User Name
Password
AppleNova Forums » Apple Products »

Is our privacy being violated with 10.4.7?


Register Members List Calendar Search FAQ Posting Guidelines
Is our privacy being violated with 10.4.7?
Thread Tools
washington mac user
can't read
 
Join Date: Jun 2006
 
2006-07-05, 14:03

http://www.pcworld.com/news/article/0,aid,126315,00.asp

Quote:
Mac users are growing concerned about a new feature within Mac OS X 10.4.7 that contacts servers at Apple HQ on a regular basis.

The new Dashboard process is called dashboardadvisory. According to Apple's release notes for 10.4.7, the application contacts Apple's servers for just one purpose--to ensure a user's Dashboard widgets are up-to-date.

"You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on [www.apple.com] before installing it," Apple's release notes say, in effect preventing users accidentally downloading less secure widgets.
Personally I don't care but I know others do and was wondering what everybody's thinks about this?
Should they have an option to be able to turn this off or does this guy care too much?

Last edited by Brad : 2006-07-05 at 21:54. Reason: Quote added for detail. Do NOT start a thread and not explain what the purpose is.
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2006-07-05, 14:05

The only trouble here is that Apple hasn't really made this change very clear. The Release Notes were very vague. Plus, there is no option to turn it off.

The feature itself, however, is probably rather useful and doesn't intrude our privacy; it's just a quick security check. No data is transmitted.
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2006-07-05, 14:22

Given what happened last year with the noise media made about a security hole where you can download unsafe widgets, it sounds like Apple is taking the paranoid avenue.

I have mixed feeling about it as I do like to know what they're doing with my computer as opposed to wondering why my computer is acting slow or something like that, but I can see how annoying it can be if user has to administer authorize updates each widgets three times a day...
  quote
neiltc13
Senior Member
 
Join Date: Jan 2006
 
2006-07-05, 14:35

Apple already know my credit card number, my name, my address, my telephone number, my date of birth, my mother's maiden name and probably many other things.

I don't think that Apple need to use widgets to get at many of their users' personal information, do you?
  quote
Ryan
Veteran Member
 
Join Date: May 2004
Location: Promise Land of Trustafarians
 
2006-07-05, 14:55

Does anyone know if it still runs if you don't have any widgets running?

I'm not concerned about it, but from a PR standpoint it would be better if they allowed the user to disable it, or at the very least described it in more detail in the release notes.

edit: I don't see anything in Activity Monitor about it, so I guess it doesn't run if you aren't using Dashboard.
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2006-07-05, 14:56

This isn't first time Apple software has called home, right? Software update supposedly does the same (though I've never seen it actually doing it on my own so I end doing it myself).

Has there been a past instance where updates was done silently?
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2006-07-05, 15:00

Quote:
Originally Posted by Ryan
edit: I don't see anything in Activity Monitor about it, so I guess it doesn't run if you aren't using Dashboard.
It doesn't run permanently. It's run every 8 hours through launchd.
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2006-07-05, 15:01

Quote:
Originally Posted by Banana
Software update supposedly does the same (though I've never seen it actually doing it on my own so I end doing it myself).
Well, obviously Software Update needs to create a list of the software installed so it can compare that to the versions available at Apple. However, the complete process is quite simple and open and easily traceable; it's been reverse-engineered before with no signs whatsoever of illegitimate phoning home. No hardware information, no personal information.
  quote
lexxmac
New Member
 
Join Date: Jul 2006
Location: "The Midwest"
 
2006-07-06, 11:08

It does still run even if you've killed dashboard off. I use little snitch to monitor all of my network traffic and I can see when dashboardadvisory tries to connect up. I've promptly dissallowed any activity. I don't care if my widgets are up to date because I'll never be using dashboard. It is very intersting to see what phones home and what doesn't... and little snitch will be happy to show you what does and what doesn't. It's well worth the $25 to me.
  quote
lexxmac
New Member
 
