Hacker News new | past | comments | ask | show | jobs | submit login
Disable sharing of Spotlight searches with Apple (fix-macosx.com)
244 points by teacup50 on Oct 17, 2014 | hide | past | favorite | 134 comments

For those interested, here's the specific language Apple offers to explain what Spotlight is doing. I didn't see it elsewhere so I figured I'd post it. From the Spotlight preferences pane:

"When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services."

"If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac."

"You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on “Details” next to System Services and then deselecting “Spotlight Suggestions”. If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region."

"Information collected by Apple will be treated in accordance with Apple’s Privacy Policy, which can be found at www.apple.com/privacy."

Could this be considered overthinking it?

A domain, a python script, to effectively achieve tapping a couple toggles in sys prefs? And this is quite difficult for the average non terminal using person.

> This site _criticizes_ Apple for certain privacy-invading features of Mac OS X and teaches users how to fix them. So, obviously, the site is not approved by Apple.


Not to mention that it encourages possibly not technically inclined users to execute random scripts from the internet, which should be a capital crime.

What like downloading a tarball over http? Watch your own binary/source traffic for a day, we are downloading random ass executable content all day long.

That's not something non technically inclined users do, nor should they.

Yes. One single annotated screenshot would have been simpler, more explicit in what it does, it wouldn't have trained users to execute random code from the internet, and at the same time taught them how to revert the changes.

Howdy. Author here. By way of introduction, I'm also the author of PLCrashReporter (https://www.plcrashreporter.org/), ported Java 6 to Mac OS X (a.k.a Soylatte), and -- this might lower some folk's estimation of me here -- started the MacPorts project almost 15 years ago at Apple, along with co-workers Jordan Hubbard and Kevin Van Vechten.

That slightly snarky disclaimer you quoted actually has a serious backstory; the language came from https://fixubuntu.com (whose AGPL code was used here), and it was added after Ubuntu sent a legal demand that "Ubuntu" be removed from the fixubuntu domain name and website:


I actually toned down the snark -- just slightly -- from the original disclaimer.

It's remarkably easy to miss Spotlight's privacy disclosure in Yosemite -- the instant you start typing in the Spotlight search box, the disclosure disappears, and seemingly stays gone. There's no single "local search only" toggle, and you have to cross-reference the documentation provided in System Preferences against the list of "Search Results" to figure out which of the options actually sends your queries to Apple.

I wanted something simple, that I knew worked, and I could just tell family to run themselves, so I put this together. It's a convenient way to apply the settings, a jumping-off point for a more involved effort to resolve some of the other remaining privacy issues on Yosemite, and a handy way to get the privacy message across.

If you're interested in chipping in on the OS X privacy front, there's a lot more to look at than just Spotlight; my next goal is to get https://github.com/fix-macosx/sslsplit transparently capturing traffic in a Yosemite VM so that we can start nailing down exactly what is being sent from the myriad of daemons (and spotlight!) that are sending data outwards in a default configuration.

I'm very sympathetic to the "random internet code" issue, so I struck a balance by:

1) Displaying the source inline in the page (of course, there's no guarantee that it matches the downloaded code, but the goal here is to highlight the important of knowing what you're running).

2) Making the actual script URL a clickable link, so that folks that don't blindly execute curl scripts (myself included) can easily download the script and examine it.

3) Used a variation of the usual pipe approach (curl -O … && ./…) so that anyone downloading it would actually have a copy of what they just ran.

4) Serve the whole lot over TLS.

Cheers, Landon


Thank you for taking the time respond, and for your impressive body of work.

My knee-jerk reaction to everything about this site can definitely be attributed to ignorance. Something worth considering, in my opinion, for the goal of the project.

fix-osx: I didn't know it needed fixing (in the context of what this site declares is wrong). I am open to being wrong, and that it would need fixing, but my gut response is that it doesn't. It is not intended to attack/dispute your messaging, but rather explain how it could be read by someone unfamiliar with how it is indeed that way.

Expanding on that, I don't hold that OSX inherently betrays user privacy. While this can be considered a privacy leak by ux design (it is, I agree), it's not something that would lead me to the conclusion that the OS has no privacy by design. I'll be looking more into this now, however.

Regarding the disclaimer... That backstory certainly validates the tone, but a disclaimer for the disclaimer would be nice for the uninitiated :-


Thanks for the feedback; I committed a rephrasing of the trademark disclaimer (https://github.com/fix-macosx/fix-macosx) and I'll push that out when I next have the chance.

Just to clarify, the submission's title of "No Privacy, by Design" doesn't represent my own position; it's not a phrase that's used on fix-macosx.com.

Hey, this is great. Thanks for your work. Site and code are easy to read and they do a great job. Thanks again.

So at first I was wondering why it was python. Then I saw that you could import Foundation and directly edit settings. Needless to say now I'm intrigued and kinda want to write an ansible plugin for this as I already use ansible to set this junk up as it is.

Thanks for the awareness!

The problem with telling people to run this for themselves, is now they have to trust both you and apple.

If you really want to educate people, why not also provide directions on how to do it via the UI? Are you trying to scare people?

The privacy disclosure and instructions are perpetually available in spotlight settings by pressing the giant button labelled 'About Spotlight Suggestions & Privacy', which is probably the largest button in the entire OS.

> 4) Serve the whole lot over TLS.

But your server is configured to allow SSLv3[0]

[0] https://www.ssllabs.com/ssltest/analyze.html?d=fix%2dmacosx....

