How to Stop Apple From Snooping on Your OS X Yosemite Searches

Apple's latest operating system OS X Yosemite pushes the limits of data collection tolerance: its desktop search tool Spotlight uploads your search terms in real time to Apple's remote servers, by default. Fortunately for Apple's angry users, however, this is one privacy invasion that's easy to cut short.
yosemite7
Christina Bonnington / WIRED

*Updated with a statement from Apple below.
*
Today's web users have grudgingly accepted that search terms they type into Google are far from private. But over the weekend, users of Apple's latest operating system discovered OS X Yosemite pushes the limits of data collection tolerance one step further: its desktop search tool Spotlight uploads your search terms in real time to Apple's remote servers, by default.

Fortunately for Apple's angry users, however, this is one privacy invasion that's easy to cut short.

Apple describes the new "feature" as an effort to include search results in Spotlight from iTunes, its App Store, and the Internet. If the user has enabled "Location Services" on his or her Mac, the computer's location will be siphoned up to Apple, too, "to make suggestions more relevant to you." And Apple notes on a Spotlight preferences description that the search terms will also be shared with Microsoft's Bing search engine, an even more surprising destination for queries that Mac users likely believed they were typing in the privacy of their own computer.

"This is a very disappointing move for Apple," said Runa Sandvik, a privacy-focused developer for the Freedom of the Press Foundation and a former developer for the anonymity software Tor. Why is this such a problem? She points to the hypothetical example of a journalist searching for sensitive files on his or her own computer, words which would then be shared with both Apple and Microsoft.

Sandvik notes that Apple doesn't collect the private results of those desktop searches, and that Microsoft receives only common search terms from Spotlight without any personally identifying information about users. But given that Yosemite's search-term-sucking setting is enabled by default, many users won't even be aware of it. "For Apple to automatically learn about your location and your search terms when you’re using your computer normally isn’t something a lot of people would approve of if they knew about it," Sandvik says.

A screenshot of the Spotlight settings. Turning off functions 19, 20 and 21 will prevent Spotlight search terms from being shared with Apple and Microsoft. Credit: Ashkan Soltani

Luckily, Yosemite's search-snooping can be switched off in seconds. In Mac OS X's System Preferences, the functions can be found under "Spotlight" and then "Search Results." From there you need to disable "Spotlight Suggestions," "Bookmarks and History," and "Bing Web Searches." If you use Safari you will then need to disable the same "Spotlight Suggestions" function in the browser (under "Preferences" and then "Search") to avoid having terms you type into its address bar shared with Apple by default too.

To make that privacy fix even simpler, developer Landon Fuller has written it into a simple Python script that he calls "Fix-MacOSX," which he's made available for download. "Mac OS X has always respected user privacy by default, and Mac OS X Yosemite should too," the site reads. "Since it doesn't, you can use the code to the left to disable the parts of Mac OS X which are invasive to your privacy." The script is only the first step in what Fuller describes as a continuing project to identify ways that Yosemite "phones home" to Apple and to plug those privacy leaks.

As easy as the fix for Apple's new Spotlight leaks may be, it's unlikely most people will change their default settings, says Sandvik. That could potentially make their search and location data available to marketers or even law enforcement. She contrasts Apple's aggressive new desktop data collection with its move to encrypt iOS devices so that even police with a warrant can't force Apple to unlock them---a change widely applauded by privacy advocates. "Apple is talking about encryption in iOS on the one hand, and then they make this move with OS X, to enable al this logging and tracking by default," she says. "It’s something not a lot of users are going to be aware of."

Update 10/21/2014 12:30: An Apple spokesperson has responded in a statement:

"We are absolutely committed to protecting our users' privacy and have built privacy right into our products. For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn't retain IP addresses from users’ devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn't use a persistent identifier, so a user's search history can't be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.

We also worked closely with Microsoft to protect our users' privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users' IP addresses.

You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight.”