
Disable sharing of Spotlight searches with Apple - teacup50
https://fix-macosx.com
======
etjossem
For those interested, here's the specific language Apple offers to explain
what Spotlight is doing. I didn't see it elsewhere so I figured I'd post it.
From the Spotlight preferences pane:

"When you use Spotlight, your search queries, the Spotlight Suggestions you
select, and related usage data will be sent to Apple. Search results found on
your Mac will not be sent. If you have Location Services on your Mac turned
on, when you make a search query to Spotlight the location of your Mac at that
time will be sent to Apple. Searches for common words and phrases will be
forwarded from Apple to Microsoft's Bing search engine. These searches are not
stored by Microsoft. Location, search queries, and usage information sent to
Apple will be used by Apple only to make Spotlight Suggestions more relevant
and to improve other Apple products and services."

"If you do not want your Spotlight search queries and Spotlight Suggestions
usage data sent to Apple, you can turn off Spotlight Suggestions. Simply
deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches
in the Search Results tab in the Spotlight preference pane found within System
Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web
Searches, Spotlight will search the contents of only your Mac."

"You can turn off Location Services for Spotlight Suggestions in the Privacy
pane of System Preferences on your Mac by clicking on “Details” next to System
Services and then deselecting “Spotlight Suggestions”. If you turn off
Location Services on your Mac, your precise location will not be sent to
Apple. To deliver relevant search suggestions, Apple may use the IP address of
your Internet connection to approximate your location by matching it to a
geographic region."

"Information collected by Apple will be treated in accordance with Apple’s
Privacy Policy, which can be found at www.apple.com/privacy."

~~~
kingnight
Could this be considered overthinking it?

A domain, a python script, to effectively achieve tapping a couple toggles in
sys prefs? And this is quite difficult for the average non terminal using
person.

> This site _criticizes_ Apple for certain privacy-invading features of Mac OS
> X and teaches users how to fix them. So, obviously, the site is not approved
> by Apple.

Snark!

~~~
ljfuller
Howdy. Author here. By way of introduction, I'm also the author of
PLCrashReporter
([https://www.plcrashreporter.org/](https://www.plcrashreporter.org/)), ported
Java 6 to Mac OS X (a.k.a Soylatte), and -- this might lower some folk's
estimation of me here -- started the MacPorts project almost 15 years ago at
Apple, along with co-workers Jordan Hubbard and Kevin Van Vechten.

That slightly snarky disclaimer you quoted actually has a serious backstory;
the language came from [https://fixubuntu.com](https://fixubuntu.com) (whose
AGPL code was used here), and it was added after Ubuntu sent a legal demand
that "Ubuntu" be removed from the fixubuntu domain name and website:

[http://arstechnica.com/information-
technology/2013/11/canoni...](http://arstechnica.com/information-
technology/2013/11/canonical-abused-trademark-law-to-target-a-site-critical-
of-ubuntu-privacy/)

I actually toned down the snark -- just slightly -- from the original
disclaimer.

It's remarkably easy to miss Spotlight's privacy disclosure in Yosemite -- the
instant you start typing in the Spotlight search box, the disclosure
disappears, and seemingly stays gone. There's no single "local search only"
toggle, and you have to cross-reference the documentation provided in System
Preferences against the list of "Search Results" to figure out which of the
options actually sends your queries to Apple.

I wanted something simple, that I knew worked, and I could just tell family to
run themselves, so I put this together. It's a convenient way to apply the
settings, a jumping-off point for a more involved effort to resolve some of
the _other_ remaining privacy issues on Yosemite, and a handy way to get the
privacy message across.

If you're interested in chipping in on the OS X privacy front, there's a lot
more to look at than just Spotlight; my next goal is to get
[https://github.com/fix-macosx/sslsplit](https://github.com/fix-
macosx/sslsplit) transparently capturing traffic in a Yosemite VM so that we
can start nailing down exactly what is being sent from the myriad of daemons
(and spotlight!) that are sending data outwards in a default configuration.

I'm very sympathetic to the "random internet code" issue, so I struck a
balance by:

1) Displaying the source inline in the page (of course, there's no guarantee
that it matches the downloaded code, but the goal here is to highlight the
important of knowing what you're running).

2) Making the actual script URL a clickable link, so that folks that don't
blindly execute curl scripts (myself included) can easily download the script
and examine it.

3) Used a variation of the usual pipe approach (curl -O … && ./…) so that
anyone downloading it would actually have a copy of what they just ran.

4) Serve the whole lot over TLS.