If you're referring to the POODLE SSLv3 bug, it doesn't break authentication/key exchange or MAC, but instead, confidentiality of the symmetric encryption.

In other words (assuming an attacker can modify a sufficient amount of SSL traffic in transit), they could decrypt the python source code, but they can't insert new data without triggering a MAC validation failure on the client.


> transparently capturing traffic in a Yosemite VM so that we can start nailing down exactly what is being sent from the myriad of daemons

I'd love to see this.

I'm working on the necessary sslsplit support here: https://github.com/fix-macosx/sslsplit

I've just about wrapped up support for correlating connections with the local responsible program (see branch macosx-process-info); I also need to put some thought into how to handle non-TCP traffic.

I'll be posting Yosemite setup instructions later today; my plan is to collect a corpus of data from a default installation. One thing I could really use help with is providing a web-based visualization of that data.

So, the title, as well as being innuendo, is false - it's not 'by design' it is 'by default', and only for search terms.

I think it's fair enough to point out that these search terms are transmitted to Apple. It's also reasonable to complain that the option is hidden, and the terms and conditions where this is pointed out are glossed over.

This site, however, is counterproductive theater designed to look hackerish and scary, as well as to mislead users. It commits exactly the same error as Apple is accused of committing - it hides the fact that there is a simple UI to control this function, and that users should be educated to make the choice for themselves.

Whoever did this is making things worse.

I applaud them for publicizing the implications of the default privacy settings for Spotlight, but hyperbolic titles like the one used here hurt their credibility unnecessarily.

I know some people think that using hyperbole for effect is a thing. They tend to be very young, smart people who are starting to realize what they're capable of but are still trapped on the wrong side of the Dunning-Kruger curve. The most common defense people give is that they assume the reader or listener knows that the hyperbole shouldn't be taken literally, and that they're really trying to convey how strongly they feel about their much more reasonable actual opinion on the matter.

However, to me (and, I would hope, to most people), hyperbole in technical discussions means that the person is either immature in a way that makes them less credible, or that they are lying to me and assume I'm dumb enough to believe them. Or it's clickbait, or all of the above.

I don't think the author(s) of this site are any of those things, but I also know that Yosemite as a whole is not designed to take away 100% of your privacy, which is what the title implies. This is also what turns me off about a lot of FSF propaganda, and most politicians regardless of their beliefs.

> I don't think the author(s) of this site are any of those things, but I also know that Yosemite as a whole is not designed to take away 100% of your privacy, which is what the title implies. This is also what turns me off about a lot of FSF propaganda, and most politicians regardless of their beliefs.

Are your referring to the title of the HN submission, "Mac OS X Yosemite – No Privacy, by Design"? That text does not appear on the website. The website refers to "parts of Mac OS X which are invasive to your privacy."

Yep. I could be wrong here, but I thought that HN had a policy where the titles used are taken verbatim from the page being linked to, unless they're so completely terrible that an alternative title is needed. If the HN title doesn't come from the site, then my apologies to the authors for harping about this.

> I thought that HN had a policy where the titles used are taken verbatim from the page being linked to, unless they're so completely terrible that an alternative title is needed.

It seems that's the intent expressed in the HN Guidelines (https://news.ycombinator.com/newsguidelines.html):

"Please don't do things to make titles stand out, like using uppercase or exclamation points, or adding a parenthetical remark saying how great an article is. It's implicit in submitting something that you think it's important. ... Otherwise please use the original title, unless it is misleading or linkbait."

>>> hyperbolic titles like the one used here hurt their credibility unnecessarily.

>> That text does not appear on the website

> I could be wrong here


I'm sorry, but I don't want to live in a world where people shouldn't feel welcome to admit when they're wrong. You are part of the problem, I hope that makes you feel like a winner.

Agreed, but I could do without the last two sentences.

> I applaud them for publicizing the implications of the default privacy settings for Spotlight, but hyperbolic titles like the one used here hurt their credibility unnecessarily.

That particular title seems to be an editorial flourish on the part of the submitter -- that phrase does not appear on the actual site.

If you bring up the Spotlight search window it will even tell you:

"In addition to searching your Mac, Spotlight now shows suggestions from the Internet, iTunes, App Store, locations nearby, and more. To make suggestions more relevant to you, Spotlight includes your approximate location with search requests to Apple. You can change this in Preferences. Learn more…"

Clicking on "Learn more" also tells you how to disable it. The python script is neat but a bit exaggerated IMHO.

I actually clicked the learn more, and it took me to a help site that somehow didn't exist. Failed to load.

Then I manually went into Spotlight settings, and was presented with a bunch of checkboxes that offer zero indication as to privacy implications. How am I to magically tell that the "Movies" option won't send my query to some Apple IMDB proxy?

Sorry, but this script is spot on. This should not be enabled by default, and the privacy implications need to be spelt out in every single detail. It should be a legal requirement, really.

I see your point and I actually agree that it probably would be better if this was either opt in, or at least have the two settings on the initial spotlight window so that you can immediately disable them without going to the settings. Also giving 'privacy' info for each spotlight 'category' is indeed a good idea.

May point about the script was more that it also just disables the two things listed in the initial privacy info given by Apple, i.e. "MENU_WEBSEARCH" and "MENU_SPOTLIGHT_SUGGESTIONS" and having informative text with screenshots to which checkboxes to unselect on the website would have sufficed. At least you wouldn't be executing code from some random place on the internet.

