Apple Phones Home, Too

July 3rd, 2006

Lately I’ve heard a lot on technical podcasts about the public outrage over “Microsoft Genuine Advantage” and the fact that it “phones home” every day.

Apple released Mac OS X 10.4.7 last week, and ever since I installed it, I’ve been noticing Apple’s own modest home phoning behavior. In this case it’s ostensibly to provide users with the opportunity to check whether the Dashboard Widgets you download are identical to ones featured on Apple’s site. Sort of a security debriefing, I guess. From the 10.4.7 release notes:

You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it.

The problem is this feature popped up without my permission, and there’s no obvious way for me to turn it off. This is how companies, even fairly trustable ones (IMHO) like Apple, make users paranoid and suspicious of them. This phoning home is done by a new process called “dashboardadvisoryd.” I don’t know the exact schedule, but it appears to be very frequent: twice today in a seven hour period. If I didn’t run Little Snitch I wouldn’t have any idea this was going on, because Apple made no point of informing me of the new feature and what it would entail.

One of the nice things about Little Snitch is it gives you a chance to “perk up your ears” to what’s being said between the client and server. When I see an unusual connection being requested, I often allow it to take place, but not before switching to the Terminal and starting up tcpdump so I can scrutinize the traffic. I figure if anybody is going to be chatting behind my back I at least want to know the gist of what they’re saying.

So far as I can tell, the activity from Apple is in this case pretty tame. At least so far. Every time it phones home, it requests the following two URLs:

http://www.apple.com/widgets/widgetadvisory
http://www.apple.com/widgets/parser.info

The first appears to be a public key or something. The second appears to be empty but its header values may convey something of interest to Apple’s client.

I can’t see that anything at all is being sent back to Apple, but that’s sort of not the point. The mere act of “checking in” lets Apple know that I’m here and I’m running 10.4.7. They didn’t ask my permission to start making this regular checkin, and I’m not even sure what benefit I’m going to be getting out of allowing it.

In an era when consumers are being encouraged to take responsibility for their own safety in the interconnected world, Apple and others should respect the boundaries of our “digital house” by at least keeping us in the loop about what is being done on our behalf. I can find no documentation about what Apple is choosing to send and receive on a regular basis from my Mac.

Keep me in the loop, Apple. And if I’m not comfortable with it, give me an option (short of Little Snitch) for turning it off. It’s my computer, after all.

112 Responses to “Apple Phones Home, Too”

  1. Cameron Hayne Says:

    This “phoning home” is done by ‘dashboardadvisoryd’ which is in the Resources folder of /System/Library/CoreServices/Dock.app
    dashboardadvisoryd is started up via the “dashboardadvisoryd.plist” file under /etc/mach_init.d which lists it as an “OnDemand” service.
    It seems that the “demand” comes from ‘fetchadvisory’ which is in that same Resources folder.
    fetchadvisory is started up via launchd – its plist file is “com.apple.dashboard.advisory.fetch.plist” in the “/System/Library/LaunchDaemons” folder where we see that it is run every 28800 seconds (i.e. every 8 hours).

    Some interesting details are supplied by running ‘strings’ on the ‘dashboardadvisoryd’ executable.
    Besides references to the two URLs mentioned by Daniel, I note the following SQL:

    BEGIN EXCLUSIVE;
    CREATE TABLE advisory (ROWID INTEGER PRIMARY KEY AUTOINCREMENT,
    unique_id INTEGER UNIQUE NOT NULL,
    hash_usage INTEGER NOT NULL,
    resource_type INTEGER NOT NULL,
    hash_type INTEGER NOT NULL,
    hash BLOB UNIQUE NOT NULL,
    url TEXT);
    CREATE TRIGGER advisory_trigger AFTER INSERT ON advisory
    BEGIN SELECT needsupdate();
    DELETE FROM scan;
    END;
    CREATE TRIGGER advisory_delete_trigger AFTER DELETE ON advisory
    BEGIN DELETE FROM override WHERE hash = OLD.hash;
    END;
    CREATE TABLE override (hash BLOB UNIQUE NOT NULL);
    CREATE TABLE scan (ROWID INTEGER PRIMARY KEY AUTOINCREMENT,
    uid INTEGER UNIQUE NOT NULL,
    resource_type INTEGER NOT NULL);
    CREATE TABLE meta (key UNIQUE NOT NULL,
    value NOT NULL);
    CREATE TABLE allowed (hash BLOB,
    bundle_id TEXT,
    uid INTEGER, name TEXT);
    COMMIT;

    And there is a reference to “/var/db/.dashboardadvisory.database” which I see now exists and seems to contain similar SQL statements to the above.

    I note also that there is a new “Dashboard Advisory” certificate in the System keychain – presumably to ensure that the server contacted at the above URLs is actually the Apple server (to protect against DNS poisoning etc)

  2. Jon Hendry Says:

    “And there is a reference to “/var/db/.dashboardadvisory.database” which I see now exists and seems to contain similar SQL statements to the above.”

    Presumably the dashboardadvisoryd uses some of the the SQL to set up a SQLite database if it doesn’t exist at startup, and then uses the other SQL code to use the database once it’s created.

    At first consideration, the timing seems a bit obsessive, if you consider that the check could be done when you add a widget.

    However, if it is possible for a hostile widget to be installed without the usual mechanisms being aware of it, then a periodic check could be useful. That said, it’s hardly necessary to dial out *every* time – it should only dial out if the set of installed widgets has changed since the last run.

  3. Jon Hendry Says:

    It might be interesting to modify one of your installed widgets, and see what happens.

  4. sjk Says:

    This reminds me of the recent dotMacTranslator phones home? message on the macosx-admin list questioning another suspicious change in 10.4.7. I found a new ~/Library/Preferences/com.apple.dotmactranslator.plist file on my system with a single key, replicantIsAlive, set true. I’ve also noticed a message about .Mac quickly flash by in the Activity Monitor window whenever I launch Mail, which apparently comes from this framework:

    % otool -L /Applications/Mail.app/Contents/MacOS/Mail | grep -i dotmac
    /System/Library/PrivateFrameworks/DotMacLegacy.framework/Versions/A/DotMacLegacy
    (compatibility version 1.0.0, current version 123.0.0)

    … even though I don’t have a .Mac account. Hmm.

  5. ssp Says:

    Apart from the phoning home, I wonder what the theory behind this ‘service’ is. To tell us about ‘evil’ widgets? If yes, who determines which widgets are evil? And if that question can be answered to my satisfaction:: Why can’t I have that excellent service for any application on my machine.

    Not that I really want an extra layer of complicatedness, just wondering…

  6. Adrian Milliner Says:

    My db file contains nothing except 3 rows in the meta table, key/values for serial-number-time-stamp, serial-number and last-fetch.

    Nothing too to get overly paranoid about.

  7. APC Magazine » It’s not just Windows. Mac OS X phones home too. Says:

    [...] Daniel Jalkut has discovered that Windows Genuine Advantage is not the only piece of software that phones home to check in. Mac 10.4.7 gets lonely too. [...]

  8. since1968 Says:

    Good catch. It doesn’t sound like there’s much harm in this contact, but I agree with you that Apple should ask the user, or at least make the phoning home clear in its license.

    The thing is, people just don’t care. When I posted about iTunes phoning home my music preferences, the overwhelming response was “you’re stupid/technologically illiterate/gay [insert insult here]. Apple would never do anything bad.”