Cheers, Landon

~~~
kingnight
Hi,

Thank you for taking the time respond, and for your impressive body of work.

My knee-jerk reaction to everything about this site can definitely be
attributed to ignorance. Something worth considering, in my opinion, for the
goal of the project.

fix-osx: I didn't know it needed fixing (in the context of what this site
declares is wrong). I am open to being wrong, and that it would need fixing,
but my gut response is that it doesn't. It is not intended to attack/dispute
your messaging, but rather explain how it could be read by someone unfamiliar
with how it is indeed that way.

Expanding on that, I don't hold that OSX inherently betrays user privacy.
While this can be considered a privacy leak by ux design (it is, I agree),
it's not something that would lead me to the conclusion that the OS has no
privacy by design. I'll be looking more into this now, however.

Regarding the disclaimer... That backstory certainly validates the tone, but a
disclaimer for the disclaimer would be nice for the uninitiated :-

Best,

~~~
ljfuller
Thanks for the feedback; I committed a rephrasing of the trademark disclaimer
([https://github.com/fix-macosx/fix-macosx](https://github.com/fix-macosx/fix-
macosx)) and I'll push that out when I next have the chance.

Just to clarify, the submission's title of "No Privacy, by Design" doesn't
represent my own position; it's not a phrase that's used on fix-macosx.com.

------
mwfunk
I applaud them for publicizing the implications of the default privacy
settings for Spotlight, but hyperbolic titles like the one used here hurt
their credibility unnecessarily.

I know some people think that using hyperbole for effect is a thing. They tend
to be very young, smart people who are starting to realize what they're
capable of but are still trapped on the wrong side of the Dunning-Kruger
curve. The most common defense people give is that they assume the reader or
listener knows that the hyperbole shouldn't be taken literally, and that
they're really trying to convey how strongly they feel about their much more
reasonable actual opinion on the matter.

However, to me (and, I would hope, to most people), hyperbole in technical
discussions means that the person is either immature in a way that makes them
less credible, or that they are lying to me and assume I'm dumb enough to
believe them. Or it's clickbait, or all of the above.

I don't think the author(s) of this site are any of those things, but I also
know that Yosemite as a whole is not designed to take away 100% of your
privacy, which is what the title implies. This is also what turns me off about
a lot of FSF propaganda, and most politicians regardless of their beliefs.

~~~
dstein64
> I don't think the author(s) of this site are any of those things, but I also
> know that Yosemite as a whole is not designed to take away 100% of your
> privacy, which is what the title implies. This is also what turns me off
> about a lot of FSF propaganda, and most politicians regardless of their
> beliefs.

Are your referring to the title of the HN submission, "Mac OS X Yosemite – No
Privacy, by Design"? That text does not appear on the website. The website
refers to "parts of Mac OS X which are invasive to your privacy."

~~~
mwfunk
Yep. I could be wrong here, but I thought that HN had a policy where the
titles used are taken verbatim from the page being linked to, unless they're
so completely terrible that an alternative title is needed. If the HN title
doesn't come from the site, then my apologies to the authors for harping about
this.

~~~
pXMzR2A
>>> hyperbolic titles like the one used here hurt their credibility
unnecessarily.

>> That text does not appear on the website

> I could be wrong here

RTFA.

~~~
mwfunk
I'm sorry, but I don't want to live in a world where people shouldn't feel
welcome to admit when they're wrong. You are part of the problem, I hope that
makes you feel like a winner.

~~~
zaroth
Agreed, but I could do without the last two sentences.

------
gicmo
If you bring up the Spotlight search window it will even tell you:

"In addition to searching your Mac, Spotlight now shows suggestions from the
Internet, iTunes, App Store, locations nearby, and more. To make suggestions
more relevant to you, Spotlight includes your approximate location with search
requests to Apple. You can change this in Preferences. Learn more…"

Clicking on "Learn more" also tells you how to disable it. The python script
is neat but a bit exaggerated IMHO.

~~~
revelation
I actually clicked the learn more, and it took me to a help site that somehow
didn't exist. Failed to load.

Then I manually went into Spotlight settings, and was presented with a bunch
of checkboxes that offer _zero_ indication as to privacy implications. How am
I to magically tell that the "Movies" option won't send my query to some Apple
IMDB proxy?

