encompass iOS.
The coolest thing about what has been raised about this project so far is that controls over the discoveries made are within the reach of users. We will be able to talk about more news on this subject in the future, but a good starting point to talk about the basics.
Spotlight (and its suggestions)
Much of what has to be said about harmful user privacy functions in OS X / iOS involves Spotlight more precisely, the extra features that Apple incorporated into it from Yosemite and iOS 8, to get simple results from common day-to-day needs -day in the universal search interfaces. They are more effective in the United States than here: they serve to access sports scores, weather, news, Wikipedia articles, news and Bing searches.
Some remote things are even available to us, such as unit conversions (in the case of the exchange, they are updated periodically), but most are really local content. In countries where the Spotlight online search works effectively, the terms entered by the user and the suggested suggestions are sent to Apple; for common searches, the same terms you enter also go to Bing.
In both cases, the operation of these search engines is provided for in the explanatory text of the Spotlight suggestions (accessible in the “About” button within the Spotlight item, in the System Preferences) and also in the Apple privacy policy, available on its website . Both she and Microsoft are not in a position to store these terms in any way: even sensitive information that may be exposed to submission for queries, such as their geographic location, does not correlate with their exact IP address or Apple ID; therefore, they cannot be used to identify you.
If you are not comfortable keeping Spotlight suggestions and Bing search enabled on the feature, you can disable them. Fix macosx currently offers a Python script that does both on Macs. But it is much easier to do this from the System Preferences, within the Spotlight item.
In the list of categories that you want to have results in the search of OS X, deselect the options referring to Bing and s Suggestions; finally, also uncheck the box to enable them in the search field and in the resource Look up (when selecting text with a touch of three fingers on the trackpad or via Force Touch on compatible models).
As a Safari user, you also need to do the same in the browser preferences accessible via the menu Safari Preferences: within the “Search” tab, uncheck the suggestion options for the selected search provider (which may be other than Bing) and for the browser itself, in the area for the smart search field.
On iOS, control of Spotlight suggestions and Bing search when searching for content on your device is at your fingertips on any iPhone, iPad or iPod touch. Just go on General Spotlight Settings to take what you want.
The same is available for Safari: in Settings, choose the option “Safari” and you will be able to control the suggestion options for the search provider and for the URL field of the browser, right in the first options of the screen.
Data collect
Another important point regarding the collection of information on Apple products is in the diagnostic data, use and sharing with developers, where we have the controls over automatically sending to the company in the configuration of every new product. In OS X, it is very easy to map where these events are recorded: normally they are log written by applications and system services in case of events that require attention or investigation a common example of this would be software failures, but a lot recorded on the state of services and components on your machine (without compromising storage or performance, of course).
The macosx fix project has a page on GitHub dedicated to detailing the types of information raised in the system events. He has also published information about files of this nature that are periodically sent to Apple over the past few months.
Unfortunately, it is not possible to have the same visibility iGadgets, but each diagnostic file on your iOS device can be found within Privacy Settings Diagnostics and Usage Diagnostics and Usage Data. Basically only logs, but without any personal information capable of identifying them. In the previous screen, you can control whether they can be sent to Apple automatically or not.
Regarding third-party applications that can be installed on your mobile devices, Apple offers several functions for developers on iTunes Connect powered by logs captured, in order to provide relevant information on audience and problems faced by users. Sharing these logs It is also anonymous and can be controlled by the user within the “Diagnostics and Use” area, where Apple highlights its right to choose in the privacy policy.
"And the, Siri"
Last week, Apple also brought a new addition to the iPhones 6s and 6s Plus with a direct impact on its public commitment to user privacy. Using a moving coprocessor integrated with the new A9 processor, the new devices can capture voice in real time with low power consumption, which is being used in iOS 9 so that the “E a Siri” voice command works without the need for the gadget is connected to power.
To accommodate the use of this appropriately, Apple clarified to the TechCrunch what has changed in the wizard's configuration. Obviously, nothing is recorded and sent to the company until the command is made by the user; in addition, as we said, a voice recognition test will be used to configure it according to the device’s owner, on iOS 9, which in addition to preventing it from being triggered by accident, allows local learning with traces of your voice .
From there, things work as they always have in Siri's case: by “calling her”, she responds to your requests by making inquiries on Apple servers, but even so, the company's policy describes this type of call as a command sent with an anonymous identifier without a link with users' personal information. Ultimately, Siri can be disabled and all of your local learning is also wiped off the iPhone.
