Lately I’ve heard a lot on technical podcasts about the public outrage over “Microsoft Genuine Advantage” and the fact that it “phones home” every day.
Apple released Mac OS X 10.4.7 last week, and ever since I installed it, I’ve been noticing Apple’s own modest home phoning behavior. In this case it’s ostensibly to provide users with the opportunity to check whether the Dashboard Widgets you download are identical to ones featured on Apple’s site. Sort of a security debriefing, I guess. From the 10.4.7 release notes:
You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it.
The problem is this feature popped up without my permission, and there’s no obvious way for me to turn it off. This is how companies, even fairly trustable ones (IMHO) like Apple, make users paranoid and suspicious of them. This phoning home is done by a new process called “dashboardadvisoryd.” I don’t know the exact schedule, but it appears to be very frequent: twice today in a seven hour period. If I didn’t run Little Snitch I wouldn’t have any idea this was going on, because Apple made no point of informing me of the new feature and what it would entail.
One of the nice things about Little Snitch is it gives you a chance to “perk up your ears” to what’s being said between the client and server. When I see an unusual connection being requested, I often allow it to take place, but not before switching to the Terminal and starting up tcpdump so I can scrutinize the traffic. I figure if anybody is going to be chatting behind my back I at least want to know the gist of what they’re saying.
So far as I can tell, the activity from Apple is in this case pretty tame. At least so far. Every time it phones home, it requests the following two URLs:
The first appears to be a public key or something. The second appears to be empty but its header values may convey something of interest to Apple’s client.
I can’t see that anything at all is being sent back to Apple, but that’s sort of not the point. The mere act of “checking in” lets Apple know that I’m here and I’m running 10.4.7. They didn’t ask my permission to start making this regular checkin, and I’m not even sure what benefit I’m going to be getting out of allowing it.
In an era when consumers are being encouraged to take responsibility for their own safety in the interconnected world, Apple and others should respect the boundaries of our “digital house” by at least keeping us in the loop about what is being done on our behalf. I can find no documentation about what Apple is choosing to send and receive on a regular basis from my Mac.
Keep me in the loop, Apple. And if I’m not comfortable with it, give me an option (short of Little Snitch) for turning it off. It’s my computer, after all.