Sorry, but this script is spot on. This should not be enabled by default, and
the privacy implications need to be spelt out in every single detail. It
should be a legal requirement, really.

~~~
eridius
> _[...] that offer_ zero _indication as to privacy implications_

There's a very prominent button labelled

> About Spotlight Suggestions & Privacy

on the Spotlight preferences window. If you're worried about the privacy of
your searches, you can click that, and you get a detailed description of
exactly what's going on, and how to disable it (to wit, uncheck "Spotlight
Suggestions" and "Bing Web Searches").

~~~
eropple
This is literally the first I've heard of this, and I upgraded yesterday. I
didn't see whatever warning supposedly appears on the first use of Spotlight
because--as I always do--I hit it and _started typing_.

The idea that having a button in the bowels of a preference menu is sufficient
is...I don't want to say "nuts", but I'm thinking it pretty hard. I'm not
happy. Not unhappy enough to subject myself to a Linux desktop, but Apple is
making it closer and closer with every release.

~~~
eridius
You immediately ran a spotlight query, despite Spotlight itself looking
radically different, being in a different place on the screen (floating in the
middle, instead of anchored to the upper-right), and didn't even notice the
message it tried to tell you? That's pretty impressive.

> _in the bowels of a preference menu_

This is not the first time you've resorted to hyperbole in order to try and
paint Apple in a bad light. It's not hidden anywhere. The moment you go to the
Spotlight preferences, you see it.

What's more, the first time you see a search result that came from the
internet, a) it should be obvious that means that your query must have gone to
the internet, and b) the very first place you'd go in order to disable this
behavior, the Spotlight Preferences Pane, is the same place that has this
prominent button that gives you a detailed explanation.

> _Not unhappy enough to subject myself to a Linux desktop, but Apple is
> making it closer and closer with every release._

It sounds to me like you're trying to invent reasons to hate Apple. This is a
widely-advertised major feature of the OS (it was even in the WWDC keynote
IIRC), with a very prominent warning explaining how Spotlight is different in
this version of the OS and making it very easy to find out how to disable this
behavior, with a very prominent button in preferences called "Privacy" that,
again, explains what's going on and how to disable it. And yet you're trying
to insinuate that Apple is trying to stealthily sneak in the behavior that
sends your queries to them, without letting the user know, as if that was
something they'd even want to do.

~~~
eropple
How is it sarcastically impressive that I hit cmd-space and typed "it" for
iTerm, like I do every time I start up my computer and have for the last two
years? How is it sarcastically impressive that I just start typing into
Spotlight, because I know that's what Spotlight is? And what makes you think
I've gone to Spotlight preferences since upgrading to Yosemite? I had my
preferences the way I wanted them, why would an OS upgrade make me psychically
_know_ to go there?

Going further, what makes you think I give a material shit about Apple's PR
materials? I don't read about OS X releases, I upgrade when they show up
because I trusted (past tense) Apple to do the right thing. Something you can
bypass without even acknowledging it is at best sneaky. If Apple thought this
was seriously all that and a bag of potato chips, an opt-in is _real_ easy.

Be better than defending this, man. It's dirty.

~~~
eridius
The functionality changed dramatically and extremely visibly. If you are
intent in completely ignoring the obvious changes, both to the aesthetics of
the functionality, and to the actual behavior, that's your prerogative. But
you can't turn around and claim Apple is behaving badly when you intentionally
blinded yourself to the _numerous_ ways that you could tell something is
different.

And besides all that, apparently _this issue doesn 't even affect you_. If you
launch Spotlight, type "it", and hit Return, in order to launch iTerm, to the
best of my knowledge, Spotlight won't have even sent your query to Apple. It
had a local application result to deliver, and you accepted it without waiting
for more results. From playing with it myself, and from watching patterns of
network traffic, it appears to me that it doesn't even initiate the search
unless it thinks you don't want the first result.

The only thing dirty here is your desire to publicly accuse Apple of bad
behavior when you blindly installed a brand new major OS upgrade without
reading anything about it, ignored the blatant message they gave you, ignored
every single visual cue about how the functionality you were using has been
radically changed, and then read on the internet that there was a possibility
that your search queries might be sent to Apple and freaked out.

~~~
eropple
The entire OS changed how it looked. Shifting Spotlight to be a window instead
of a dropdown doesn't imply a change in functionality. Do you stop and
frigging _gawk_ at every change in an OS?