Join Date: Jul 2006
Location: "The Midwest"
 
2006-07-06, 11:11

Software update checks for updates automatically also and tries to connect to the net in the background (again- thank you little snitch), but it really seems harmless. If you're that paranoid just go download all the updates by hand and turn off automatic checks for updates.
  quote
PB PM
Sneaky Punk
 
Join Date: Oct 2005
Location: Vancouver, BC
Send a message via Skype™ to PB PM 
2006-07-06, 11:40

My goodness people are paranoid these days. I could understand people being upset if Apple was drawing information from say, Spotlight, but from Widgets, come on people... grow up.
  quote
JLL
Member
 
Join Date: May 2004
Location: Copenhagen, Denmark
 
2006-07-06, 13:58

I heard that Apple collects your IP address, screen size, OS version and other stuff when you visit apple.com, is that true?




  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2006-07-06, 14:12

No, they don't have to.

You see, all Macs have built-in hardware and software to trace and collect all information anonymously with incredible accuracy so they already know you are, where you are typing at this moment.

As long you don't bash Apple, you'll be okay.

*trampling boots*

or maybe not.... gggaaarrrhhhh....
  quote
billybobsky
BANNED
I am worthless beyond hope.
 
Join Date: May 2004
Location: Inner Swabia. If you have to ask twice, don't.
 
2006-07-06, 16:26

I heard that apple macintosh's can read your mind and are sending all of this data back to Steve Job's thinkpad.
  quote
arnoct
Member
 
Join Date: Oct 2005
 
2006-07-07, 09:57

take off the tinfoil hats, guys, it's checking for updates. god.
  quote
Banana
is the next Chiquita
 
Join Date: Feb 2005
 
2006-07-07, 10:59

Quote:
Originally Posted by arnoct
take off the tinfoil hats, guys, it's checking for updates. god.
Hmm... You seems to be missing something. Is this what you are looking for?
  quote
ShadowOfGed
Travels via TARDIS
 
Join Date: Aug 2005
Location: Earthsea
 
2006-07-08, 00:47

Actually, I've heard that 10.4.7 is doing a little more than just checking for updates, but not something bad or nefarious.

What I heard is that it's essentially check-summing your widgets, and then wandering out on the 'net to Apple's servers where it verifies that (a) your widgets are up to date and (b) that your widget's checksum matches the one stored on Apple's server. If that's the case, it should (in theory) make it extraordinarily difficult to create a rogue widget for Dashboard that masquerades as one of Apple's own. And even if you modified one of Apple's widgets directly, that alteration would show up as a checksum mismatch, and then Dashboard could notify the user or take some other appropriate action.

Considering *many* Windows viruses and spyware survive by masquerading as (or looking similar to) system processes and services, I think it is a Good Thing™ that Apple is taking steps to prevent malware from hiding behind an Apple-branded widget. So if this really is the case, then I don't mind.



As a disclaimer, I haven't verified this on my own, but I did hear it from people who should have a dang good idea of what's going on.

Also, keep in mind that Apple has a huge amount of brand trust right now, unlike other companies such as Microsoft. My bet is that even if some users consider this information "sensitive" (come on, it's a *widget* not personal information), Apple is not storing it, and the end result is for the user's good. Apple's brand would be marred if they did anything nefarious on the back end, and I doubt they're willing to sacrifice that for whatever benefits they'd get.



---

Oh, and I personally think the Digg and Slashdot crowds are overly paranoid. Sometimes they raise valid points, but a lot of the time I feel like someone submits a story that will evoke communal paranoia just to get themselves posted. I used to read Slashdot, but the content in general (and comments in particular) seem to have degraded, so I don't really pay attention anymore. I don't think Apple's doing anything wrong here, but there are plenty of tinfoil-hat fanatics that differ with me.