> [...] that offer zero indication as to privacy implications

There's a very prominent button labelled

> About Spotlight Suggestions & Privacy

on the Spotlight preferences window. If you're worried about the privacy of your searches, you can click that, and you get a detailed description of exactly what's going on, and how to disable it (to wit, uncheck "Spotlight Suggestions" and "Bing Web Searches").

This is literally the first I've heard of this, and I upgraded yesterday. I didn't see whatever warning supposedly appears on the first use of Spotlight because--as I always do--I hit it and started typing.

The idea that having a button in the bowels of a preference menu is sufficient is...I don't want to say "nuts", but I'm thinking it pretty hard. I'm not happy. Not unhappy enough to subject myself to a Linux desktop, but Apple is making it closer and closer with every release.

You immediately ran a spotlight query, despite Spotlight itself looking radically different, being in a different place on the screen (floating in the middle, instead of anchored to the upper-right), and didn't even notice the message it tried to tell you? That's pretty impressive.

> in the bowels of a preference menu

This is not the first time you've resorted to hyperbole in order to try and paint Apple in a bad light. It's not hidden anywhere. The moment you go to the Spotlight preferences, you see it.

What's more, the first time you see a search result that came from the internet, a) it should be obvious that means that your query must have gone to the internet, and b) the very first place you'd go in order to disable this behavior, the Spotlight Preferences Pane, is the same place that has this prominent button that gives you a detailed explanation.

> Not unhappy enough to subject myself to a Linux desktop, but Apple is making it closer and closer with every release.

It sounds to me like you're trying to invent reasons to hate Apple. This is a widely-advertised major feature of the OS (it was even in the WWDC keynote IIRC), with a very prominent warning explaining how Spotlight is different in this version of the OS and making it very easy to find out how to disable this behavior, with a very prominent button in preferences called "Privacy" that, again, explains what's going on and how to disable it. And yet you're trying to insinuate that Apple is trying to stealthily sneak in the behavior that sends your queries to them, without letting the user know, as if that was something they'd even want to do.

How is it sarcastically impressive that I hit cmd-space and typed "it" for iTerm, like I do every time I start up my computer and have for the last two years? How is it sarcastically impressive that I just start typing into Spotlight, because I know that's what Spotlight is? And what makes you think I've gone to Spotlight preferences since upgrading to Yosemite? I had my preferences the way I wanted them, why would an OS upgrade make me psychically know to go there?

Going further, what makes you think I give a material shit about Apple's PR materials? I don't read about OS X releases, I upgrade when they show up because I trusted (past tense) Apple to do the right thing. Something you can bypass without even acknowledging it is at best sneaky. If Apple thought this was seriously all that and a bag of potato chips, an opt-in is real easy.

Be better than defending this, man. It's dirty.

The functionality changed dramatically and extremely visibly. If you are intent in completely ignoring the obvious changes, both to the aesthetics of the functionality, and to the actual behavior, that's your prerogative. But you can't turn around and claim Apple is behaving badly when you intentionally blinded yourself to the numerous ways that you could tell something is different.

And besides all that, apparently this issue doesn't even affect you. If you launch Spotlight, type "it", and hit Return, in order to launch iTerm, to the best of my knowledge, Spotlight won't have even sent your query to Apple. It had a local application result to deliver, and you accepted it without waiting for more results. From playing with it myself, and from watching patterns of network traffic, it appears to me that it doesn't even initiate the search unless it thinks you don't want the first result.

The only thing dirty here is your desire to publicly accuse Apple of bad behavior when you blindly installed a brand new major OS upgrade without reading anything about it, ignored the blatant message they gave you, ignored every single visual cue about how the functionality you were using has been radically changed, and then read on the internet that there was a possibility that your search queries might be sent to Apple and freaked out.

The entire OS changed how it looked. Shifting Spotlight to be a window instead of a dropdown doesn't imply a change in functionality. Do you stop and frigging gawk at every change in an OS?

And I don't know what they're not asking me to opt into sending. That's the fucking problem. You can play with it all you want and fiddle with it however you like to determine you're okay with it, that's fine. I am blanket not okay with remote services receiving local anything by default. I got pissed when Ubuntu did it, I'm pissed when Apple does it.

You know what kinda did "imply a change in functionality", though? This text that you see, writ large, when you open Spotlight:

"In addition to searching your Mac, Spotlight now shows suggestions from the Internet, iTunes, App Store, movie showtimes, locations nearby, and more. To make suggestions more relevant to you, Spotlight includes your approximate location with search requests to Apple."

Seems pretty clear to me. It also might be a subtle clue that you are getting various kinds of search results from the Internet.

There's also very easy-to-understand hand-holding built right into the UI to help you disable it, if you want to.

It's pretty obvious, for the non-obtuse at least, that if you extend the functionality of a feature such that it searches the Internet, that means it's going to actually search the internet, which means sending your search terms to external services.

But that's the thing: you don't see that text when you hit cmd-space and immediately start typing, as somebody trained to use Spotlight is naturally going to do. Therein lies the problem. It's not that they added the feature--sure, go nuts. It's that they enabled an internet-facing feature without the courtesy of something modal to ensure that a user who has been trained--by them--to just go will understand the ramifications of what they chose to do.

It's at best shitty UX and at worst dirty.

I just tested this out on my Mac. When I type comand space and then begin typing text actually stays for about a second befor results are shown. This gives you enought time to notice the text. If you then back space the text will reappear. This really feels like apple is going the extra mile to make sure that people understand what is going on.