And _I don 't know_ what they're not asking me to opt into sending. That's the
fucking problem. You can play with it all you want and fiddle with it however
you like to determine you're okay with it, that's fine. I am blanket _not
okay_ with remote services receiving local _anything_ by default. I got pissed
when Ubuntu did it, I'm pissed when Apple does it.

~~~
Bud
You know what kinda did "imply a change in functionality", though? This text
that you see, writ large, when you open Spotlight:

"In addition to searching your Mac, Spotlight now shows suggestions from the
Internet, iTunes, App Store, movie showtimes, locations nearby, and more. To
make suggestions more relevant to you, Spotlight includes your approximate
location with search requests to Apple."

Seems pretty clear to me. It also might be a subtle clue that you are getting
various kinds of search results from the Internet.

There's also very easy-to-understand hand-holding built right into the UI to
help you disable it, if you want to.

It's pretty obvious, for the non-obtuse at least, that if you extend the
functionality of a feature such that it searches the Internet, that means it's
going to _actually search the internet_ , which means sending your search
terms to external services.

~~~
eropple
But that's the thing: you don't see that text when you hit cmd-space and
immediately start typing, as somebody trained to use Spotlight is naturally
going to do. Therein lies the problem. It's not that they added the feature--
sure, go nuts. It's that they enabled an internet-facing feature without the
courtesy of something modal to ensure that a user who has been trained-- _by
them_ \--to just _go_ will understand the ramifications of what they chose to
do.

It's at best shitty UX and at worst dirty.

~~~
lotu
I just tested this out on my Mac. When I type comand space and then begin
typing text actually stays for about a second befor results are shown. This
gives you enought time to notice the text. If you then back space the text
will reappear. This really feels like apple is going the extra mile to make
sure that people understand what is going on.

Really what would you do with the UI to make this feature prominit enough to
the user?

~~~
eropple
Modal dialogue box with two buttons: Enable Internet Searching and Disable
Internet Searching. Make it a choice. Pretty simple.

------
mtrpcic
While fixing spotlight is a good idea (especially if you're opening it a lot
in public), please don't blindly execute code without reading it first. While
this code isn't malicious, running misc. third party code without reading it
first is a bad idea for everyone.

~~~
geographomics
There's always the danger of this attack, as well:
[http://thejh.net/misc/website-terminal-copy-
paste](http://thejh.net/misc/website-terminal-copy-paste)

~~~
hk__2
Here it’s even worse because you don’t see the content of the script you’re
executing.

~~~
jonknee
What do you mean? The content is the majority of the web page... You can copy
it from there, or if you're paranoid you can run:

    
    
      curl https://fix-macosx.com/fix-macosx.py
    

Before the suggested:

    
    
      curl -o https://fix-macosx.com/fix-macosx.py && /usr/bin/python fix-macosx.py
    

That said, at this stage just set the correct preferences. I had already done
that before seeing this script, it's pretty simple.

~~~
dmix
...This should just be the instructions:

    
    
      1) $ curl -o https://fix-macosx.com/fix-macosx.py
      1a) Review fix-macosx.py
      2) $ /usr/bin/python fix-macosx.py

------
comex
You could also just go into Spotlight settings yourself and uncheck "Bing Web
Searches" and "Spotlight Suggestions", rather than executing some random
script. The "About Spotlight Suggestions & Privacy" button even tells you what
to uncheck.

------
hayksaakian
Real Question:

Does anyone consider OS-native search that queries your local computer AND the
web to be useful?

As the default in ubuntu, it is actively confusing, and distracting. At least
from my point of view, if I'm searching for something using my OS search, that
means I want to find something ON MY computer. If I want to find something
online, I will look online (google, etc.).

The workflow from OS -> OS Search -> Browser -> Search is often slower than
Alt-tabbing to the browser that is already open, pressing Ctrl+T and typing
your query.

This approach of combined search might make sense on mobile, where cloud
storage is the norm, but on a personal computer, it is an insane default.

~~~
SoftwareMaven
It may be confusing to people today. It will be expected behavior by the next
generation. The real issue is what is "local" and what is "remote" is
blurring. We see it with things like Google Docs, where they are "my"
documents, and I want something like Spotlight to be able to search them, but
they aren't local.

What we have today is two problems: First, we are in the middle of the
transition. People are needing to learn new behaviors. That's always hard.
Second, it isn't seamless yet. While I haven't tried it, I highly doubt my
Google Docs would show up in the my Spotlight search. The fragmentation
increases confusion.

------
sksk
It took me a while to figure out what is being disabled in the code and why I
need to care. I care about privacy but I would like to understand what I am
giving up. If I understand it correctly, the code disables 'Spotlight
Suggestions' and 'Bing Websearches'. You can do it in the GUI easily. Just go
to System Preferences -> Spotlight -> Search Results tab (uncheck the above
2).

Bing Websearch is clear enough but it took me a while to figure out what
Spotlight Suggestion is. It looks like it gives you movie recommendations.

If there is more to the code, I would like to know what else I should disable.
Also, ideally would like to know what I am giving up by disabling them.

