This story has been updated to reflect comment from Apple.
Apple has begun automatically collecting the locations of users and the queries they type when searching for files with the newest Mac operating system, a function that has provoked backlash for a company that portrays itself as a leader on privacy.
The function is part of Spotlight search, which was updated with last week’s launch of new Mac computers and Apple’s latest operating system, Yosemite OS X, which also is available for download to owners of older machines. Once Yosemite is installed, users searching for files – even on their own hard drives -- have their locations, unique identifying codes and search terms automatically sent to the company, keystroke by keystroke. The same is true for devices using Apple’s latest mobile operating system, iOS 8.
A pop-up window discloses the change, saying collecting the data helps provide results “more relevant to you” as Spotlight also looks beyond individual computers to gather information across the Internet, much like popular search engines such as Google already do. But privacy advocates worry that users won’t understand what information is collected and how to stop the transmission of data to Apple, which happens by default.
The change is the latest by a major technology company hoping to more closely integrate individual devices with remote cloud services. Yet the privacy consequences could be significant because while devices – such as computers, smartphones and music players – are increasingly well protected with encryption and other defenses, remote cloud services have proven more vulnerable to outside attack, as happened when hackers extracted the intimate photos of Hollywood celebrities this summer from accounts on Apple’s iCloud service.
“We are absolutely committed to protecting our users' privacy and have built privacy right into our products,” Apple said in a statement Monday night. It said the company had worked to “minimize the amount of information sent to Apple” and had implemented several protections to keep user information private.
The reaction to the changes on Spotlight was harsh on Twitter, with some critics saying the change had undermined Apple’s increasingly vocal position on user privacy as it released new forms of encryption for its popular mobile devices, such as the iPhone, that made it difficult even for police to access when they have search warrants.
One Twitter user, under the name Neal Wise, spoke of Apple’s “newly found posturing about protecting user privacy,” then asked, “What’s Apple doing with this data?”
Landon J. Fuller, chief executive of software company Plausible Labs, said in an e-mail, “If we look at Yosemite, we see that Apple collects extremely detailed metrics about their customers' web and Spotlight searches. They may be using those metrics to explore improvements to their own search technology instead of to sell to 3rd-party advertisers, but they're still collecting them.”
Fuller also created a Web site, fix-macosx.com, detailing how to shut off Apple's data collection.
Apple officials said Monday that the data collection is intended only to improve the quality of searches conducted through Spotlight, a standard feature on both Mac computers and Apple’s mobile devices, such as the iPhone and iPad. The user identification number rotates after 15 minutes to a new identifier, they said, and the location and search query information is not used to create profiles of users or to deliver targeted advertising. Apple has sought to distinguish itself in recent months from competitors, such as Google and Facebook, that rely on user data collection to generate advertising and profits.
Testing by The Washington Post found that the locations revealed in Spotlight searches can be strikingly precise, placing a user within a particular building in Washington, D.C., even though the disclosure box on Spotlight refers to collecting “your approximate location."
Apple officials said that Spotlight seeks to obscure exact locations but said that the information typically is more precise in dense areas and less so in sparse ones. Company officials also said they plan to disable a function in which Spotlight begins transmitting a user’s location as soon as the function is activated; soon, the transmission will happen only once a queried has been typed.
Apple traditionally also has notified users when their location information is being used, by displaying a small arrow in the menu bar. But the company has chosen to not alert users when the operating system itself transmits their locations, as Spotlight now does. Apple officials said that too many notifications could de-sensitize users.
In addition to sharing information with Apple, Spotlight also can download relevant Web pages and Wikipedia articles about the topics covered by a search query, revealing potentially sensitive information about the user’s activities to other Web sites as well. Apple officials said that query and location information is shared only with Bing, a search engine provided by Microsoft, and that it is contractually prohibited from using that information for advertising or developing user profiles.