Really what would you do with the UI to make this feature prominit enough to the user?

Modal dialogue box with two buttons: Enable Internet Searching and Disable Internet Searching. Make it a choice. Pretty simple.

Have you actually even looked at Spotlight? You seem to be claiming all they did was move it around on the screen. It pretty obviously changed a lot more than that. That should be especially obvious the first time you actually get a Spotlight Suggestions result.

> And I don't know [...] * That's the fucking problem*

Yes, that is the fucking problem. You're arguing very loudly about something you don't know anything about.

Dude. I'm well aware of what it's doing. I've since disabled it. That I had to disable it, rather than enable it, is my beef. An operating system upgrade should not start barfing things at their remote servers without making damn sure I know about it and okay it before they do it. Opt-in is cool, opt-out is not, and opt-out that relies on you not using the feature as it's designed to be used (cmd-space and type) is extra uncool. All they'd need to do is create a modal dialog with a yes or no response and there'd be absolutely no problem, none whatsoever, but instead they slid it into a low-friction workflow in which the primary action is unconscious after you've been using it for any length of time.

It was wrong when Ubuntu did it with the Amazon lens crap. It's wrong when Apple does it. They're not special.

power users just hit it and go.

Power users use Alfred or LaunchBar (or Quicksilver, IIRC that project was resurrected).

No power user ever uses spotlight to launch apps? Those are some awe-inspiring mental gymnastics you're doing to take Apple's side here.

A flippant response to a flippant response. But thanks for the hyperbole there.

Really, this thread just looks like a bunch of paranoid conspiracy nuts, thinking Apple is out to steal your searches. I get it, privacy is important. I don't disagree. But you're* acting like they installed a keylogger on your computer (in point of fact, someone on IRC accused Apple of making "something that sends all of their local query keystrokes to Apple", which is a pure fabrication).

* that's the plural "you", not you personally

You see it as conspiracy nuts, but I just see a bunch of people complaining that it's not explained well enough. I see no comment on motivation at all.

By the way, there's a perfectly good English word that means "plural you minus you personally," which is "they."

My argument is that it is explained well enough, but most people complaining in here haven't even looked at the feature beyond seeing the original article talking about how to disable it with scripting. For example, as near as I can tell, eropple doesn't use Spotlight for anything except as a quick app launcher, which is a usage that doesn't involve Spotlight Suggestions (and AFAICT doesn't even try to send any queries to Apple). And yet he's been extremely argumentative, making wild assumptions about what's going on and then publicly complaining about it. Anyone who doesn't even look at the feature hardly has any grounds to complain about what it does and doesn't do, since they don't even know what it does or doesn't do. And their lack of knowledge is entirely their fault.

> By the way, there's a perfectly good English word that means "plural you minus you personally," which is "they."

If I was talking to you personally, one-on-one, I'd use "they". I used "you" because I was speaking to the larger audience of the people involved in this thread.

How does the new Spotlight know whether or not you're using it as a quick app launcher without communicating back to the mothership? I would have thought that it would send every query and then display the result or not depending on what comes back. I don't see how you could reasonably do it otherwise, unless you want to block internet searches for any term that matches an app name.

From using it, when you start typing, it immediately shows the top local hit, but it doesn't expand to show results until you've stopped typing for a noticeable period of time. Note that if you type a long query slowly, you'll never see results, even though you've been typing for a while.

Based on the consistency of the delay, I assumed it was doing the quick local search for the top hit, and then deferring the more expensive searches (including internet-enabled searches) until it's decided that it's time to show the results window. So I tested it, sniffing http traffic, and while I didn't pinpoint which particular queries are sent by Spotlight, there was reliably a burst of HTTP traffic right before the results window was shown every time, and no noticeable HTTP traffic before then. This suggests that my assumption is correct, that it's not doing the internet-enabled search until it believes that the user is done typing.

Based on this, if you type your search and hit return immediately, then it won't have sent your query anywhere.

I don't even care, personally, what their motivation is. I care that they didn't ask before jamming it in there. I trusted Apple to not do invasive things as opt-in, I don't now.

Trust me if you are not on Linux already, you never will. There is no shame in selling you soul to apple. Just be honest about it.

While fixing spotlight is a good idea (especially if you're opening it a lot in public), please don't blindly execute code without reading it first. While this code isn't malicious, running misc. third party code without reading it first is a bad idea for everyone.

Especially when you can do the same thing by going into system preferences. What a click bait title that leads people to run a script.

There's always the danger of this attack, as well: http://thejh.net/misc/website-terminal-copy-paste

Here it’s even worse because you don’t see the content of the script you’re executing.

What do you mean? The content is the majority of the web page... You can copy it from there, or if you're paranoid you can run:

  curl https://fix-macosx.com/fix-macosx.py
Before the suggested:

  curl -o https://fix-macosx.com/fix-macosx.py && /usr/bin/python fix-macosx.py
That said, at this stage just set the correct preferences. I had already done that before seeing this script, it's pretty simple.

...This should just be the instructions:

  1) $ curl -o https://fix-macosx.com/fix-macosx.py
  1a) Review fix-macosx.py
  2) $ /usr/bin/python fix-macosx.py

Running miscellaneous second party code is also becoming increasingly problematic from a privacy standpoint...e.g. Windows 8 and Android [with Google services installed] also want to phone home.

It’s not “fixing” anything. It’s changing a preference people can have different opinions about.

It's the same security model as downloading a binary and running it.