    I’m sure Apple noticed, and here we are with 10.4.7.

  9. Erwan Says:

    It does not do any harm for the moment. But who will check the beaviour does not change in 6 month ?
    Who will monitor every connection to see what is sent ?

  10. Mackie Says:

    If you want to keep it from phoning home, open the Dock.app/Resources folder, drag dashboardadvisoryd to the desktop while holding down Option-Command to make an alias. Add a new rule in Little Snitch, select “deny” and click OK. Then you can delete the alias, and dashboardadvisoryd is blocked.

  11. Drew Thaler Says:

    Reminds me of the unusual “VerifiedDownloadPlugin.plugin” that 10.4.7 installs in your Internet Plug-Ins folder. Rosyna correctly points out that this unannounced new plugin sure does have a name that sounds like the kind of malware you sometimes get on Windows. The weird thing is that it appears to have no actual entrypoint and does little more than make two calls into some linked frameworks.

    It may be tied in to the VerifiedDownloadAgent.app, which appears to be for Dashboard widgets too. What are those Dashboard guys doing, with all this unannounced phoning home and random undocumented web plugins?

  12. Mortimer N. Cobblepop Says:

    One of the most ridiculous stories I’ve seen – even for a Windoze fanboy, you’ve really outdone yourself.

  13. PATCH Says:

    Apple is recommending that you install Linux to rectify this issue. It is freely downloadable from http://www.ubuntu.com and will rectify this issue along with many others.

  14. Daniel Jalkut Says:

    And here I thought all the silly comments would stay safely isolated to digg.

  15. Mortimer N. Copplebob Says:

    [Comment deleted - You are only entitled to troll once on my blog]

  16. sjk Says:

    Would running sudo launchctl unload -w com.apple.dashboard.advisory.fetch be enough to keep the widget thingamajig from phoning home?

  17. Simone Manganelli Says:

    Daniel: Haha, wow, you put some incredible trust in humankind. :) If there’s anything I’ve learned about the world in the few years that I’ve been in existence, it’s that the question about human nature is not whether it’s fundamentally bad or good, it’s whether or not it’s stupid. And I’m pretty confident the answer is yes. ;) Take that, Hobbes and Locke!

  18. Macenstein » Macenstein Archive » More SpyWare from Apple Says:

    [...] Apple was so update happy (with updates to iTunes, QuickTime, and OS X) that most of us missed a seemingly benign “feature” of the latest OS update. Luckily for us, the Red Sweater Blog was on the ball, and now we once again have something to blow out of proportion. [...]

  19. Jon Hendry Says:

    “To tell us about ‘evil’ widgets? If yes, who determines which widgets are evil?”

    I presume it only checks to see if the widget is the same as the one on Apple.com. The assumption being that if the widget is not the same, then it *may* have been replaced with a trojan horse. Perhaps it wasn’t, but it’s worth noting.

    “And if that question can be answered to my satisfaction:: Why can’t I have that excellent service for any application on my machine.”

    Apple can reasonably create a database of checksums of released widgets. Doing the same for all applications that can run on a Mac would be far more difficult.

  20. BWhaler Says:

    This is simply irresponsible reporting.

    Surely you can tell the difference between a weather widget getting the current local weather from the Apple servers and WGA? One you know has to happen–unless you think the weather equipment is built into your laptop–and the other was so covert it was originally denied by Microsoft.

    The same goes for software updates.

    You must be able to see the difference and how irresponsible it is to write articles like this. (Unless, of course, you are a Microsoft shill.) Articles like this give MS the courage to do more of this type of crap.

    Chock this post up to a desperate and irresponsible search for hits.

    Sorry dude, I’m a Windows guy, and I’ll be the first to call you a loser for this post. Don’t give Microsoft the room to maneuver in their gray ethics, which is what idiot bloggers claiming “Apple does it too!!!!!!” does.

  21. MacSlash Says:

    10.4.7 Phones Home To Cupertino…

    Apple caused a stir earlier this year when a version of the popular iTunes software sent information on the files users were listening to back to Apple. Apple quickly reacted by not enabling the feature by default, and allowing a user to choose whether…

  22. Daniel Jalkut Says:

    BWhaler: What gives you the right to call me “irresponsible” and then a “loser” on my blog without substantiating your claims (even with, come to think of it).

    I never said anything about Weather widgets. Are you trying to confuse me? My little brain cannot take your insane logic.

    Articles like this reinforce the idea that it’s not OK for Microsoft or Apple to do this kind of thing.

  23. Team Murder » Genuine Widget Advantage Says:

    [...] mess up system performance or render my machine useless but it is annoying nonetheless. » Permalink113 words in thispost [...]

  24. Ari Says:

    I really think you are making a mountain out of a mole hill. This is a security feature. If you want to disable it, go ahead but don’t go crying to us if your system gets owned by a hostile widget. The VerifiedDownloadPlugin.plugin plugin works in conjunction with this feature to protect advise you of any known malware widgets. Again, feel free to bork your system if you feel paranoid but do so at your own risk. I would advise others to not follow advise here on modifying your systems.

    Congrats though on getting so many page view though on you blog. However, I would hope that in the future you would research the situation more before spreading FUD regardless of whether you had good intentions.

  25. Daniel Jalkut Says:

    Ari: what are you talking about? Spreading FUD? I just pointed out something that Apple is doing. It\’s not my fault that people choose to link here. Don\’t ascribe intentions to me because this happens to have struck a nerve.

    I do feel that Apple should be more careful about adding \”home phoning\” behavior to their system without letting its users know. And that\’s all I think. As I said in the article – keep me in the loop, Apple!

    I hardly even use widgets, which is what makes it so annoying that Apple is phoning home every 8 hours without even letting me know.

  26. Fred Sanford Says:

    I find most of this about dashboard chick-in unnecessary –
    the real bitching should be:

    why the hell cant we turn this piece of junk (dashboard) off [period].

    why does there exist an application that takes a multi threaded, multi processor computer and lock it into a single process, modal interface????

    I have not yet seen a single widget who’s function does not exist as an application.

    launch the app – leave it running, waht to check some value – Command-tab to the app.

    personally – this crap (dashboard) will never run more than once on my computer (startup from install) – after that it will not be allowed to run.

  27. Apple phone home | myMacBUZZ Says:

    [...] Blogger Daniel Jalkut first highlighted it and says that although Apple doesn’t seem to be doing anything really ‘evil’, they really should be more transparent and at least give users the option of turning it on or off: In an era when consumers are being encouraged to take responsibility for their own safety in the interconnected world, Apple and others should respect the boundaries of our “digital house” by at least keeping us in the loop about what is being done on our behalf. I can find no documentation about what Apple is choosing to send and receive on a regular basis from my Mac. [...]

  28. Ted Wood Says:

    Every application with “Check for update” functionality phones home. I think this is a “Software Update for Dashboard” feature, or at least the early stages of one. It would be nice to have some communication about it from Apple, though. They could say “10.4.7 introduces a new Widget Up-to-Date process that ensures you’re runing the latest versions of your widgets.”, but they didn’t.

  29. Ted Wood Says:

    @ Fred Sanford,

    Such a shame that you miss the point of Dashboard. Macs are supposed to be happy places.

