Yosemite, iOS 8, Spotlight, and Privacy: What you need to know

A story made the rounds earlier today calling into question the new Spotlight Suggestions feature in OS X Yosemite and iOS 8. In an effort to garner attention, it reports the collection and usage of the information required to enable this feature in a needlessly scary way. As any long time reader knows, security and privacy are always at odds with convenience, yet features like Spotlight Suggestions — and Siri before it — do an excellent job balancing as much convenience as possible with maintaining as much privacy and security as possible. Here's Apple's statement on the matter:

"We are absolutely committed to protecting our users' privacy and have built privacy right into our products," Apple told iMore. "For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn't retain IP addresses from users' devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn't use a persistent identifier, so a user's search history can't be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded."We also worked closely with Microsoft to protect our users' privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users' IP addresses."You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight."

Here's the original charge:

Apple has begun automatically collecting the locations of users and the queries they type when searching for files with the newest Mac operating system, a function that has provoked backlash for a company that portrays itself as a leader on privacy.

The "backlash" cited by the sensationalistic story is not the result of the story but the result of sensationalism, and that's disappointing. We depend on major publications to provide us with accurate information for our benefit, not for their own benefit. Where they could have taken the time to look into it, assess the facts, and help people understand, they chose to double down on FUD, and that's not only disappointing, it's distressing.

So what are the facts? Apple discloses how Spotlight Suggestions work in both the Spotlight section of System Preferences on the Mac, and in the Spotlight section of Settings > General on iPhones and iPads.

There's also a Spotlight Suggestion check box on both so that you, the person using the device, can easily turn it off if you value privacy and security over convenience. (And if you are such a person, and have already disabled location services, Spotlight honors that setting and doesn't send the information.)

Apple links to the following text right from the prefs/settings pane on both OS X and iOS. Not only is it simple to find, it's plainly written and understandable:

When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft's Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services.If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results tab in the Spotlight preference pane found within System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac.You can turn off Location Services for Spotlight Suggestions in the Privacy pane of System Preferences on your Mac by clicking on "Details" next to System Services and then deselecting "Spotlight Suggestions". If you turn off Location Services on your Mac, your precise location will not be sent to Apple. To deliver relevant search suggestions, Apple may use the IP address of your Internet connection to approximate your location by matching it to a geographic region.

Apple has also posted a privacy section (opens in new tab) on their website, and an updated version of their iOS 8 security document (opens in new tab) that reiterate what they're doing and their long-standing position on privacy. Here's the relevant parts:

To make suggestions more relevant to users, Spotlight Suggestions includes user context and search feedback with search query requests sent to Apple.Context sent with search requests provides Apple with: i) the device's approximate location; ii) the device type (e.g., Mac, iPhone, iPad, or iPod); iii) the client app, which is either Spotlight or Safari; iv) the device's default language and region settings; v) the three most recently used apps on the device; and vi) an anonymous session ID. All communication with the server is encrypted via HTTPS.

The white paper goes on to explain how locations are blurred, anonymous IDs are only kept for 15 minutes, recent apps are only included if they're on a white list of popular apps, etc. (It starts on page 40 of the above-linked PDF if you're curious about the specifics.)

So, again, Apple is only doing what they need to do to provide the conveniences of the feature they announced — the same way they've needed to collect enough data to answer questions with Siri in the past, or show you locations on Maps, or find your iPhone, iPad or Mac, and the list goes on.

If you don't like or want it, you can turn it off. That's the real story here — education. How it works, and what you can do with it and about it.

If you have any concerns or questions about Spotlight Suggestions, let me know in the comments!

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • Thanks for the article. Turning that stuff off. I prefer Spotlight only to search the device.
  • "Oh no, I want directions, but you can't know where I am, just tell me how to get where I need to go." Posted via the 5s I'm not ashamed of using in my home.
  • Does anyone know if Citizen Kane is available on Amazon? For some reason I feel compled to watch it right now and I just can't quite put my finger on why that would be.
  • WTF?!! All these years, your friend, a.k.a google, has been collecting so much including my dead grand ma's (Lord bless her soul) most fav. panties .... now some Einsteins have become privacy specialists?!! WTF indeed ...
  • Google has to be paid for. So many people want stuff for free. If you want to get a million results, you have to give something in return.
    Isn’t a huge deal but Apple are wrong here and Fanbois need to recognise this. They should have had the feature OFF by DEFAULT and made opting in part of the Set Up Assistant for brand new installs or one of the first things that pops up after an upgrade;
    "Hi, we aim to improve your software and hardware experiences and we’ll do this by submitting your search queries, (not results), to Bing search etc etc.” See how easy that is?
  • Seriously? No. It does not need to be opt in. It doesn't need to do anything but what it currently does. First time searching in Spotlight? Oh hey, you see that little dialog that explains its additional features? If you're so scared, you'll be turning off these things anyway. Don't fill my install screen with worthless options to please folks who are too paranoid to walk outside - it's a waste of our time, which is collectively more, than the time of those who are paranoid. Mean while, you give Google a pass because "they have to get paid." Well, maybe instead of digging for information from me in the furthest reaches of the Internet, collecting it in a file that has my entire social/search/browse/buy history forever, then selling it to who knows for how much without so much as a checkbox clicked explicitly stating this; I should opt in instead.
  • Yes it does. Everybody has a heightened sense of insecurity now. Don’t add to it.
    If you have to go through a few extra steps tough. Don’t automatically assume that it’s right to track.
    Forget it’s Apple for two seconds please jeez, you should NOT be assuming you have an automatic right to track and set your stall that way.
  • Excuse me? They aren't tracking anything. They're using information about you to feed you more relevant information you want to hear, discarding this information pertaining to you rather quickly. They are not tracking you. So if you have to go through a few extra steps to sooth your paranoia, tough.
  • LOL, Ok. Let’s leave it there. I don’t want you to get any more riled than you already are.
    Bottom line. If you are passing on info that could quite easily sensitive, (like internet search terms), ask first. That is all.
  • Have actually bothered RTFA? Or are you just here to troll? You did understood everything, right? You understand what anonymous session ID's are?
  • Probably my perception but you all seem so offended already so I’ll make this my last comment devoid of sarcasm or anything else. Have a good day.
  • You are a blind fanboy twat. Posted via the iMore App for Android
  • "Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services." That last clause is a loophole big enough to drive an Imperial Star Destroyer through. Sent from the iMore App
  • Lol I thought the same thing.
  • Good catch and point taken. Does the author of this article have any thoughts on this language? Sent from the iMore App
  • When will we get some kind of intellectual integrity from these media jerks. What other tech company gets so many 'crap shots' taken at it on a regular basis. Its in Apple's best interest to safeguard our privacy not pirate it out. But hey I guess the nature of sensationalist reporting. What's sad is that so many people flock to this stuff like flies around shite. Sent from the iMore App
  • To me this is like them installing a surveillance system within our homes, cameras pointing at us, then saying "Oh don't worry, we'll only spy on you sometimes".
    Why are the cameras there at al!? What you do you mean, "sometimes"!?
    I'm sure the NSA are in cahoots with Apple on Spotlight. Make sure you don't search for anything violence related or you'll be arrested.