The fact that most people could look at that code and have no real clue what it actually does seems to have escaped you. This is in any event not the entire source code, as most of the work is done by function calls which most people would not know how to validate.

If the potential user doesn't understand what the script does, they have no business running it in the first place, so it's a moot point.

Actually what is displayed is not necessarily the same as what would be executed if you ran that script. You are viewing one piece of code , you will be executing a different file. In fact, you can view the github code, and see the code displayed is embedded into index.html (with syntax highlighting).

If anyone is at all concerned with their privacy, they should never blindly run a script like that.

Copy the text displayed in the code block on the page, diff it against the fix-macos.py file in the curl link. It is character for character the same code. Why am I the only one not too lazy to do this?

Today it is, tomorrow? A month from now? When the original dev ignores the site, and someone hacks his pw, changes the code, what then?

I cannot seriously listen to anyone who "cares" about privacy, then asks their users to download and execute unknown code.

Is the link in the curl line binary, compiled, non-human-readable code? No? Then your argument has no merit. It's a plaintext python script. Download it, parse it, if it checks out, run it. If it doesn't check out or you don't understand it, don't. It doesn't matter if it's today, a month from now, or a year from now. If the code checks out, and you feel like it will help you, run it. Or don't, and no one will care.

Or are you seriously going to tell me that you feel you can't trust a 75 line script you just fully vetted, but you can trust, say, the Linux kernel, despite the fact that you didn't manually parse the millions of lines of code in it? If that really is your argument, then I can only imagine that you stop on green and go on red out in the real world, because that's pretty damn fucked up.

No, I'm saying exactly what you are saying. Don't pipe to the shell from curl, download it first, then inspect it. Btw, I can trust a linux binary, because I can verify through checksums, posted on the download site and elsewhere that the binary matches what I expect it to be.

As well, OSX won't let me execute unsigned binary code from unknown developers, unless I manually overwrite it.

The pattern of piping a script from curl and executing it, isn't one I'd expect a site that claims to care about people's privacy to champion. This seems to be exactly what you are saying too.

Why didn't the site owner say, 'curl this script', inspect it, here is the md5 of what it should be, then execute it? Why the cuteness of the direct download and execute? That is my critique.

I think he means you should at least read the code on the other end of that URL to make sure it matches what's on the site.

That's just it: It does. Line for line, character for character (even space for space, which is important in Python). I wouldn't say what I did above without having diffed the file against the code displayed first.

I just don't get the mentality here sometimes; someone creates a helpful script, puts the source code on their site for you to read and study, and the first instinct is to assume they have malicious intent before even taking a few minutes to read over it first. Hell, I'm no programmer but I know enough about the basics to follow exactly what the code does. It took me all of five minutes to decide that it flips two switches and nothing more. That the programming gods here can't or won't do that is telling.

I get being paranoid about random scripts, but this one is on display for all to see before running. There is literally nothing hidden, yet you all act as if the author is trying to secretly take over your machines. It would be funny if it wasn't so pathetic.

Plus you should read what's downloaded to your machine before executing it, since there's also no guarantee that what's been served to your browser will be served to your curl.

You could also just go into Spotlight settings yourself and uncheck "Bing Web Searches" and "Spotlight Suggestions", rather than executing some random script. The "About Spotlight Suggestions & Privacy" button even tells you what to uncheck.

Real Question:

Does anyone consider OS-native search that queries your local computer AND the web to be useful?

As the default in ubuntu, it is actively confusing, and distracting. At least from my point of view, if I'm searching for something using my OS search, that means I want to find something ON MY computer. If I want to find something online, I will look online (google, etc.).

The workflow from OS -> OS Search -> Browser -> Search is often slower than Alt-tabbing to the browser that is already open, pressing Ctrl+T and typing your query.

This approach of combined search might make sense on mobile, where cloud storage is the norm, but on a personal computer, it is an insane default.

It may be confusing to people today. It will be expected behavior by the next generation. The real issue is what is "local" and what is "remote" is blurring. We see it with things like Google Docs, where they are "my" documents, and I want something like Spotlight to be able to search them, but they aren't local.

What we have today is two problems: First, we are in the middle of the transition. People are needing to learn new behaviors. That's always hard. Second, it isn't seamless yet. While I haven't tried it, I highly doubt my Google Docs would show up in the my Spotlight search. The fragmentation increases confusion.

I certainly maintain a distinction between the two, and definitely never want queries for local files to leave the machine as they can contain sensitive information. Apple mentions that the local results of queries won't be sent, but the query itself will.

It took me a while to figure out what is being disabled in the code and why I need to care. I care about privacy but I would like to understand what I am giving up. If I understand it correctly, the code disables 'Spotlight Suggestions' and 'Bing Websearches'. You can do it in the GUI easily. Just go to System Preferences -> Spotlight -> Search Results tab (uncheck the above 2).

Bing Websearch is clear enough but it took me a while to figure out what Spotlight Suggestion is. It looks like it gives you movie recommendations.

If there is more to the code, I would like to know what else I should disable. Also, ideally would like to know what I am giving up by disabling them.

It's explained in the sidebar

The Python script is a bit unnecessary.

Go to System Preferences > Spotlight. Uncheck items you don't like to have searched and displayed for you.

Executing random scripts from the web is far, far worse than anything Spotlight is doing.

Oi vey.