  30. MACNOTES.DE - RANDNOTIZEN AUS DER MAC-OSPHÄRE » Archiv » Randnotizen vom 05.07. Says:

    [...] Der Tiger telefoniert nach Hause: Blogger und Software-Entwickler Daniel Jalkut weist darauf hin, dass seit dem Update auf 10.4.7 ein Prozess namens “dashboardadvisoryd” alle acht Stunden Kontakt mit Apples Servern aufnimmt. Wozu genau ist bisher nicht abschließend geklärt, vermutlich geht es darum, die Unbedenklichkeit von Widgets zu überprüfen. Die feine englische Art ist das trotzdem nicht, zumal auch die Update-Hinweise zu dem neuen “Feature” schweigen. [...]

  31. לינמגזין Says:

    מק-call-home-ינטוש…

    גם המקינטוש (Mac OS X 10.4.7) מתגעגע ומתקשר הביתה, מדי פעם. פיצ’ר אבטחה, מסתבר, אבל התלונות המתבקשות הן מדוע ה…

  32. Bjorn Townsend Says:

    There is really nothing to get excited about here. I’ve looked at the traffic on the wire, and dashboardadvisoryd is just making a simple GET request in each case. It’s not sending Apple any data whatsoever. This is no more inimical than periodically checking for software updates, something which modern desktop operating systems already do anyway.

    Here’s the sum total content of the data sent to Apple, as captured by tcpdump on my Powerbook running 10.4.7:

    GET /widgets/widgetadvisory HTTP/1.1
    User-Agent: CFNetwork/4.0
    Connection: close
    Host: http://www.apple.com

    (apple response)

    GET /widgets/parser.info HTTP/1.1
    User-Agent: CFNetwork/4.0
    Connection: close
    Host: http://www.apple.com

    (further apple response)

    Not very exciting, is it?

    Now the *response* from Apple is a little more interesting in that it appears to contain some SQL commands:

    (this is in response to the widgets/widgetadvisory request)

    HTTP/1.1 200 OK
    Age: 1459
    X-Cache-TTL: 84941
    Accept-Ranges: bytes
    Date: Wed, 05 Jul 2006 05:31:15 GMT
    Content-Length: 2095
    Content-Type: text/plain
    Expires: Thu, 06 Jul 2006 05:31:15 GMT
    Cache-Control: max-age=86400
    Server: Apache/1.3.33 (Darwin) PHP/4.3.10
    Last-Modified: Thu, 08 Jun 2006 22:08:55 GMT
    ETag: “82f-44889ff7″
    X-Cached-Time: Mon, 03 Jul 2006 22:08:14 GMT

    —– BEGIN SIGNATURE —–
    MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAaCAJIAEOi+qBbNkDp0nAQAAAAAAAAAAAAAuAAAAAAAAACYAAAAAAAAAAABIOEHzTnY9yhcFfWh/8KSqN7WlRXUAAAAAAACgggO2MIIDsjCCApqgAwIBAgIBAjANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJVUzEdMBsGA1UEChMUQXBwbGUgQ29tcHV0ZXIsIEluYy4xEjAQBgNVBAsTCURhc2hib2FyZDEeMBwGA1UEAxMVRGFzaGJvYXJkIEFkdmlzb3J5IENBMB4XDTA2MDUxNzE4MDkxN1oXDTM2MDQyOTE4MDkxN1owXTELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEFwcGxlIENvbXB1dGVyLCBJbmMuMRIwEAYDVQQLEwlEYXNoYm9hcmQxGzAZBgNVBAMTEkRhc2hib2FyZCBBZHZpc29yeTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANJkOc7PdgTrpeDvBwZ59e7CDdWiTauUxSDwm8SA4JgrQ+Gwj7c/T1KgJI57F8Eq8fju+Ckq0/p+uVLUQJ2beCYPydyKJpH5Je5g9iB9iUUoO8uamSloFOJMFOYOPn8kPKjtKvYEs2NSf8+LK+S8tOTO0ng8jfPmcTDpiTVFh3rmukoypZJ722iBXJS5MOjXwGeMd8eib3mbPrHi4kFhQzuG48d7f7LrPdQ+mIfMk69yAymGtyQf7Uubi8wXGgKxUBXkS3EE8l8Pd6mybz5Yz/42RPfEG2FrinaggJE/TaW4Kb9Di5S4jt/j8csA+6YYMR7GxGuC/hoo+gHimG+kD1UCAwEAAaN6MHgwDgYDVR0PAQH/BAQDAgeAMA8GA1UdEwEB/wQFMAMCAQAwFQYDVR0lBA4wDAYKKoZIhvd
    ZAQBBDAdBgNVHQ4EFgQUlxwKOog1HQ1DbOELsmm3KEMOVuYwHwYDVR0jBBgwFoAUSr8UjJUmkWRrNzi
    PFKtr9B5FN4wDQYJKoZIhvcNAQEFBQADggEBAHOofvRSyOEIXgYsaWZDIBFdV61hZ3CTkdTD9rq6DnECW/gwhTcLZHuAG/MfWJeake+jKUGPTNnVIcRczCqOXoqlLgoKwAzzg+DOqsa5UpEqvL3lrhELbBcj+c0cg1Pbng4w+VIpQgE0t29umqV4TXH/jkBygQrl0IsQoDKsW1HxAAMjrm1xF7Z6RYXpIi5QNw26768puZu+BUWj12vE89Z5GqXigvnet+M83jgiRvBYMQrlDnuITZ3ZPtlKowIqGvqYMJ4gUXJR//1Pd/oMKJv0GHQZtm6E4KXxpbpqZytNV2S1xxYvzjvsd+Txe04GzSZPMDvZ8JtcZPuG6pmyaLYxggGMMIIBiAIBATBlMGAxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRBcHBsZSBDb21wdXRlciwgSW5jLjESMBAGA1UECxMJRGFzaGJvYXJkMR4wHAYDVQQDExVEYXNoYm9hcmQgQWR2aXNvcnkgQ0ECAQIwCQYFKw4DAhoFADANBgkqhkiG9w0BAQEFAASCAQCwtBTzu2nqG44g13ihSNGgyYVhDdIknwGCkJeGR1brO8X/TQskasXeqLsUFjtMtZyDKcFiMPq7BCfaM/SkwCi8lCmCrYxQVccBIQt19sHpQFj/+u2C0KI7603jgbOCN8rgvojmvCPVYkc13/bM5vwl7Oxtu5fgnmCqwSk5lkZJl4AJT0Ju9kBXY7dnRGgb5mCkCJCdU5CW5FQ4wlguARLmir6wR3f8n6xRTyYru2OlJJZwEr0ayqrEKBHgXY3+BYcpN+P3MPmpCoS83vNcYzItHbNmh9v6Ln7uUR3H2l5lFshqK2p3pgqXBYBTmv03uAp2L2pF0J6MdBirohWiqq31AAAAAAAA
    —– END SIGNATURE —–
    BEGIN;
    INSERT OR REPLACE INTO meta VALUES (‘serial-number’, 1);
    COMMIT;

    So that makes me kind of wonder if someone spoofing apple.com couldn’t do some SQL injection here, but since Apple is signing the file it should be easy to detect and there is probably a mechanism in place to prevent this.

    All in all, nothing to get upset over, or even really worth noting IMO.

  33. Pex Says:

    I does support our blogger.

    It can’t be accepted that our Macs “call home” without prior notification or due explanation.

    I read that it probably was some “widget check for update” functionality. That would be acceptable if we could set it up to “manually” as for the software update that is installed in our systems.

