A story made the rounds earlier today calling into question the new Spotlight Suggestions feature in OS X Yosemite and iOS 8. In an effort to garner attention, it reports the collection and usage of the information required to enable this feature in a needlessly scary way. As any long time reader knows, security and privacy are always at odds with convenience, yet features like Spotlight Suggestions — and Siri before it — do an excellent job balancing as much convenience as possible with maintaining as much privacy and security as possible. Here's Apple's statement on the matter:
"We are absolutely committed to protecting our users' privacy and have built privacy right into our products," Apple told iMore. "For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn't retain IP addresses from users' devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn't use a persistent identifier, so a user's search history can't be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.
"We also worked closely with Microsoft to protect our users' privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users' IP addresses.
"You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight."
Here's the original charge:
Apple has begun automatically collecting the locations of users and the queries they type when searching for files with the newest Mac operating system, a function that has provoked backlash for a company that portrays itself as a leader on privacy.
The "backlash" cited by the sensationalistic story is not the result of the story but the result of sensationalism, and that's disappointing. We depend on major publications to provide us with accurate information for our benefit, not for their own benefit. Where they could have taken the time to look into it, assess the facts, and help people understand, they chose to double down on FUD, and that's not only disappointing, it's distressing.
So what are the facts? Apple discloses how Spotlight Suggestions work in both the Spotlight section of System Preferences on the Mac, and in the Spotlight section of Settings > General on iPhones and iPads.
There's also a Spotlight Suggestion check box on both so that you, the person using the device, can easily turn it off if you value privacy and security over convenience. (And if you are such a person, and have already disabled location services, Spotlight honors that setting and doesn't send the information.)
Apple links to the following text right from the prefs/settings pane on both OS X and iOS. Not only is it simple to find, it's plainly written and understandable:
When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services.
If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.
You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on "Details" next to System Services and then deselecting "Spotlight Suggestions". If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region.
Apple has also posted a privacy section on their website, and an updated version of their iOS 8 security document that reiterate what they're doing and their long-standing position on privacy. Here's the relevant parts:
To make suggestions more relevant to users, Spotlight Suggestions includes user context and search feedback with search query requests sent to Apple.
Context sent with search requests provides Apple with: i) the device's approximate location; ii) the device type (e.g., Mac, iPhone, iPad, or iPod); iii) the client app, which is either Spotlight or Safari; iv) the device's default language and region settings; v) the three most recently used apps on the device; and vi) an anonymous session ID. All communication with the server is encrypted via HTTPS.
The white paper goes on to explain how locations are blurred, anonymous IDs are only kept for 15 minutes, recent apps are only included if they're on a white list of popular apps, etc. (It starts on page 40 of the above-linked PDF if you're curious about the specifics.)
So, again, Apple is only doing what they need to do to provide the conveniences of the feature they announced — the same way they've needed to collect enough data to answer questions with Siri in the past, or show you locations on Maps, or find your iPhone, iPad or Mac, and the list goes on.
If you don't like or want it, you can turn it off. That's the real story here — education. How it works, and what you can do with it and about it.
If you have any concerns or questions about Spotlight Suggestions, let me know in the comments!