"We believe in telling you up front exactly what’s going to happen to your personal information and asking for your permission before you share it with us." [1] -- Tim Cook, CEO Apple

[1] http://www.apple.com/privacy/

I have zero issue with this, and it's clearly labelled and explained. Of all the breaches in my privacy, this isn't one I'm worried about. Google gets 100% of my searches and email messages, so it's a question of who you trust.

To each his own, but I just want to point out that your examples of web searches and email require that SOME third party be involved because they are, by definition, attempts to reach a computer somewhere else on the internet.

In contrast, searching the local files on one's own computer or launching applications on one's own computer are private, local events that need not be shared with any third party.

Inherently private stuff just happens to leak out into the world now because Spotlight does web search too.

Everything you put on your computer should be assumed to be public the moment you connect to the internet. With air gap jump technology starting to become proven, you should assume that all digital content is public. To think otherwise is hubris and stupidity all wrapped up with a tiny little bow. Every company and government agency has been compromised to one degree or another, and targeted attacks are 100% effective given even slight competence on the part of the hacker. I've been around since before the modem, I've seen everyone hacked.

Regardless, it doesn't matter. It's simply ignorant to bitch about this, when the NSA literally intercepts all of this and exploits or introduces exploits into the software you use. This is fact. Apple at it's worst will present you an advertisement, big fucking whoop. Seriously, what is the risk? Annoyance? The NSA can wrap you around a pole and make it appear you were snorting 12kilos of coke a day. I am quite literally baffled by the sentiment on HN when I see people up in arms over convenience like this trumped up as if it were in violation of your rights. They added a 'learn more' link and explain what is going on. Yet the same people simply ignore the actual threat, repeatedly. Cowards.

Keep fighting them windmills. Because the real enemy fights back.

Is this where we are now? Patting Apple & friends on the back for sneaking in just a little bit more data scrapage, because surely the only people who think they have a choice are just idiots?

I'd rather be an idiot who gets angry about his TV phoning home to report every DVD and .avi file I've played (in the clear, for no apparent reason: there are no ads, recommendations or features of any kind on the set itself) than a defeatist who equates the futility of circumventing state surveillance with the futility of paying attention to one's outbound internet traffic.

I should have an active choice in how and who I expose my data. If LGe, Apple and friends can't be bothered asking people if they actually want their habits recorded, let alone bother to encrypt said data, expectations on storing, securing and using that data aren't exactly high.

It's not an irrational thing to weight the risk of state surveillance rummaging through my gmail to be a little less than some stupid home computer/router/NAS "feature" exploding and blowing me wide open to identify theft and financial fraud.

You do have a choice, thats why there is the ugly text with the learn more link. They really went out of their way to ensure you were informed. Anything less than acknowledgement stinks too much of either the tech cults, or unfounded paranoia. The first icon presented is Safari, so if you don't read and don't look at icons, then okay... But that's not Apples problem. If it's a feature you don't want to use, don't use it, you can turn it off without a python scripts. I tire of these stupid games.

Theft and financia fraud? Do you search for you account numbers and passwords in spotlight???

What prompted me to reply was when you said "Regardless, it doesn't matter. It's simply ignorant to bitch about this, when the NSA literally intercepts all of this and exploits or introduces exploits into the software you use".

When RealPlayer was grilled for bundling spyware which harvested the exact same data, why did their excuses ("hey we mentioned this in the EULA, plus you could've scrolled through the features and disabled it at install-time") not create the same placated reactions Apple seems to be achieving here?

"Opt-out of some part of this avalanche of b.s. information-leaking features serving little to zero actual benefit to the user" has always been a stupid, sleazy trend to monetize the very basics of computing and whilst I respect that most people don't give a damn and/or don't have the energy to give a damn, it's a user-hostile design pattern.

> Google gets 100% of my searches

I switched to DuckDuckGo for the last couple of months. Works fine for 95% of my searches. The other 5 percent is related to local (to my country in Europe) searches, where Google is absolutely giving better results.

If someone wants a fine grained control of outgoing connection on OSX, I'd propose to use LittleSnitch[1]. It's extremely stable, well made, worth it's money IMHO. I've used since version 1.x upgrading happily on every version.

That said, it takes time and some Googling to make sure that every connection initiated from your system is legal but for security aware users is a very interesting managing and reporting tool.

[1] http://www.obdev.at/products/littlesnitch/index.html

An alternative method which doesn't involve running untrusted code:

1.Open System Preferences > Spotlight

2. Uncheck Spotlight suggestions, Bing web searches and any other options you're not interested in

I disabled both Spotlight Suggestions and Bing yet Spotlight -- via SpotlightNetHelper -- still attempts to connect to api.smoot.apple.com:443 and wu.apple.com:80.

Can anyone explain this?

Location services?

Edit: I think that you have to disable Location service for Spotlight separately in Privacy settings.

Good thought, but I disabled that too. Edit: Twitter discussion regarding one of these issues. Note that Spotlight is doing this despite all relevant settings disabled (spotlight suggestions, bing, privacy, and logging).


wu.apple.com is an address associated with location service requests. If you've disabled location for spotlight, it's possible that it was something else requesting the location.

No idea about that smoot thing, though.

A quick fix would be to add wu.apple.com to your hosts file with an address of - not long term and certainly not an overall fix.

Cool, there are python bindings for some Apple APIs? I wasn't aware.

Pretty much all of them https://pythonhosted.org/pyobjc/

Hah! Really, this is the main take-away from the entire OP and discussion.

I strongly encourage anyone concerned about their privacy to start using a firewall that filters (or at least monitors) outbound traffic by default. And not just the packets, but the web requests.