~~~
serve_yay
It's explained in the sidebar

------
Ricapar
The Python script is a bit unnecessary.

Go to System Preferences > Spotlight. Uncheck items you don't like to have
searched and displayed for you.

------
ebbv
Executing random scripts from the web is far, far worse than anything
Spotlight is doing.

Oi vey.

------
boynamedsue
"We believe in telling you up front exactly what’s going to happen to your
personal information and asking for your permission before you share it with
us." [1] -- Tim Cook, CEO Apple

[1] [http://www.apple.com/privacy/](http://www.apple.com/privacy/)

------
deadweight3
I have zero issue with this, and it's clearly labelled and explained. Of all
the breaches in my privacy, this isn't one I'm worried about. Google gets 100%
of my searches and email messages, so it's a question of who you trust.

~~~
GrantS
To each his own, but I just want to point out that your examples of web
searches and email require that SOME third party be involved because they are,
by definition, attempts to reach a computer somewhere else on the internet.

In contrast, searching the local files on one's own computer or launching
applications on one's own computer are private, local events that need not be
shared with any third party.

Inherently private stuff just happens to leak out into the world now because
Spotlight does web search too.

~~~
deadweight3
Everything you put on your computer should be assumed to be public the moment
you connect to the internet. With air gap jump technology starting to become
proven, you should assume that all digital content is public. To think
otherwise is hubris and stupidity all wrapped up with a tiny little bow. Every
company and government agency has been compromised to one degree or another,
and targeted attacks are 100% effective given even slight competence on the
part of the hacker. I've been around since before the modem, I've seen
everyone hacked.

Regardless, it doesn't matter. It's simply ignorant to bitch about this, when
the NSA literally intercepts all of this and exploits or introduces exploits
into the software you use. This is fact. Apple at it's worst will present you
an advertisement, big fucking whoop. Seriously, what is the risk? Annoyance?
The NSA can wrap you around a pole and make it appear you were snorting
12kilos of coke a day. I am quite literally baffled by the sentiment on HN
when I see people up in arms over convenience like this trumped up as if it
were in violation of your rights. They added a 'learn more' link and explain
what is going on. Yet the same people simply ignore the actual threat,
repeatedly. Cowards.

Keep fighting them windmills. Because the real enemy fights back.

~~~
csirac2
Is this where we are now? Patting Apple & friends on the back for sneaking in
just a little bit more data scrapage, because surely the only people who think
they have a choice are just idiots?

I'd rather be an idiot who gets angry about his TV phoning home to report
every DVD and .avi file I've played (in the clear, for no apparent reason:
there are no ads, recommendations or features of any kind on the set itself)
than a defeatist who equates the futility of circumventing state surveillance
with the futility of paying attention to one's outbound internet traffic.

I should have an active choice in how and who I expose my data. If LGe, Apple
and friends can't be bothered asking people if they actually want their habits
recorded, let alone bother to encrypt said data, expectations on storing,
securing and using that data aren't exactly high.

It's not an irrational thing to weight the risk of state surveillance
rummaging through my gmail to be a little less than some stupid home
computer/router/NAS "feature" exploding and blowing me wide open to identify
theft and financial fraud.

~~~
deadweight3
You do have a choice, thats why there is the ugly text with the learn more
link. They really went out of their way to ensure you were informed. Anything
less than acknowledgement stinks too much of either the tech cults, or
unfounded paranoia. The first icon presented is Safari, so if you don't read
and don't look at icons, then okay... But that's not Apples problem. If it's a
feature you don't want to use, don't use it, you can turn it off without a
python scripts. I tire of these stupid games.

