The Macintosh computer has long been viewed/touted/sold as an alternative, not so much to PC hardware, but to all things Microsoft. You won’t have to deal with Windows crashes, Windows bugs, Windows security problems, Windows phoning home… er, scratch that last part.
A blogger and Macintosh developer has found that a component in the latest release of the MacOS is doing something very similar to what has so many people riled up about Windows Genuine Advantage; it phones home on a regular basis.
Daniel Jalkut is a former Apple
engineer who founded his own company, Red Sweater Software, a few years ago. In a July 3 blog entry, he pointed out that Apple’s Dashboard Advisory utility was routinely contacting Apple in the background.
The only reason he caught it was due to a utility running to catch outgoing traffic. “If I didn’t run Little Snitch I wouldn’t have any idea this was going on, because Apple made no point of informing me of the new feature and what it would entail,” he wrote.
When MacOS 10.4.7 shipped last month, there was a one-sentence mention in the release notes that “You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it.” But it does not say how that verification is done.
The Apple Dashboard Advisory verification software is designed just to verify that widgets being downloaded are actually coming from the developer. Macintosh widgets, like the ones in Vista or available from Yahoo, are small, desktop applications that perform simple, singular tasks.
Apple provides links to thousands of widgets but does not actually host them. The widget has to be hosted by the developer. To protect the end user, Dashboard Advisory verifies that the widget submitted to Apple is what is being downloaded. It’s all designed to prevent spoofing, the practice of impersonating a server without permission.
Anuj Nayar, a spokesman for Apple, insists there is no spying on users going on. “Apple takes protecting user privacy very seriously. The Dashboard Advisory feature is a security tool to insure that the correct version of a widget has been downloaded from a third party site. No personal info is transmitted back to Apple or anyone else,” he said.
Nayar said that while there isn’t a way to turn off this check from the UI it can be done through a terminal entry. He also said that Dashboard Advisory does not work on any other elements of the operating system and is not active at any time other than when the user is downloading a widget.
But Jalkut disputes this. “The outward network request happens every 8 hours or so regardless of whether any widgets have been recently downloaded,” he said in an email to internetnews.com.
So far as Jalkut has been able to determine, the activity is quite tame. The Dashboard requests a pair of URLs at Apple, and nothing appears to be sent back to Apple. However, that’s not the point.
“They didn’t ask my permission to start making this regular check-in, and I’m not even sure what benefit I’m going to be getting out of allowing it,” he wrote.
This is the same issue that has Windows XP users so furious at Microsoft that several have filed lawsuits. For several months, Microsoft failed to reveal what Windows Genuine Advantage was doing. Jalkut thinks there should be disclosure.
“Among software developers, there is a sort of understanding that all network connections should be either implicitly or explicitly cleared by the user and preventable by the user if they choose to turn off the feature. In this case, Apple is not offering the user either knowledge of the new network connection or any friendly way to disable the functionality,” he wrote.