You would very likely be alarmed by what your phone is doing and who it's talking to without you knowing. iPhone or Android.

Recommended tools? I've gotten by for a while on Little Snitch. Good enough for a single user on a home network?

I use a Sophos Home Edition UTM.

It's mostly Open Source with some proprietary bits sprinkled on top. It also comes with AV software, though I won't speak to the efficacy of said AV software.

I would like to build an equivalent fully-FOSS system, but haven't had time to do that yet. It would of course need to be Ansibled (or equivalent).

There is a war on going in search. You can see it in Google's quarterly results where this last quarter they spent nearly a billion dollars on paid distribution (aka people they pay to send them searches that they can monetize rather than people who just show up at Google.com or one of their properties). It stuns me that Apple hasn't bitten the bullet and built a search engine yet since they could make more on it than Google is paying them to send queries there way but that is just Apple. But the spotlight 'net search' like Ubuntu's Unity search box gives those folks something to sell to Google and Google is buying. It is perhaps easier than building your own search engine but not as profitable once you get above a few million queries a day.

As for google's paid distribution, quite a bit of that goes to Mozilla which most around here would say is a "Good Thing". Most of the rest goes to Apple for Google being the default search engine on iOS.

Besides and instant revenue loss, Apple would build an absolutely awful search engine so it's great news that they haven't tried yet. I mean, look at how awesome they did with mapping.

Apple knows what they are and what they aren't and they aren't going to leave their circle of competence. It's why they aren't trying to "disrupt" credit cards and banks with Apple Pay and why they're partnering with IBM in order to sell to enterprise (even though they could extract more value by doing it themselves) because it would mean becoming an enterprise company.

Well, maybe the recent approaches to duckduckgo and their reaffirmation on user privacy are hints at the future of Apple and DDG... just a thought

Based on Apple's past history, they do not want to sell your personal data. That's Google's modus operandi, and common for other companies too, but Apple has demonstrated time and time again that they are focused on the user.

To that end, there's 2 things going on here:

1. Apple added functionality called Spotlight Suggestions, which pulls in data from the internet, including things like iTunes and App Store results, wikipedia results, movie showtimes, etc. It's basically a form of the specialized search results you get in search engines (such as Google, Bing, and, yes, even DuckDuckGo) where it tries to extract semantic meaning from your query and give you the result inline. This is generally considered very useful for search engines, and Apple decided they wanted Spotlight to have this behavior.

I think this makes sense. Spotlight is basically Sherlock 2.0, so this finally restores behavior that Sherlock (and Watson before it) had (although Sherlock/Watson required you to explicitly search the various providers, whereas Spotlight decides when to do the searches based on its own interpretation of the query).

The privacy implication here is that searches used with Spotlight Suggestions are sent to Apple, so they can improve Spotlight Suggestions. This is something that web search engines already have, and is important for making the functionality behave better. This data is not shared with anyone else, sold, or monetized. And yes, I believe Apple when they say that.

Also to note, this is basically exactly what already happens with Siri. Your Siri queries are sent to Apple (so they can actually be answered), and that information is used to make Siri better.

2. The second part of this is Bing Web Searches. It appears most queries don't even go to Bing. I tried a random sampling of queries and never saw any search results. The Privacy button states that "Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine", which makes it sound like Bing only even sees the search if Spotlight determines that it can't handle this query with local data or Spotlight Suggestions.

Which is to say, this does not mean that Microsoft sees every search you do. It seems they only see some searches, which are for "common words and phrases". Also, according to this, "These searches are not stored by Microsoft", which suggests that Apple's contract with Microsoft puts restrictions on them regarding how they can use the search.


Ultimately, Apple only cares about what makes the user experience better. They're in the hardware business. That's where their money comes from. And they're successful precisely because whenever they're given the choice between something that might make more money, vs something that makes the user experience better, they choose the latter every single time. And monetizing searches does not make the user experience better.

Doing this without actually bothering to let people know in an up-front, opt-in way certainly doesn't make the user experience better. While there's some conceivable value to the feature, turning it on without even letting users know is pretty bullshit and you're perturbing a lot of electrons in this thread with your defense of a really shitty default behavior.

They did let people know. You should really research this a bit before going of half-cocked, accusing Apple of doing something shitty, and me of defending this shitty behavior, when they're not actually doing the shitty thing you think they're doing.

The first time you initiate Spotlight after installing Yosemite, it gives you a very big message, explaining how Spotlight changed, explaining that it now sends search queries to the internet, and providing a big "Learn More" link that opens the built-in help document on the subject (I think it's https://help.apple.com/machelp/mac/10.10/index.html?localePa..., which I found via the (?) button in the Spotlight Preference Pane, but since I've already bypassed the warning I'm talking about I can't double-check).

Not only is the message very obvious and blatant, but Spotlight itself looks radically different than it used to (among other things, it's now a floating window in the center of the screen, instead of being attached to the magnifying glass button in the upper-right), so the risk of someone thinking it's exactly the same Spotlight as before is pretty low.

Before this article informed me of it, I saw no such message. Or rather, I saw it, but didn't read it because it disappeared as soon as you hit your first keystroke in Spotlight. I'm not even always looking at the screen when I trigger Spotlight and I don't go reading the Spotlight popup for fun because I know what it's supposed to do, and what it's supposed to do is a local search without reporting my search terms to Apple. Changing what it's supposed to do in an easily-dismissed way is exactly the shitty, sneaky thing you're defending them for.