Theft and financia fraud? Do you search for you account numbers and passwords
in spotlight???

~~~
csirac2
What prompted me to reply was when you said "Regardless, it doesn't matter.
It's simply ignorant to bitch about this, when the NSA literally intercepts
all of this and exploits or introduces exploits into the software you use".

When RealPlayer was grilled for bundling spyware which harvested the exact
same data, why did their excuses ("hey we mentioned this in the EULA, plus you
could've scrolled through the features and disabled it at install-time") not
create the same placated reactions Apple seems to be achieving here?

"Opt-out of some part of this avalanche of b.s. information-leaking features
serving little to zero actual benefit to the user" has always been a stupid,
sleazy trend to monetize the very basics of computing and whilst I respect
that most people don't give a damn and/or don't have the energy to give a
damn, it's a user-hostile design pattern.

------
atmosx
If someone wants a fine grained control of outgoing connection on OSX, I'd
propose to use LittleSnitch[1]. It's extremely stable, well made, worth it's
money IMHO. I've used since version 1.x upgrading happily on every version.

That said, it takes time and some Googling to make sure that every connection
initiated from your system is _legal_ but for security aware users is a very
interesting managing and reporting tool.

[1]
[http://www.obdev.at/products/littlesnitch/index.html](http://www.obdev.at/products/littlesnitch/index.html)

------
grey-area
An alternative method which doesn't involve running untrusted code:

1.Open System Preferences > Spotlight

2\. Uncheck Spotlight suggestions, Bing web searches and any other options
you're not interested in

------
mukmuk
I disabled both Spotlight Suggestions and Bing yet Spotlight -- via
SpotlightNetHelper -- still attempts to connect to api.smoot.apple.com:443 and
wu.apple.com:80.

Can anyone explain this?

~~~
pilsetnieks
Location services?

Edit: I think that you have to disable Location service for Spotlight
separately in Privacy settings.

~~~
mukmuk
Good thought, but I disabled that too. Edit: Twitter discussion regarding one
of these issues. Note that Spotlight is doing this despite all relevant
settings disabled (spotlight suggestions, bing, privacy, and logging).

[https://twitter.com/marczak/status/481818945318428673](https://twitter.com/marczak/status/481818945318428673)

~~~
pilsetnieks
wu.apple.com is an address associated with location service requests. If
you've disabled location for spotlight, it's possible that it was something
else requesting the location.

No idea about that smoot thing, though.

~~~
blantonl
A quick fix would be to add wu.apple.com to your hosts file with an address of
127.0.0.1 - not long term and certainly not an overall fix.

------
jhh
Cool, there are python bindings for some Apple APIs? I wasn't aware.

~~~
micampe
Pretty much all of them
[https://pythonhosted.org/pyobjc/](https://pythonhosted.org/pyobjc/)

------
click170
I strongly encourage anyone concerned about their privacy to start using a
firewall that filters (or at least monitors) outbound traffic by default. And
not just the packets, but the web requests.

You would very likely be alarmed by what your phone is doing and who it's
talking to without you knowing. iPhone or Android.

~~~
iamdave
Recommended tools? I've gotten by for a while on Little Snitch. Good enough
for a single user on a home network?

~~~
click170
I use a Sophos Home Edition UTM.

It's mostly Open Source with some proprietary bits sprinkled on top. It also
comes with AV software, though I won't speak to the efficacy of said AV
software.

I would like to build an equivalent fully-FOSS system, but haven't had time to
do that yet. It would of course need to be Ansibled (or equivalent).

------
ChuckMcM
There is a war on going in search. You can see it in Google's quarterly
results where this last quarter they spent nearly a billion dollars on paid
distribution (aka people they pay to send them searches that they can monetize
rather than people who just show up at Google.com or one of their properties).
It stuns me that Apple hasn't bitten the bullet and built a search engine yet
since they could make more on it than Google is paying them to send queries
there way but that is just Apple. But the spotlight 'net search' like Ubuntu's
Unity search box gives those folks something to sell to Google and Google is
buying. It is perhaps easier than building your own search engine but not as
profitable once you get above a few million queries a day.

~~~
eridius
Based on Apple's past history, they _do not want_ to sell your personal data.
That's Google's modus operandi, and common for other companies too, but Apple
has demonstrated time and time again that they are focused on the user.

To that end, there's 2 things going on here:

1\. Apple added functionality called Spotlight Suggestions, which pulls in
data from the internet, including things like iTunes and App Store results,
wikipedia results, movie showtimes, etc. It's basically a form of the
specialized search results you get in search engines (such as Google, Bing,
and, yes, even DuckDuckGo) where it tries to extract semantic meaning from
your query and give you the result inline. This is generally considered very
useful for search engines, and Apple decided they wanted Spotlight to have
this behavior.

I think this makes sense. Spotlight is basically Sherlock 2.0, so this finally
restores behavior that Sherlock (and Watson before it) had (although
Sherlock/Watson required you to explicitly search the various providers,
whereas Spotlight decides when to do the searches based on its own
interpretation of the query).

The privacy implication here is that searches used with Spotlight Suggestions
are sent to Apple, so they can improve Spotlight Suggestions. This is
something that web search engines already have, and is important for making
the functionality behave better. This data is not shared with anyone else,
sold, or monetized. And yes, I believe Apple when they say that.

Also to note, this is basically exactly what already happens with Siri. Your
Siri queries are sent to Apple (so they can actually be answered), and that
information is used to make Siri better.

2\. The second part of this is Bing Web Searches. It appears most queries
don't even go to Bing. I tried a random sampling of queries and never saw any
search results. The Privacy button states that "Searches for common words and
phrases will be forwarded from Apple to Microsoft's Bing search engine", which
makes it sound like Bing only even sees the search if Spotlight determines
that it can't handle this query with local data or Spotlight Suggestions.

Which is to say, this does not mean that Microsoft sees every search you do.
It seems they only see some searches, which are for "common words and
phrases". Also, according to this, "These searches are not stored by
Microsoft", which suggests that Apple's contract with Microsoft puts
restrictions on them regarding how they can use the search.

\---

Ultimately, Apple only cares about what makes the user experience better.
They're in the hardware business. That's where their money comes from. And
they're successful precisely because whenever they're given the choice between
something that might make more money, vs something that makes the user
experience better, they choose the latter every single time. And monetizing
searches does not make the user experience better.

