Howdy. Author here. By way of introduction, I'm also the author of PLCrashReporter (https://www.plcrashreporter.org/), ported Java 6 to Mac OS X (a.k.a Soylatte), and -- this might lower some folk's estimation of me here -- started the MacPorts project almost 15 years ago at Apple, along with co-workers Jordan Hubbard and Kevin Van Vechten.
That slightly snarky disclaimer you quoted actually has a serious backstory; the language came from https://fixubuntu.com (whose AGPL code was used here), and it was added after Ubuntu sent a legal demand that "Ubuntu" be removed from the fixubuntu domain name and website:
I actually toned down the snark -- just slightly -- from the original disclaimer.
It's remarkably easy to miss Spotlight's privacy disclosure in Yosemite -- the instant you start typing in the Spotlight search box, the disclosure disappears, and seemingly stays gone. There's no single "local search only" toggle, and you have to cross-reference the documentation provided in System Preferences against the list of "Search Results" to figure out which of the options actually sends your queries to Apple.
I wanted something simple, that I knew worked, and I could just tell family to run themselves, so I put this together. It's a convenient way to apply the settings, a jumping-off point for a more involved effort to resolve some of the other remaining privacy issues on Yosemite, and a handy way to get the privacy message across.
If you're interested in chipping in on the OS X privacy front, there's a lot more to look at than just Spotlight; my next goal is to get https://github.com/fix-macosx/sslsplit transparently capturing traffic in a Yosemite VM so that we can start nailing down exactly what is being sent from the myriad of daemons (and spotlight!) that are sending data outwards in a default configuration.
I'm very sympathetic to the "random internet code" issue, so I struck a balance by:
1) Displaying the source inline in the page (of course, there's no guarantee that it matches the downloaded code, but the goal here is to highlight the important of knowing what you're running).
2) Making the actual script URL a clickable link, so that folks that don't blindly execute curl scripts (myself included) can easily download the script and examine it.
3) Used a variation of the usual pipe approach (curl -O … && ./…) so that anyone downloading it would actually have a copy of what they just ran.
Thank you for taking the time respond, and for your impressive body of work.
My knee-jerk reaction to everything about this site can definitely be attributed to ignorance. Something worth considering, in my opinion, for the goal of the project.
fix-osx: I didn't know it needed fixing (in the context of what this site declares is wrong). I am open to being wrong, and that it would need fixing, but my gut response is that it doesn't. It is not intended to attack/dispute your messaging, but rather explain how it could be read by someone unfamiliar with how it is indeed that way.
Expanding on that, I don't hold that OSX inherently betrays user privacy. While this can be considered a privacy leak by ux design (it is, I agree), it's not something that would lead me to the conclusion that the OS has no privacy by design. I'll be looking more into this now, however.
Regarding the disclaimer... That backstory certainly validates the tone, but a disclaimer for the disclaimer would be nice for the uninitiated :-
Thanks for the feedback; I committed a rephrasing of the trademark disclaimer (https://github.com/fix-macosx/fix-macosx) and I'll push that out when I next have the chance.
Just to clarify, the submission's title of "No Privacy, by Design" doesn't represent my own position; it's not a phrase that's used on fix-macosx.com.
So at first I was wondering why it was python. Then I saw that you could import Foundation and directly edit settings. Needless to say now I'm intrigued and kinda want to write an ansible plugin for this as I already use ansible to set this junk up as it is.
The problem with telling people to run this for themselves, is now they have to trust both you and apple.
If you really want to educate people, why not also provide directions on how to do it via the UI? Are you trying to scare people?
The privacy disclosure and instructions are perpetually available in spotlight settings by pressing the giant button labelled 'About Spotlight Suggestions & Privacy', which is probably the largest button in the entire OS.
If you're referring to the POODLE SSLv3 bug, it doesn't break authentication/key exchange or MAC, but instead, confidentiality of the symmetric encryption.
In other words (assuming an attacker can modify a sufficient amount of SSL traffic in transit), they could decrypt the python source code, but they can't insert new data without triggering a MAC validation failure on the client.
I've just about wrapped up support for correlating connections with the local responsible program (see branch macosx-process-info); I also need to put some thought into how to handle non-TCP traffic.
I'll be posting Yosemite setup instructions later today; my plan is to collect a corpus of data from a default installation. One thing I could really use help with is providing a web-based visualization of that data.
That slightly snarky disclaimer you quoted actually has a serious backstory; the language came from https://fixubuntu.com (whose AGPL code was used here), and it was added after Ubuntu sent a legal demand that "Ubuntu" be removed from the fixubuntu domain name and website:
http://arstechnica.com/information-technology/2013/11/canoni...
I actually toned down the snark -- just slightly -- from the original disclaimer.
It's remarkably easy to miss Spotlight's privacy disclosure in Yosemite -- the instant you start typing in the Spotlight search box, the disclosure disappears, and seemingly stays gone. There's no single "local search only" toggle, and you have to cross-reference the documentation provided in System Preferences against the list of "Search Results" to figure out which of the options actually sends your queries to Apple.
I wanted something simple, that I knew worked, and I could just tell family to run themselves, so I put this together. It's a convenient way to apply the settings, a jumping-off point for a more involved effort to resolve some of the other remaining privacy issues on Yosemite, and a handy way to get the privacy message across.
If you're interested in chipping in on the OS X privacy front, there's a lot more to look at than just Spotlight; my next goal is to get https://github.com/fix-macosx/sslsplit transparently capturing traffic in a Yosemite VM so that we can start nailing down exactly what is being sent from the myriad of daemons (and spotlight!) that are sending data outwards in a default configuration.
I'm very sympathetic to the "random internet code" issue, so I struck a balance by:
1) Displaying the source inline in the page (of course, there's no guarantee that it matches the downloaded code, but the goal here is to highlight the important of knowing what you're running).
2) Making the actual script URL a clickable link, so that folks that don't blindly execute curl scripts (myself included) can easily download the script and examine it.
3) Used a variation of the usual pipe approach (curl -O … && ./…) so that anyone downloading it would actually have a copy of what they just ran.
4) Serve the whole lot over TLS.
Cheers, Landon