    I doubt this “hidden phone home” functionality is in line with MacUsers philosophy. It is not in line with the image I have of Apple neither.

    I believe this has to be strongly protested in order to avoid further derives from Apple.

    Sorry for my english / I’m french.

    Pex

  34. Helge Mruck Says:

    Fred Sanford does have a point. As sys admin of macs dedicated to content creation I would like to be given the choice to decide whether or not I want dashboard to run and waste time/space/energy/network capacity.

    And Ted Wood should also be aware that auto-updating applications make for automatic incompatibility problems.
    I would never update as and when new updates become available, but rather wait and check reports on macfixit before updating. Which is why I haven’t yet encountered the dashboard problems Daniel has rightly flagged up.

  35. Kryptoblog » Blog Archive » Nya MacOSX har också hemlängtan Says:

    [...] Knappt har stormen om Microsofts nya Genuine Advantage lagt sig för det dyker upp ett nytt system som vill ringa hem i tid och otid – utan att användaren vet om eller har godkänt det. Den här gången är det MacOSX. [...]

  36. Jonloh - Tech News, Security, Microsoft, Apple, Software, Hardware, Tips, Mac, Cars, Linux, Gadget, Firefox, Game box Reviews Says:

    [...] Source from Red Sweater Blog [...]

  37. Damien Barrett Says:

    My day job is managing 500+ Macintosh computers. I reguarly have to answer to my network administrators for unidentified or mystery traffic coming from the Macs that I maintain. For instance, I once had to explain Bonjour traffic to my network admin. While this is a relatively innocuous change that Apple has rolled out, I’m upset for two reasons: 1) Apple should have been more transparent about this change with more than a one line description in the 10.4.7 changelog and 2) Apple should give us a way to turn this feature off. It should be an optional install or configuration. That others have figured out ways to disable this checking/phoning-home is beside the point.

    I actually don’t care about the few machines I have at home or the one-offs that I manage elsewhere. For these computers, this phoning home isn’t a problem. In fact, I welcome it as a way to make those computers more secure. However, in my larger managed computer environment, this stealth update by Apple has put the final nail in the coffin for Dashboard. It will be disabled in our envrionment in the Fall.

  38. Richard Says:

    I feel sorry for Daniel, getting pounded on by a bunch of people that completely missed the point.

    It seems that a large number of people today are willing to roll over and give up any aspect of their privacy if they think it does not harm; but they aren’t thinking of the future. If Apple is going to sneak this kind of code on an OS update, where will it end? One of the reasons I don’t use Windows for my home machine is because I don’t want to deal with product activation, “genuine advantage”, and all these other pieces of code creating useless network chatter, sucking down clock cycles and bandwidth, and doing what all else I don’t know about.

    I don’t care if the phone home is “nothing to get excited about”. I’m not excited. I’m disappointed at Apple’s lack of disclosure. I am disappointed that I was not given the opportunity to say ‘yes’ or ‘no’ to something that is communicating out from MY computer, that I paid MY money for.

    It is a slippery slope. How long before Apple implements its own “Genuine Advantage” or product activation schemes? How long before Apple builds a keylogger into Spotlight, just to see how people are using the search capabilities? Sure, this sounds far fetched now, but 5 years ago they sounded far-fetched on Windows too.

  39. Andy Lee Says:

    # Ted Wood Says:
    July 4th, 2006 at 10:52 pm

    Every application with “Check for update” functionality phones home. I think this is a “Software Update for Dashboard” feature, or at least the early stages of one.

    Ah, putting it that way makes more sense to me. I was having trouble understanding the rationale for this, since it didn’t make sense to me as a security measure.

    It would be nice to have some communication about it from Apple, though. They could say “10.4.7 introduces a new Widget Up-to-Date process that ensures you’re runing the latest versions of your widgets.”, but they didn’t.

    Not only nice, but IMO obligatory. It’s rude to phone home without explaining why, and it compromises the software vendor’s trustworthiness.

  40. Anche Mac Os "chiama" Apple Says:

    [...] Secondo Red Sweater Blog, dall’introduzione di Mac Os X 10.4.7 il sistema operativo “chiama a casa” due volte al giorno. Non pensate subito ai problemi di Microsoft di questi giorni, legati al programma Genuine Advantage, la cosa per ora sembra decisamente più innocua. [...]

  41. fscklog Says:

    dashboardadvisoryd: 10.4.7 telefoniert nach Hause [Update]…

    Programme die mich bevormunden wollen sind mir ein Gräuel. So verwundert es nicht weiter, dass mich das iTunes 6.0.5-Update kurzzeitig verärgerte, drängt es sich doch erneut ungefragt ins Dock zurück. Genauso ungefragt schleuste 10.4.7 einen Verifi…

  42. boondoggle Says:

    Personally, I’m glad someone is writing about this kind of behavior from Apple. I’m a big Apple fan and have only Apple computers. I got rid of my PeeCee because it kept wanting to phone home, update antiviral software, update OS, etc., etc. It irks me that my Mac now does this. I don’t want it contacting anybody except when i want it to. Period. I may have to check out Linux.

  43. boondoggle Says:

    Addendum: article about Mac users switching to Linux:

    http://radar.oreilly.com/archives/2006/06/ubuntu_linux_a_threat_to_mac_o.html

  44. Jon Hendry Says:

    Richard writes, “It is a slippery slope.”

    No, it really isn’t. Unless you think that the slope started when Apple added features to Safari so that it can periodically check RSS feeds for updates.

  45. Dashboard drives home at The Apple Blog Says:

    [...] This guy noticed with the 10.4.7 update there were some interesting phone-home things going on. The comments dig into the new process called dashboardadvisoryd, which seems to snag two apple.com resources. The support note says “You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it.” [...]

  46. Reznor Says:

    The article about mac users switching is nothing new, loads of users are constantly switching from one platform to another, look back and you’ll find an article about Linux users switching to mac’s.

  47. Andreas Wacker » Blog Archive » now that apple sells lots of stuff Says:

    [...] they think can take a stroll on the dark side [...]

  48. Bjarne D Mathiesen Says:

    the correct command to unload the function is: sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.dashboard.advisory.fetch.plist

  49. Scott Lowe Says:

    Short of running Little Snitch, is there any way to disable this functionality? If Dashboard is not running (I’ve disabled it, since I don’t use it), does that mean that dashboardadvisoryd is not running as well?

  50. Daniel Jalkut Says:

    Hi Scott – take a look at the comments here, especially that last one from Bjarne. That’s allegedly how you can configure launchd to not run the daemon that is responsible for the network connection.

  51. Scott Lowe Says:

    Thanks, Daniel–I didn’t see that response from Bjarne before I posted my question. Has anyone tested that for sure? Or do we know if the dashboardadvisoryd daemon is live even when Dashboard is disabled? The “ps -A” command on my Mac shows no Dashboard-related processes (“ps -A | grep -i dash”).

  52. “Shit-about” blog » Mac OS X llama a casa Says:

    [...] Noticia via: Red Sweater Blog [...]

  53. The PC Doctor Says:

    It’s not just Windows that phones home – OS X does it too!…

    The Red Sweater Blog  is reporting on a feature in Mac OS X 10.4.7 that causes it to “phone home” to Apple HQ servers several times a day – without informing the user:

    Lately I’ve heard a lot on technical podcasts about the public outr…

  54. Robert Otlowski Says:

    While this article amounts to FUD because it implies that this is in the same ballpark as WGA, it does point out a mistake on Apple’s part. There should be an accesible preference to disable this feature just as many programs have a preference to disable automatic update.