~~~
eropple
Doing this without actually bothering to let people know in an up-front, opt-
in way _certainly_ doesn't make the user experience better. While there's some
conceivable value to the feature, turning it on _without even letting users
know_ is pretty bullshit and you're perturbing a lot of electrons in this
thread with your defense of a really shitty default behavior.

~~~
eridius
They _did_ let people know. You should really research this a bit before going
of half-cocked, accusing Apple of doing something shitty, and me of defending
this shitty behavior, when they're not actually doing the shitty thing you
think they're doing.

The first time you initiate Spotlight after installing Yosemite, it gives you
a very big message, explaining how Spotlight changed, explaining that it now
sends search queries to the internet, and providing a big "Learn More" link
that opens the built-in help document on the subject (I think it's
[https://help.apple.com/machelp/mac/10.10/index.html?localePa...](https://help.apple.com/machelp/mac/10.10/index.html?localePath=en.lproj#/mchl62db64f5),
which I found via the (?) button in the Spotlight Preference Pane, but since
I've already bypassed the warning I'm talking about I can't double-check).

Not only is the message very obvious and blatant, but Spotlight itself looks
radically different than it used to (among other things, it's now a floating
window in the center of the screen, instead of being attached to the
magnifying glass button in the upper-right), so the risk of someone thinking
it's exactly the same Spotlight as before is pretty low.

~~~
eropple
Before this article informed me of it, I saw no such message. Or rather, I
_saw_ it, but didn't read it because it disappeared as soon as you hit your
first keystroke in Spotlight. I'm not even always looking at the screen when I
trigger Spotlight and I don't go _reading the Spotlight popup_ for fun because
I know what it's supposed to do, and what it's supposed to do is a local
search without reporting my search terms to Apple. Changing what it's supposed
to do in an easily-dismissed way is exactly the shitty, sneaky thing you're
defending them for.

~~~
eridius
You admit you didn't even see the message, so you're engaging in pure
speculation as to how you think it behaved, and then criticizing Apple for it.

> _Changing what it 's supposed to do_

What it's _supposed to do_ is provide a good natural language search of any
and all information it has available to it. This is what millions of customers
use it for, and this is what Yosemite enhanced. Now it has more information
available to it. Just as I can ask Siri "what is planet of the apes?" and
she'll tell me about the movie, now I can ask Spotlight for "planet of the
apes" and learn about the movie. This is great! It's bringing functionality
from iOS back to the Mac, in a form that's generally easier to use (speaking
to Siri is not always convenient), and doing it in a way that seamlessly
integrates with the existing functionality.

~~~
eropple
Afterwards, I did see it. Because it does show up if you hit cmd-space and
then...you know...don't type. Which is insane, because of course I type as
soon as I hit cmd-space, that's why I hit cmd-space.

I don't use Siri, either. I don't own an iPhone. You're _more than welcome_ to
have whatever internet-enabled hurf and/or durf you want, what I'm saying is
that enabling it _by default_ in what is a low-friction, high-usage tool that
works on unconscious reflex is some real douchebaggery.

~~~
eridius
Insisting that Apple put scare dialogs in front of _millions_ of users before
doing something that is pretty darn safe is some real douchebaggery. Either it
scares users into declining a feature that they'd probably actually appreciate
having if they weren't required to click past a scary dialog, or it's one more
step towards training users to unconsciously approve dialogs warning them of
dangerous actions.

If you care so much about the possibility of a feature using the internet (as
opposed to what would _actually_ be a privacy violation, which is selling your
information or queries to third parties, instead of, ya know, just using it to
provide the functionality you're trying to use), then it's _your
responsibility_ to actually learn what this stuff is doing.

But you _admitted_ to installing a brand new major OS update without reading
_anything_ at all about it. It's not Apple's fault that you chose to be so
intentionally ignorant.

If you don't want the existing OS functionality to change, then don't install
major OS updates. If you install major OS updates, then expect functionality
to change. And the most cursory of searches would let you find out what's new
and updated in the OS. Perhaps you should read the list to find out if any
other functionality you use has been modified: [http://www.apple.com/osx/all-
features/](http://www.apple.com/osx/all-features/)

------
jdechko
I'm actually a little more curious about the specifics. What data is
transmitted? Because spotlight can search the web, so that's going to transmit
data to 3rd parties. Is the data associated with the user or is it anonymously
transmitted? Also, I can't remember because it's been so long since I
installed the beta, but is there an option during setup that asks for
permission to collect usage data as in iOS (which would be checked in a
default installation? If so, does that preference include this data?

------
Tehnix
First off, how on earth did people expect it not to contact the outside world,
when given Spotlight Suggestions or Bing Searches (both are pretty clearly
marked in sections, and it's also clear that neither are local)?

Second off, a common user wouldn't care for the "privacy loss" that this might
be for some of you. _That_ is why they made it opt-out instead of opt-in. If
it was opt-in, nearly no one would use it, because if it's useful, why wasn't
it enabled by default?

------
cheriot
"Verification is required.

Please click Billing Info to approve your billing information for use in the
iTunes Store. If you cancel you will not be able to buy until you have
approved your billing information."

For a FREE upgrade? I'm sure Apple has data showing that people with a credit
card on file are more likely to buy paid apps/songs/etc, but this is fucking
annoying.

~~~
NSCFType
One of the payment types is 'None'.

[http://i.imgur.com/oCqZf2b.png](http://i.imgur.com/oCqZf2b.png)

------
al2o3cr
Breaking news: searching on Google sends your query to a third-party server!
FILM AT 11!

~~~
userbinator
Yes, and most if not everyone who uses a computer understands that Google
searches the Internet. Spotlight was mainly for local search, so they would
not expect that their queries for _local_ files be sent outside of their
computer.

------
boynamedsue
It appears that you also need to uncheck "Include Spotlight Suggestions" in
Safari. It's in Safari/Preferences/Search and located in "Smart Field Search."

------
13throwaway
I noticed iOS 8 has been doing this too via api.smoot.apple.com

------
leepowers
Is there a way to undo? Let's say I run this script, but don't like the
results. How do I undo and revert to a previous system state?

~~~
nkozyra
Just modify these lines in the dict/list:

    
    
       {'enabled' : True, 'name' : 'MENU_WEBSEARCH'},
       {'enabled' : True, 'name' : 'MENU_SPOTLIGHT_SUGGESTIONS'},
    

And re-run.

------
enlightenedfool
The first time I clicked spotlight after upgrade to yosemite, I was clueless
what to do with the pop-up. closed, clicked spotlight several times until i
realized i need to start typing and then saw the cursor. something weird about
the whole UI changes. I prefer the old look and glossy icons. what's up with
flat everything. The first thing I did was disabling the web search in
spotlight.

------
0x0
It's missing a default value for "DEVELOPER" (whatever that is)

------
rockshassa
am i the only one wondering what MENU_OTHER is?

~~~
RKearney
It's for unknown filetypes that are matched by your search query which don't
fall under any of the other categories.

------
unknownBits
They will need to put a knife on my throat to buy that Apple sucking
nightmare. But, definitely a cool fix if you're unfortunate enough owning
one:)

------
Yadi
Ah this is an awesome fix! Haha thanks!

------
ahassan
What exactly does this enable/disable?

~~~
dewey
I suggest you read the section called "Why do we need this?" on the linked
page ;)

------
rch
Feels like Apple is the new Sony. No more MBPs for me.

------
digitalzombie
I use Alfred... [http://www.alfredapp.com/](http://www.alfredapp.com/)

------
jackmaney
This reminds me that I should really get around to figuring out how to disable
spotlight altogether. It can occasionally peg my CPU.

~~~
mwfunk
mdutil -a -i off

Or, 'man mdutil' if you would rather not type in commands suggested by random
people on the Internet. :)