Apparently I call the cops when I see people litter.
  quote
ShadowOfGed
Travels via TARDIS
 
Join Date: Aug 2005
Location: Earthsea
 
2006-07-08, 01:02

Quote:
Originally Posted by washington mac user
Hmm, and I'm sure PC World has *no* interest in stirring up the tech crowd and trying to make Apple look bad.



I mean, I've heard from other places that this is happening, but I feel like that snippet is worded to make it sound like Apple is doing dark and evil things while putting up a rosy white façade for users.

Apple's recent public image could probably be described as "too good for too long." As a result, I feel like there are a lot of people and companies (media outlets in particular) who are desperately trying to magnify and misconstrue even the slightest misstep from Apple. Why? Just to smear Apple.

It's much like the basketball or football team that never loses. Are you one of those people that roots for them? Or do you root against them just because you want them to lose once in a while? I think that's where Apple is right about now.

Everyone's looking for the least bit of dirt, because we all know nobody's perfect. As a matter of pride, I imagine these websites and magazines all want to be the first to find "the story," but so far dirt has proven difficult to find.

Or am I completely off my rocker?

Apparently I call the cops when I see people litter.
  quote
kongfused
New Member
 
Join Date: Mar 2006
 
2006-07-08, 08:53

for the truly paranoid, download a small application called little snitch.

It monitors all your outgoing network connections. It allows you to permit or dispermit traffic from coming out of your machine. It's like a firewall add-on.

The free version is limited to 3 hours at a time so you get a good idea of how the software works.

http://www.obdev.at/products/littlesnitch/index.html

pz
  quote
rob05au
Member
 
Join Date: May 2005
Location: Australia
Send a message via ICQ to rob05au Send a message via AIM to rob05au Send a message via Skype™ to rob05au 
2006-07-09, 15:57

For those who want to turn it off and have it stay off try this

Login with an administrative account and open Terminal, then execute the following command:
$ sudo vi /etc/mach_init.d/dashboardadvisoryd.plist
When asked for a password, retype your own password to verify that it's still you and not someone else. Next type an i to enter input mode, and add the following two lines below the line that reads <dict>:
<key>Disabled</key>
<true/>
Press Escape to leave the edit mode and type :wq, followed by Enter, to save the file and quite the editor. The file is saved and mach_init.d won't start this process anymore. Now type the following command:
$ sudo vi
/System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist
and enter input mode once again by pressing i, and after the line that reads <dict>, we also add the lines:
<key>Disabled</key>
<true/>
Leave the input mode and save the file as before. Now restart your computer, and this process won't start automatically.

It works for me
  quote
chucker
 
Join Date: May 2004
Location: near Bremen, Germany
Send a message via ICQ to chucker Send a message via AIM to chucker Send a message via MSN to chucker Send a message via Yahoo to chucker Send a message via Skype™ to chucker 
2006-07-09, 16:00

Er, those changes will likely be overwritten every time you run a Software Update that comes with a newer version. Also, you don't have to do that. If all you want is add the disabled key, use launchctl unload -w.

Code:
unload [-w] paths ... Unload the specified configuration files or directories of con- figuration files. -w Add the disabled key and write the configuration files back out to disk.
Playing around with Apple's plists manually is a bad idea.
  quote
Posting Rules Navigation
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Post Reply

Forum Jump
Thread Tools
Similar Threads
Thread Thread Starter Forum Replies Last Post
10.4.7 is out halo1982 Apple Products 114 2006-07-09 13:32
One Mac, two people (iTunes, iPhoto, privacy, etc.) psmith2.0 Genius Bar 18 2006-07-09 02:18
What do you want to see in 10.4.7? rasmits Speculation and Rumors 54 2006-06-27 15:28
iTunes Mini Store Privacy Debacle: Apple's solution chucker Apple Products 10 2006-01-18 11:53


« Previous Thread | Next Thread »

All times are GMT -5. The time now is 06:56.


Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004 - 2024, AppleNova