    The reason it doesn’t transmit any “evil” data isn’t that we’re lucky, it’s that Apple isn’t Microsoft. They might fail to give their users choices sometimes, but they also don’t screw them up the ass. If anything this was an oversight or a bad decision based on security concerns with the hope that it would go by largely unnoticed (which it would have and still may unless Microsoft uses it as this blog uses it – to draw attention away from WGA).

  55. Daniel Jalkut Says:

    Robert: I don’t appreciate your ascribing intentions to my post that aren’t accurate. By no means did I write this to “draw attention away from WGA.” That’s absurd. My point in mentioning WGA was merely to illustrate how much of a difference there is in the way the public reacts to purported wrongdoings by Microsoft vs. Apple. I will concede that the title is a little dramatic, but I think I balance that in the body of the article by very realistically describing exactly what is happening and how it should behave differently.

    I didn’t realize when I wrote this that many would interpret it as me “discovering” the callback behavior. I assumed other people had already noticed it, to be honest, and were simply not reacting. I think the people who are getting upset about this post are, as you seem to be doing, reading a lot more into it than I ever intended.

    Frankly, if this is FUD then I’m glad it’s serving that purpose now, while the stakes are low. Users need to protect their privacy and Apple needs to respect it. If that takes offending a few Apple-can-do-no-wrong zealots who refuse to acknowledge the problem here, then so be it.

  56. Ivo Says:

    Did you know that Der Spiegel has picked up on the story? Apple seems to regularly find new feet to shoot at. And here was me thinking they were so much smarter than MS. This will be big news…

    http://www.spiegel.de/netzwelt/technologie/0,1518,425236,00.html

  57. Peter B. Says:

    One solution to this would have been for Apple to roll whatever dashboard is doing into the Software Update check. Would you have cared (or noticed) then?

    But does that make sense technologically? And if not, how do we move forward from here? The Internet is becoming more and more of an expected resource. If Apple draws a line where you desire, providing prior notification before any network activity, the OS will become a mess of those notifications. Because Internet-enhanced functionality is going to creep into every corner of the OS. Sure, that could include features you dislike, like DRM or demographic analysis. But it will also include useful features, fun features, things people want.

    Google is busy creating apps where all of your data is entrusted to them. Apple can not, because that would violate the privacy expectations of their technically savvy users. But how long can that situation persist? Those same users will eventually accept that all sorts of useful features are going necessitate tying their computer to the Internet. Does Apple have to wait for some other innovator to make people comfortable with that?

    Personally, I think Apple will, even must, push the envelope here. The black and white line is not “does this software communicate with a server”, but “why does this software communicate with a server”.

    And for better or worse, those savvy people who care must be able to explain the distinction to their readers, and do the research themselves on which side of the line a given feature falls on. It’s not Apple’s responsibility to publish the details of every client/sever interaction.

    So yes, in the end, you have to choose to trust them or not by default. And then do detailed analysis to validate your assumptions. Just using the network should not be a shortcut to an assumption of evil.

  58. Ivo Says:

    Peter B, you are just plain wrong. In God We Trust. Everybody else has to prove their trustworthiness to us, and that includes Apple. By failing to disclose the purpose and frequency of this network activity they have abused our trust – even if this new ‘feature’ was well-intentioned. Apple very much has the responsibility to publish all details of every client/sever interaction. It is, after all, *my* computer we are talking about which is used for those interactions. I have a right to know about them, and a right to say ‘no’ if and when I so choose. If we don’t defend our right of privacy – on the net and elsewhere – there soon won’t be any left. It is bad enough that all kinds of agencies snoop around on the net. For Apple to entertain anything even remotely similar is inexcusable.

  59. William Scott Says:

    I hate widgets and never use them. Now I have another reason to hate them.

    I think this turns it off:

    cd /System/Library/LaunchDaemons

    sudo launchctl unload -w com.apple.dashboard.advisory.fetch.plist

  60. Peter B. Says:

    Ivo, the problem is that you’re throwing the baby out with the bath water. I completely agree about our right to privacy. But what’s private here? You have to draw a line between things that are an actual violation of privacy and things that are desirable features. And making things more difficult, I claim that line is moving, and always will be moving.

    Take a hypothetical example of a self-repairing system. How many times have you wished or seen others wish that the computer could detect and repair broken or missing files? The most robust way of implementing that feature would involve exposing extensive configuration information to a remote server. This is more or less how antiviral software works. And most users concerned about privacy would give that software a pass because they understand the trade off. Most ordinary users wouldn’t even think of the issue in the first place. I claim the issue isn’t the remote communication, but what’s done with the data on the remote side.

    That’s where you need trust, because you can’t see what happens on the remote side. And I’ve got no objections to backing that trust with a good contract or new laws. But what I don’t agree with is the blanket assumption that any client/server communication is an invasion of privacy.

  61. pj Says:

    I followed the command line provided by William Scott to see if it worked, and dashboardadvisoryd still tried to contact Apple, despite all noticeable activity by dashboard seeming to have been stopped. Just FYI. If anyone knows something else to try, please post it.

  62. Bitperbit - Actualidad y Tecnologia hoy » Mac OS X Tiger también llama a casa Says:

    [...] Vía: Apple Phones Home, Too (Red Sweater Blog) Por Alan | En: Apple [...]

  63. Chris Kearney Says:

    Daniel-

    I know how annoying it can be to have Macintosh Zealots personally attack you over a story.

    Just ignore them.

    ck

  64. Stan’s List » Blog Archive » Mac OS 10.4.7 phones home Says:

    [...] have installed are the same versions as the ones provided by Apple. More … OS X | Oodles | trackback No Responses to ‘Mac OS 10.4.7 phoneshome’ [...]

  65. L Says:

    Run tor. You can get the update; Apple won’t know who you are.

  66. mapple Says:

    http://discussions.apple.com/thread.jspa?threadID=548087&tstart=0

  67. Andy Lee Says:

    Guess what, Daniel, you just made a sale for Little Snitch. I’ve been thinking of getting it for years, but didn’t really care enough to spend the 25 bucks. I can’t say for sure I’ll pay all that much more attention to my network traffic, but (a) I want to support a good developer, (b) Little Snitch is a “nice to have” in any case, and (c) I have a new job, so spending a few bucks is easier to justify. :)

  68. sjk Says:

    take a look at the comments here, especially that last one from Bjarne. That’s allegedly how you can configure launchd to not run the daemon that is responsible for the network connection.

    Bjarne’s version uses the full pathname for the plist file; mine didn’t. I wasn’t sure that was necessary though it’s not a simple joblabel like the launchctl stop | start commands use.

  69. Daniel Jalkut Says:

    Andy: heh – I have a hunch that Little Snitch might end up being pretty happy about this article. I noticed on some of the stats-tracking pages that it was also elevated in the rankings, which I assume is related to this post’s unusual popularity Well – if there was ever an app to accidentaly promote, I’m glad it was Little Snitch. Definitely a great “missing app” from OS X. Also check out check out Rentzsch’s comment about Little Snitch and how important it is to have a neutral 3rd party in charge of such discrimination…

  70. Bjarne D Mathiesen Says:

    sjk and others: If you take a loook at man launchctl you’ll see that launchctl load|unload takes a complete file path instead of just a joblabel like launchctl start|stop. Thus, to fully unload, you’ll need to specify the complete file path and name – not just the joblabel you get from launchctl list. And please note, there’s a big difference whether or not you preceed the command with sudo. Preceeded with sudo, you’ll get the system level launchd services – without, the user account specific launchd services.

    Scott Lowe: the reason you don’t see any ‘dash’ activity, is that the service is only run periodically. Thus, you’ll have to be extremely lucky to execute the ps command at exactly the right moment. This issue was discovered because Little Snitch continuously monitors the network activity and thus caught it while running.

  71. Ivo Says:

    CNET has joined the party… This is going to be fun.

    http://news.com.com/Apple+widget+checks+raise+eyebrows/2100-1045_3-6090966.html?tag=nefd.top

    Peter B, your question “But what’s private here?” shows that you haven’t understood the issue. Nobody in their right mind would object to Apple trying to protect us from malware. Good on them. What *is* objectionable is that they didn’t tell their customers about 10.4.7 connecting to some unspecified server several times a day, and what kind of information would be exchanged. Not to mention the fact that this ‘feature’ can’t be turned off easily.

    I don’t for one moment assume that Apple has evil intentions. But for a company that prides itself on a highly trusting and loyal customer base, this was one hell of a bad business decision.

  72. Dave Says:

    I’m glad that someone made note of this. I noticed it appear in my Little Snitch notices recently, too. I allowed it once, have refused it since, but haven’t attempted to turn it off (I’ll probably actually leave it on) but let Little Snitch block its attempts forever after, till Apple explains its behavior here.
    Molly Wood claimed this was as insidious as WGA, a comment with which I disagree, but the mere behavior is aggravating, and a bad step in the wrong direction by Apple.
    I’m not really about to switch my OS, but I have been playing around with FedoraPPC and UbuntuPPC (I’m not buying a new machine anytime soon.) Continued MS-like behavior could be something that pushes me over the edge.

  73. Tomis Says:

    Someone mentioned that VerifiedDownloadPlugin.plugin ties into the dashboard framework and may be a hook into a future Widget download functionality. It appears Apple already has this functionality started in Safari.app, though not finished.

    If you look at Safari.app>Contents>Resources>OpenInDashboard.tif you’ll see what I mean. I actually figured out the key needed in the Safari preferences plist to display this Dashboard button to Safari’s toolbar, but I never could figure out how to get the button to activate. The Apple Widget website didn’t activate it, opening a widget in safari didn’t activate it. So no idea what they’re thinking of doing here, quite odd all of this.

    That being said, good investigating and shame on Apple for the virus that is Dashboard. If it was easier to kill the thing once I’m done with it maybe I’d use it.

  74. Digital Elf » Blog Archive » Phoning home? Says:

    [...] There’s been a buzz lately about Mac OS X phoning home. The skinny of this is that with the 10.4.7 update a new program called the dashboardadvisoryd makes two requests to Apple servers every eight hours. The purpose of these requests is to check if all of your Dashboard widgets are up to date. Now people are making a big fuss comparing this to Microsoft’s WGA. The rumor mill being what it is, let’s assume for the moment that all the rumors are true. [...]

  75. Sprocket999 Says:

    I have never had Dashboard running, but the idea of it phoning home realy irks me. So . . .

    with backup in hand, and Dashboard VERY disabled, I just manually ripped out a number of elements mentioned in the first post by Cameron Hayne. I removed ‘dashboardadvisoryd’ and the plist file is “com.apple.dashboard.advisory.fetch.plist” in the “/System/Library/LaunchDaemons” folder. Then I ran Disk Utility to sort out Permissions as I normally do.

    I would have continued with “dashboardadvisoryd.plist” file and ‘fetchadvisory’ but all is quiet now and my PowerBook has been restarted a couple of times today for additional software installs. All is well as everything else is running normal.

    * * NOT recommended without a complete back-up for restore in case your system revolts royally. * *

  76. nick martini Says:

    this is getting rather blown out of proportion, it seems. i honestly dont mind it checking for updates every so often (though hours seems like it might be a bit much), as nearly every other application i use, be it from apple or a third party, does the same thing.

    yeah, it was a probably mistake to not go into more detail in the press releases, but christ almighty people, its not like they do this every other week.

    if ACTUAL USEFUL INFORMATION was being transmitted to apple i might actually care, but you people are blowing it way out of proportion.

  77. Daniel Jalkut Says:

    Nick: I would agree that some people on the net are blowing it out of proportion. I think in my article I did a pretty good job of minimizing the “panic” factor while just pointing out that it was a representative mistake of not being sensitive enough to users and their desire to control the network activity of their computers.

  78. nick martini Says:

    Daniel: agreed, i meant that the OTHER people seemed to be blowing it out of proportion. your post was quite fair, i dont know why (or how) it makes you a “loser” or “irresponsible.” i DID learn some interesting facts about OSX from the comments (that werent outright trolls); i never really paid much attention, but the /var/db directory has some rather interesting items in it.

  79. mapple Says:

    Everyone here is missing the real point, I believe. It’s not a privacy issue, it’s not a hijacking issue, and it’s not a Big Brother looking over your shoulder thing, either.

    The real issue here is that Widgets are so unstable, so freaking problematic, so remarkably fragile, that they must be checked 1,092 times each year for freshness.

    Why would anyone serious about their computing environment, experience and their work platform, want this crap floating around in their system?

    I believe the solution is simple: remove Dashboard, remove all Widgets, and put an end to the phoning home simultaneously. Make your Mac environment even better than before!

  80. Z Says:

    And that’s exactly why I laugh at MAC users when they tell me it’s so much better then windows/MS…
    I bet Steve and Bill are the best of friends and they share a common interest in your wallet and that’s all they want…

  81. Schwerdtfegers weblog » Der apfel telefoniert Says:

    [...] Die schar der apple-anwender war bislang von solchen hinterhältigen attacken auf die informazjonelle selbstbestimmung verschont geblieben, schien man doch bei apple mehr wert auf die berechtigten ansprüche der kunden zu legen. Mittlerweile scheint man sich aber auch dort zu sagen, dass die schrittweise entmündigung des anwenders und enteignung des kompjuters gewisse perspektiven bietet, und so ist jetzt auch in MacOSX 10.4.7 eine versteckte funkzjon eingebaut worden, die mehrmals täglich über das internet kontakt zu apple aufnimmt und ein paar daten sendet — dass man es nicht für nötig hält, details dieser kommunikazjon offen zu legen oder auch nur den benutzer ganz allgemein zu informieren, ist wohl klar. So haben es auch ein paar anwender eher zufällig entdeckt. Technorati: windows, programme, ausspähen, daten, apple, attacken, selbstbestimmung, kunden, entmündigung, anwender, enteignung, MacOSX, 10.4.7, internet, daten, computer, information, funktion, kommunikation. [...]

  82. Andy Lee Says:

    Mike Evangelist wrote a great article with a bit of historical perspective: http://writersblocklive.com/part-187. He tells an anecdote from the early days of iDVD.

  83. Andy Lee Says:

    Daniel,

    Thanks for the link to Jonathan Rentzsch’s article. It makes me even gladder I bought Little Snitch, and I always like having my purchasing decisions validated. :)

    He jokes about the possibility that Little Snitch is itself phoning home. It’s a joke, and I don’t think for a moment it would do so, but at the same time this is the kind of tool I would prefer to be open source.