You admit you didn't even see the message, so you're engaging in pure speculation as to how you think it behaved, and then criticizing Apple for it.

> Changing what it's supposed to do

What it's supposed to do is provide a good natural language search of any and all information it has available to it. This is what millions of customers use it for, and this is what Yosemite enhanced. Now it has more information available to it. Just as I can ask Siri "what is planet of the apes?" and she'll tell me about the movie, now I can ask Spotlight for "planet of the apes" and learn about the movie. This is great! It's bringing functionality from iOS back to the Mac, in a form that's generally easier to use (speaking to Siri is not always convenient), and doing it in a way that seamlessly integrates with the existing functionality.

Afterwards, I did see it. Because it does show up if you hit cmd-space and then...you know...don't type. Which is insane, because of course I type as soon as I hit cmd-space, that's why I hit cmd-space.

I don't use Siri, either. I don't own an iPhone. You're more than welcome to have whatever internet-enabled hurf and/or durf you want, what I'm saying is that enabling it by default in what is a low-friction, high-usage tool that works on unconscious reflex is some real douchebaggery.

Insisting that Apple put scare dialogs in front of millions of users before doing something that is pretty darn safe is some real douchebaggery. Either it scares users into declining a feature that they'd probably actually appreciate having if they weren't required to click past a scary dialog, or it's one more step towards training users to unconsciously approve dialogs warning them of dangerous actions.

If you care so much about the possibility of a feature using the internet (as opposed to what would actually be a privacy violation, which is selling your information or queries to third parties, instead of, ya know, just using it to provide the functionality you're trying to use), then it's your responsibility to actually learn what this stuff is doing.

But you admitted to installing a brand new major OS update without reading anything at all about it. It's not Apple's fault that you chose to be so intentionally ignorant.

If you don't want the existing OS functionality to change, then don't install major OS updates. If you install major OS updates, then expect functionality to change. And the most cursory of searches would let you find out what's new and updated in the OS. Perhaps you should read the list to find out if any other functionality you use has been modified: http://www.apple.com/osx/all-features/

Apple sells your data to themselves, to show ads for music and apps. It's not so different from showing ads for other vendors, except in that the ads only appear in Spotlight

Ads? If you search for "Planet of the Apes", and you get a response for "Rise of the Planet of the Apes" as a movie available on iTunes, seems to me that's likely what you wanted, no? Calling these "ads" is disingenuous. If Apple has the data in-house to answer your query, they'll do that. Seems like a good idea to me.

I'm actually a little more curious about the specifics. What data is transmitted? Because spotlight can search the web, so that's going to transmit data to 3rd parties. Is the data associated with the user or is it anonymously transmitted? Also, I can't remember because it's been so long since I installed the beta, but is there an option during setup that asks for permission to collect usage data as in iOS (which would be checked in a default installation? If so, does that preference include this data?

First off, how on earth did people expect it not to contact the outside world, when given Spotlight Suggestions or Bing Searches (both are pretty clearly marked in sections, and it's also clear that neither are local)?

Second off, a common user wouldn't care for the "privacy loss" that this might be for some of you. That is why they made it opt-out instead of opt-in. If it was opt-in, nearly no one would use it, because if it's useful, why wasn't it enabled by default?

"Verification is required.

Please click Billing Info to approve your billing information for use in the iTunes Store. If you cancel you will not be able to buy until you have approved your billing information."

For a FREE upgrade? I'm sure Apple has data showing that people with a credit card on file are more likely to buy paid apps/songs/etc, but this is fucking annoying.

One of the payment types is 'None'.


Breaking news: searching on Google sends your query to a third-party server! FILM AT 11!

Yes, and most if not everyone who uses a computer understands that Google searches the Internet. Spotlight was mainly for local search, so they would not expect that their queries for local files be sent outside of their computer.

It appears that you also need to uncheck "Include Spotlight Suggestions" in Safari. It's in Safari/Preferences/Search and located in "Smart Field Search."

I noticed iOS 8 has been doing this too via api.smoot.apple.com

Is there a way to undo? Let's say I run this script, but don't like the results. How do I undo and revert to a previous system state?

Just modify these lines in the dict/list:

   {'enabled' : True, 'name' : 'MENU_WEBSEARCH'},
   {'enabled' : True, 'name' : 'MENU_SPOTLIGHT_SUGGESTIONS'},
And re-run.

The first time I clicked spotlight after upgrade to yosemite, I was clueless what to do with the pop-up. closed, clicked spotlight several times until i realized i need to start typing and then saw the cursor. something weird about the whole UI changes. I prefer the old look and glossy icons. what's up with flat everything. The first thing I did was disabling the web search in spotlight.

It's missing a default value for "DEVELOPER" (whatever that is)

am i the only one wondering what MENU_OTHER is?

It's for unknown filetypes that are matched by your search query which don't fall under any of the other categories.

They will need to put a knife on my throat to buy that Apple sucking nightmare. But, definitely a cool fix if you're unfortunate enough owning one:)

Ah this is an awesome fix! Haha thanks!

What exactly does this enable/disable?

I suggest you read the section called "Why do we need this?" on the linked page ;)

Feels like Apple is the new Sony. No more MBPs for me.

I use Alfred... http://www.alfredapp.com/

This reminds me that I should really get around to figuring out how to disable spotlight altogether. It can occasionally peg my CPU.

mdutil -a -i off

Or, 'man mdutil' if you would rather not type in commands suggested by random people on the Internet. :)

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact