Daniel Eran Dilger
Random header image... Refresh for more!

Ten Myths of Leopard: 9 Apple is Spying on Users!

Art Graphics.007
Daniel Eran Dilger
Myth 9 in the Ten Myths of Leopard.

Ten Myths of Leopard: 1 Graphics Must Be Slow!
Ten Myths of Leopard: 2 It’s Only a Service Pack!
Ten Myths of Leopard: 3 Nothing New for Developers!
Ten Myths of Leopard: 4 Java 6 Abandonment!
Ten Myths of Leopard: 5 “Back To My Mac” Security Panic!
Ten Myths of Leopard: 6 Time Machine Eats Hard Drives!
Ten Myths of Leopard: 7 Premature Death for Existing Macs!
Ten Myths of Leopard: 8 No Hidden New Features!
Ten Myths of Leopard: 9 Apple is Spying on Users!

Ten Myths of Apple iPhone
Ten Myths of the Apple TV

Myth 9: Leopard Phones Home on Users At Login. The Empowerment, a blog curiously subtitled with the line “empower thyself, empower humanity beta,” reported that Mac OS X Leopard phones home to Apple on login, which it called “potentially suspicious behavior” and associated with a Big Brother is Watching You graphic.

“What is going on exactly? Why is Apple contacting itself? Can anyone with more expertise in traffic analysis tell us what is being sent through HTTPS?” asked the article. It was subsequently posted on Digg, where it was highly rated by its users. The blog assumed the worse, and jumped to the conclusion that Leopard had been “caught in the act of apparently breaching user privacy.”

The initial poster replying to the article on Digg joked, “Ironically, Digg is spying on my browsing behavior to infer if I actually read the story or not. I want to see someone traffic analyze the transmissions. If they are HTTPS, they probably contain something worth encrypting, which could be personal information.”

In yet another case of being unintentionally funny, “Bofhcabbit,” the Digg user who initially posted the blog entry, responded, “Yeah, I think it’s the fact that it’s transmitting encrypted data that makes me worry most of all.” Are Apple’s actions worrisome? Consider some context.

Windows Spyware.
Windows users are familiar with their operating system phoning home. Microsoft has used its “Windows Genuine Advantage” to send unknown data back to the company at regular intervals, initially every day. After consumer advocacy groups complained and described the system as spyware, Microsoft announced plans to only have the system phone home every two weeks.

Microsoft’s WGA Failure Earns Zoon Nomination

Microsoft has also long installed Amazon’s Alexa reporting plugin for Internet Explorer, which leading malware cleanup tools identify as spyware. Alexa reports the websites a user visits to Amazon, which then compiles statistics and rates websites traffic. Apple does not bundle Alexa or other spyware into Mac OS X, so Mac-related websites are frequently underreported by Alexa.

There is also an independent malware industry that seeks to find ways to break into users’ PCs to steal their data or collect marketing information in various ways, but Microsoft can’t be blamed for third party attacks. Except, of course, in the case of Claria, formerly known as Gator, one of the most notorious and insidious spyware programs to infect users.

Microsoft’s Windows AntiSpyware initially recognized as Claria’s products as malware and recommended users quarantine them. But Microsoft entered into talks to buy Claria in 2005 to expand its control in both the spyware and the anti-spyware business, and Microsoft’s tools now recommended that users simply ignore the spyware.

Microsoft Downgrades Claria Adware Detections – eWeek

Apple’s “Especially Wicked Tricks.”
The accusations flying over Leopard insist the Apple is now spying on users in the same manner as Microsoft: unauthorized, unstoppable, and unknown reports from Leopard are apparently being sent to Apple’s headquarters, and are safely encrypted, leaving bloggers to worry that neither they nor anyone else can intercept the data and audit it. This isn’t the first time Apple has been accused of violating user’s privacy.

Peter Eckersley, a “staff technologist” of the Electronic Freedom Foundation, reported in May that Apple might be copying nefarious amounts of user’s own personal data into their own iTunes Plus files, which he postulated to be a privacy problem.

Apple’s DRM-Free AAC Files Contain More Than Just Names and Email Addresses | Electronic Frontier Foundation

Shortly afterward, Eckersley’s colleague Fred von Lohmann–a senior staff attorney of the EFF–wrote, “Apple is among the worst offenders when it comes to messing around with stuff you’ve already paid for. But iTunes 7.2 is likely to be remembered for the especially wicked tricks it plays on iTunes customers.”

Von Lohmann thought iTunes could no longer burn and re-rip music after reading about it in a blog. He was wrong, because the blogger he believed was also mistaken. However, von Lohmann did not correct his posting accusing Apple of “removing the feature” from iTunes; he also cited Eckersley’s “previous revelations” as proof Apple could not be trusted. Apparently, in his legal opinion libel is excused by unsubstantiated accusations.