  84. Static Mesh Says:

    PLEASE READ!!!

    Delete ALL the rules in Little Snitch (yes even the defaults) and start from there.

    You WILL FIND more. Like iTunes connects to pegasus.lunarpages.com on TCP port 80 (http)

    iPhoto connects to port 80

    The Dock makes internet connections (since 10.4.5)

    Mail contacts .Mac even IF YOU DON’T HAVE A .MAC ACCOUNT.

    AddressBook contacts .Mac even if you don’t have a .Mac account.

    EFI based Mac’s can contact the internet and download even without the OS even knowing. Search for EFI on Wikipedia.

    What can Little Snitch do against EFI?

  85. Just Cut Around the Slime Says:

    [...] I read that now, our apples are suspicious of our activity — of all things they fear that we might utilize invalid (for lack of a proper word) widgets.   checking in on us now, too. No Comments so far Leave a comment RSS feed for comments on this post. TrackBack URI Leave a comment Line and paragraph breaks automatic, e-mail address never displayed, HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong> [...]

  86. Matt Sephton Says:

    I’ve just got one of the emails below for each widget I have listed on Apple.com – it explains why they have introduced the phone home feature. It seems it will be activated fully at a later date?

    Date: Sat, 8 Jul 2006 11:39:52 -0700
    From: Alan Samuel
    To: Alan Samuel
    Subject: Upcoming changes to the Dashboard Widget Submittal process

    Dear Dashboard Developer,

    For widget data integrity verification purposes we are implementing a new procedure
    for submitting widgets visible at http://www.apple.com/downloads/dashboard/. This
    new process helps ensure that your user receives the widget they’ve selected to
    download by adding a layer of verification to the download process.

    To submit widgets to Mac OS X downloads you must first be a registered Apple Developer
    Connection member at http://connect.apple.com. After logging in at
    http://connect.apple.com and following the widget submission process you will be
    required to submit a valid and unique URL for each widget.

    Each time a widget is updated or a new widget is submitted you are required to
    resubmit the widget using a unique and valid URL for each submission you make. Please
    note that Apple makes no guarantee that the software you submit will be posted. Apple
    reserves the right to reject submissions and to remove posted submissions.

    If you want to continue listing your widget on the Mac OS X Downloads site, you must
    resubmit using this new process before 12/14/06.

    Alan

    ________________________________________________
    Alan Samuel …@apple.com
    Java, Dashboard & .MacSDK Evangelist v …-…-….
    Apple Worldwide Developer Relations f …-…-….
    1 Infinite Loop, MS 303-2EV http://developer.apple.com/java
    Cupertino, CA 95014 http://www.apple.com/developer
    ________________________________________________

  87. The MacCast » MacCast 07.08.2006 Says:

    [...] A podcast about all things Macintosh. For Mac geeks, by Mac geeks. Show 148. Strange and random iPod news, a teenager blames getting struck by lightning, National Semiconductor fires employees and takes away their iPods, 10 new iPod Interface designs filled with the European trademark and design office, is Microsoft planning a wi-fi iPod “killer” for Christmas? Apple sued for stock option grant irregularities. Apple announces new educational iMac. Apple cancels plans for new Portland, OR retail store. Chicago radio station offers custom iTunes Music Store interface on their web site. OS 10.4.7. quietly adds Dashboard “phone home” feature. Ellen Feiss is appearing in an upcoming French short film, Bed and Breakfast. Apple may add spreadsheets to iWork ‘07 with “Charts”. 10.4.7 Intel OpenGL update from Blizzard. Review: PocketMac for Blackberry. How to manage OS X Mails “Previous Recipients”. Should you turn your Mac off or leave it on? How to place folders or files anywhere in the Dock. Additional comments and thoughts on Codeweavers CrossOver for Mac. What is Apple’s definition of owning music? Tips on keeping your iTunes purchased music. Remember to vote at PodcastAlley [...]

  88. Srocket999 Says:

    Adobe Reader has been doing this for years on BOTH platforms. Not to mention, what Dashboard is doing is really no different than if you have ‘auto-update’ turned on for Firefox, Safari, or anything else that offers it. The MAJOR diff here, is, all of the above mentioned (except Adobe Reader as far as I can tell) give you the OPTION of turning it off. As a long-time Mac user I say: For shame, Apple, for shame.

  89. g, Says:

    Hi there,
    I have Little Snitch activated, but failed so far to find the behaviour you describe. can you describe a reproducible case ( aka: if x,y,z then dashboardadvisoryd phones home?)

    Scott Lowe: you have to either shorten the process name by calling ‘ps -auxc’ or making it overly long with ‘ps -Aww’

    Also: I use the graphical application Lingon to easily configure the launchd services without typing in some error prone terminal commands.

  90. Daniel Jalkut Says:

    g: not sure why you’re not noticing it. Reproduceable case for me is as simple as “use my computer all day.” Sorry I don’t have any more specific details as to the logic of when the check is made. Cameron’s research tells us that the tool that does the calling home runs every 8 hours, but I’m not sure if it has some of its own logic inside to decide whether it will actually call or not.

  91. Dave Says:

    Let’s hope that OS X always stays at $129 and doesn’t ever utilize stupid security measures like OS “authentication” and “Genuine Advantage” to check for pirated software.

    Please Apple, we don’t need another Microsoft!

  92. jasper Says:

    i agree with the poster who said “Apple and others should respect the boundaries of our “digital house” by at least keeping us in the loop about what is being done on our behalf. ” .. so very true. i do not care how talented and visionary steve jobs is; i want my digital house to be respected by the builders.

  93. soeren says » Blog Archive » DashPrefs Says:

    [...] I’m sick and tired of the FUD being spread around regarding Dashboard’s advisory feature. Daniel, I know you meant well with your post, but frankly, you seem to have no idea of what harm you’ve done to the Mac community. [...]

  94. Happy-Coding Says:

    In Apple we trust ……

    … – i hope so.
    Just read about the helpful “see if the new Dashboard widget is the same that we have on our servers here at apple.com“-feature since the update on Mac OS X 10.4.7.
    So do we have to worry?

    ……

  95. Sprocket999 Says:

    “Daniel, I know you meant well with your post, but frankly, you seem to have no idea of what harm you’ve done to the Mac community. …”

    Sorry, Chief. Apple did this harm themselves by ‘sneaking’ this in. Now it all over the tech sites like a rash and Apple is a laughing stock for pulling a ‘Micorsoft’.

  96. shiftzwei » Blog Archive » Mac OS X - Dashboard meldet sich bei Apple Says:

    [...] Apple widget checks raise eyebrows | CNET News.com About the Mac OS X 10.4.7 Update (delta) Red Sweater Blog – Apple Phones Home, Too [...]

  97. menumorut Says:

    GREATE Work Daniel, you people should all understand that NO software of ANY type(anti-viral,auto-update,whatever…) should phone home without asking YOU first. It’s not about harming the Mac community or about making Windows look better it’s about YOU being fully aware of what comes in and out of YOUR computer. Keep your eyes open and your penguin close ;)

  98. g, Says:

    Ahaaa! the 8hr hint was good, since it seems to become active after the computer is up for more than 8 hrs. looks like one of my “auto-OK” extensions took care of that dialog in the middle of the night so I never noticed the behaviour during normal use.

