Some months back, a new iTunes feature caused havoc. When you clicked on the name of a track on your playlist, tunes of a similar genre appeared at the bottom of the iTunes window in a so-called “mini store.” Talk about havoc, because, in order to accomplish this magic, information about that selected song had to be sent to Apple.
You can imagine what happened next. The critics charged Apple with sending us spyware, so changes were soon made. While you could delete the mini store’s display, an update altered the approach. Now you had to turn on the feature before it became active. Moreover, Apple protested that it really wasn’t collecting any secret information from you, just the name of the song you selected. It didn’t even track the song you actually played.
I had hoped they learned their lesson from that ill-considered scheme, however well intentioned, but that was not to be. But to frame this commentary, let’s harken back to a little trick Microsoft recently pulled on its Windows XP customers, in the form of what masqueraded as just a routine update. Known as Windows Genuine Advantage, it was a beta version of software designed to make sure that you weren’t running a pirated version of Windows. Each day, WGA would phone home to Microsoft’s servers to deliver that information.
Now I have nothing against Microsoft wanting to determine whether or not a copy of Windows was legit or not, but that’s not the point. What you had here was, in effect, a silent agent that would upload information to Microsoft about your system setup without your knowledge or permission. Isn’t that what spyware is all about?
Well, you can imagine what happened next. As litigious customers put their class-action lawsuits into motion, Microsoft relented and changed WGA to sharply curtail the online connections with their servers, and also updated descriptions of the product to better inform customers of what it was going to do.
So what does Apple do in the wake of these controversies? Well, among the “fixes” in the 10.4.7 update was a little element known as the Apple Dashboard Advisory, supposedly a security feature that checks to make sure you are using genuine widgets that are authorized by the company who built them. The checking mechanism apparently works every eight hours while you’re online.
Now as a practical matter, this new feature is designed to protect you, somehow, from running a widget that might compromise your safety. But it’s also compromising your privacy once again, even if the server connection is strictly limited to checking your widgets for authenticity.
Understand that privacy has become a political football in the halls of Congress and this is a very bad time for a company to release software that communicates with the home office without your knowledge or consent. With Apple’s Software Update feature, you can decide whether or not it runs, and how often. The Apple Dashboard Advisory, however, came with no advance warning or mechanism to switch it off.
I am not suggesting that Apple’s behavior here is insidious in any way. In a statement, the company states, “Apple takes protecting user privacy very seriously. The Dashboard Advisory feature is a security tool that ensures that the correct version of a widget has been downloaded from a third-party site and no personal information is transmitted to Apple.”
So far, there’s no evidence that Apple is telling us a fib here. The server connections do not appear to extend beyond what the company represents, and, indeed, no personal or system-related information is being sent. But that’s not the point. You have a right to know what your Mac is doing behind your back.
The solution, of course, would be simple. First put up a prompt in a revised 10.4.7 installer about the feature and what it’s intended to do, and explain how to turn it off. One way would be to add such an option in the Security preference panel.
Alas, Apple hasn’t learned from its mistakes. You and I are told that Macs are more secure, relatively immune from the virus invasion that has engulfed the Windows platform. At the same time, we don’t need anyone else spying on what we do, even if its purpose is to protect us from ourselves.
While I’m sure third parties will develop utilities to turn the thing off, I’m more concerned with Apple’s cavalier attitude about the whole thing. Hopefully an official fix will be in the offing. As for me, I’ll probably leave the Dashboard Advisory active, even if I have the option to shut it down. But I still want to make my own decisions about such matters.