Convert to MP3 BEFORE Upgrading to iTunes 7.2! – Electronic Frontier Foundation

However, Eckersley himself later admitted his own “hypotheses turn out to be false” in the case of accusing Apple of stuffing tracks with users’ personal data. His original post was not corrected either, and the EFF never apologized for any of its erroneous, sensationalized coverage of issues it did not verify prior to publishing. This is too bad, because the noble efforts and mission of the EFF are damaged when ignorant accusations are thrown about by loose cannons like Eckersley and von Lohmann, trying to emulate the “shoot first, ask later” smear tactics of Greenpeace.

An Update on the Innards of iTunes Plus Files – Electronic Frontier Foundation
Greenpeace Lies About Apple

That’s three false accusations from the EFF against Apple in a matter of weeks, all later dismissed but never corrected. Perhaps the ineffectiveness of “trial by blog” is an example of the reason why our ancestors devised both a legal system that puts the burden of proof upon the accusers, and an institution of journalism that holds reporters and publishers accountable for the news they report. Unfortunately, the EFF is being as dismissive and casual about its witch hunt accusations and its reporting ethics as the government it hopes to police. How depressing.

Peter Eckersley and Fred von Lohmann both get a Zoon for their efforts.

Art Graphics.008

That’s Not A Bug, It’s a Feature.
It turns out that the Empowerment blog was as misguided as the EFF. In neither case did the accuser have any proof that anything wrong was actually happening before the hypothetical trial in absentia began, with hastily written public relations announcements serving as discovery.

In the case of Leopard’s “phone home” worries, this only happens after a user activates the Back To My Mac service. That feature relays the services users want to access externally to Apple’s .Mac system so that the user can connect to them from other sources. Rather than “spying on users,” Leopard is doing exactly what the user told it to do.

Leopard does not attempt to connect or relay any information when the feature is not turned on, which is the default setting. So Leopard does not do any unauthorized, unstoppable, and unknown reporting, at least nothing we know about.

And when we do run into “potentially suspicious behavior,” we should keep in mind that everything is “potentially suspicious behavior,” and that unless we want to live in 24 hour panic about nothing, we have to be selective in what we go nuts about. That requires collecting real information and checking facts before publishing imagined accusations.

What do you think? I really like to hear from readers. Comment in the Forum or email me with your ideas.

Like reading RoughlyDrafted? Share articles with your friends, link from your blog, and subscribe to my podcast! Submit to Reddit or Slashdot, or consider making a small donation supporting this site. Thanks!

Technorati Tags: , , , , , ,

  • gus2000

    allow $realization[sad]? (Y/n)

    I’ve seen quite a bit of arm-flailing about the disabled OSX firewall, too. Only people who believe that there are legions of tiny little apps buried in their software would think such a firewall was necessary.

    I feel a lolcats coming on: “IM IN UR KURNUL, STEELIN UR SEEKRETS.”

  • lightstab

    But to be fair to Digg, Dan, I did notice that lots of people attributed the call out to the “Back to My Mac” feature. The Digg people aren’t as bone-headed as many people think, and just to even things out, there was also a big stink about an auto-update function in Vista for, what else, the auto-update software in Vista, which Microsoft later confirmed as being innocuous.

  • Tilneys

    Digg is the all time premier tool for communicating rubbish to the ignorant and gullible…

  • lmasanti

    “And when we do run into “potentially suspicious behavior,”…”

    What about signing with at least a yellow-attention flag the EFF foundation… for “potentially suspicious behavior,”
    (Greenpeace: flag it red)

  • gus2000

    It looks like like Empowered has issued a “mea-sorta”:

    “UPDATE: It appears from Digg comments that verbose booting shows this is Back To My Mac communications and that machines without any .Mac preferences don’t send anything. Mystery mostly solved, although we still don’t know for sure what’s in the HTTPS packets. Additionally: Chris Holland points out there’s a chance this might be NAT-PMP traffic. The moral of the story is guard your COMSEC well with tools like Little Snitch. ”

    That’s funny, I thought the moral of the story was “don’t believe everything you read”.

  • http://www.roughlydrafted.com danieleran

    It’s interesting that Digg still hasn’t flagged the article as “may be inaccurate,” and it’s still on the front page.

  • Pingback: Ten Myths of Leopard: 10 Leopard is a Vista Knockoff! — RoughlyDrafted Magazine()

  • avocade

    This is the kind of writing I hope will continue to be the cornerstone of RDM. Good job.

  • boon

    Schneier recently posted that MS has included Dual_EC-DRBG in Vista.


  • Pingback: The New Apple Patent: WGA Evil or iPhone Knievel? — RoughlyDrafted Magazine()

  • Pingback: Google’s Android Market Guarantees Problems for Users — RoughlyDrafted Magazine()