  99. LampieTheClown Says:

    When Apple put the MiniStore out the Mac Faithful refused to believe there was anything more to it than a nasty PR blunder. Apple made a few small changes without explaining or addressing any of the more serious issues that were raised, and the headlines read “Apple Does The Right Thing!”.
    Apple still refuses to answer direct questions about the MiniStore, but nobody seems to notice or care.

    So has Apple made the same PR blunder twice?

    Somehow I don’t think that’s what’s going on here, and the way it worked out for them last time, I’m not sure I’d call it a blunder.

    Apple learned an ugly truth last January, and a bad precedent was set. As long as they can say you might benefit somehow from them sticking their nose in your HD, they don’t need your permission, you don’t need to be informed, and if you do find out and ask questions, they are under no obligation to give you any details about what they took or what they did with it.

    Lets face it, by plan or by blunder, everybody is being conditioned to accept the idea that just because it’s your computer doesn’t mean the information on it is private, or yours.
    It’s not the information about my widgets that worries me, It’s the precedent that is being set.

    How many posts have you read defending Apple that start with “Applications ABC and XYZ already do something like this, so quit complaining.” ?

    Because of the Ministore they can say that about Apps that phone home, phone third parties, send information about what file on your HD you are accessing at this moment, and add a personal identifier to the transmission. The benefit to you? Advertising on your desktop.
    Now with this update they can add “and they don’t have to give you a way to turn it off”.

    Accessing data on your HD is not addressed in Apple’s “Privacy Agreement”, and Apple has refused to comment on the fact. Why?

    Right now the information is about music files and widgets, so nobody has a problem with it. Once the precedent is set, where will it go? By the way, once it’s set, the precedent applies to other companies as well.
    Quicken
    Office
    your ISP
    “JayDub” & the boys in DC
    You can’t say it’s OK for Apple, and still keep everyone else out. Not for long.

    Lampie

  100. Hawk Wings » Blog Archive » Apple Mail phones home too Says:

    [...] Not long ago Daniel Jalkut discovered that Dashboard calls home to Apple to check for widget updates. Today I discovered that Mail.app does the same thing. [...]

  101. LampieTheClown Says:

    My computer is on the phone more often than a tenage girl!

    Between the dock, mail, widgets, software update, the ministore, and who knows what else, the average Mac phones home (guessing) between 8 – 15 times a day?

    I saw a post that explained the mail call as checking for new security certificates, and describing it as;
    “Every time you create a blank e-mail or hit reply”.

    Ministore calls every time you highlight a song in the i-tunes library, unless you turn it off. Does it count as two calls if it phones more than one “home” each time?

    Widgets call three times a day to authenticate if the software is endorsed by Apple, and has no off switch.

    Software update calls once a day by default.

    Help viewer calls home almost every time you open it, but have you noticed that it never comes up with any real answers? Hmmm.

    Crash Reporter sends lots of data home, and used to ask first. A while ago Little Snitch caught mine trying to do it without asking, twice in one day.

    I can’t imagine why the Dock would call home, but I’m told it does.

    I-Movie has tried to phone out on my computer, but Little Snitch caught it.

    Quicktime updater phones home.

    I’m sure there are others, but I think the point is made.

    “Your Honor, it wasn’t me stalking Mr. Jobs and harassing him at work, it was my computer. Really! I don’t even know his number”.
    “What? Twenty five times in one day? Really?”

    Damn static IP! I should have gotten dsl.

    See ya in 3 to 6.
    Lampie

  102. Harry Says:

    “Peter B. Says:
    So yes, in the end, you have to choose to trust them or not by default. And then do detailed analysis to validate your assumptions. Just using the network should not be a shortcut to an assumption of evil.”

    Rubbish. This is binary thinking at its dullest. “You’re either for us or against us”, eh?
    Consumers asking for transparent disclosure (and easy control) of machine initiated communication which they are legally responsibile for is not some weirdo extremist assumtion of evil, it is a conservative, thoughtful, considered, balanced, ethical and reasonable expectation.

    That said, it isn’t actually a very serious problem in this instance, but the principal is crucial. Please, Apple, stay better than Microsoft.

  103. Eston Says:

    This is the reason why Little Snitch should be part of OS X by default — then again, if that were the case, Apple would probably hide these things from their own snitch app.

  104. Apple Phones Home, TooApple released Mac OS X 10.4.7 last -- Centplus Tech Says:

    [...] Apple Phones Home, TooApple released Mac OS X 10.4.7 last week, and ever since I installed it, I ve been noticing Apple s own modest home phoning behavior. In this case it s ostensibly to provide users with the opportunity to check whether the Dashboard … [...]

  105. Bill Paxton Says:

    Just an FYI, if the New York Times published this article online or in print they would be printing a clarification/retraction.

    The blogsphere wants to have freedoms of the press, but doesnt want to abide by the same ethics standars it often seems.

  106. Daniel Jalkut Says:

    Bill: And if the New York Times received a letter along the lines of your comment, I hope they’d receive something more substantial than a vague accusation of inaccuracy.

    Tell me how I’ve been unethical here? Where is my factual error?

    Blogging also has self-correcting mechanisms that the NY Times doesn’t have, with 105 responses here where everybody has had an ample opportunity to help clarify the content. So comparing the two falls apart pretty quickly, even if you’re not being vague and provocative.

  107. Enrique Says:

    This is where you can find how to turn off the dashboardadvisory:

    http://pp.hillrippers.ch/blog/2006/07/04/Disable+the+dashboardadvisory-daemon/

  108. Phonehome | .get privacy Says:

    [...] Microsoft z.B. ist schon immer in Verdacht mit seinem Betriebssystem Daten heimzusenden, der Verdacht wird durch häufigen Funkverkehr oftmals erhärtet. Und just gab man auch eben diesen Umstand zu, zumindest beim bekannten Genuine Advantage, der Raubkopierer in den Wahnsinn treibt, aber auch ehrlichen Kunden so manche Träne entlockt. Da wird der Mac-Fan frohlocken, hat dieser doch eine Firma voller Revoluzzer die da eine bessere Welt möchten. Tja wäre da nicht der schon etwas länger zurückliegende Vorfall mit iTunes ministore und den einfach mal so übermittelten Daten. Man bereinigte den Fehler und weiter gings, mit heimfunkenden Widgets. [...]

  109. semanticpool. » In Apple we trust … Says:

    [...] – i hope so. Just read about the helpful “see if the new Dashboard widget is the same that we have on our servers here at [...]

  110. Josh Says:

    I HATE WIDGETS

  111. Jay Wollmann Says:

    I’m a mac lover, but I don’t understand why mac lovers set apple apart from Microsoft like they could never do some of the shady things Microsoft does. This just isn’t true. They are out to make money just like Microsoft, they just happen to have a much better product and much smaller/ less complaining group of consumers. Apple consumers are generally easier to please than Microsoft consumers, because the product performs better. And we trust Apple, No one trusts Microsoft.

  112. 10.4.7 phoning home to Apple | Ars Technica Says:

    [...] likely to be eagerly welcomed by users. One sharp-eyed blogger noticed that 10.4.7 has been phoning home to Apple, as often as twice within a seven-hour period. What is 10.4.7 so busy reporting? The answer is as [...]

Comments are closed.

Follow the Conversation

Stay up-to-date by subscribing to the Comments RSS Feed for this entry.