Apple's latest operating systems, Mac OS X Yosemite and iOS 8, both transmit your search terms back to Apple by default. In fact, it's quite difficult to disable. This means that, if you use the built-in Safari browser, Apple not only knows what you did search for, but it knows what you thought about searching for even if you never actually hit the Enter key.
Billed as a "feature" since it was first rolled out in iOS, Apple has enhanced search by causing it to send your search queries to many places, not just one search engine. Typing in the Spotlight box on iOS8 or Mac OS X Yosemite will cause your search terms to go to Apple, Microsoft's Bing, and whatever search engine you select (e.g., Google or DuckDuckGo). They go to Apple so that you can see results from Apple properties, like the App store. They're sent to Bing as a way of getting you quick, relevant search results based on partial queries. Finally, when you press the Enter key, the full phrase you typed is sent to the search engine you choose.
We know where you are and what you're looking for
If you have Location Services enabled, then your computer (or phone or iPad) will transmit your location along with your search terms. The ostensible benefit is that search engines give you better results if they know where you are. For example, if you're standing in London, searching on "Times" in the app store will probably place the app for "The Times" newspaper in London at the top of search results. In New York, "The New York Times" will probably rank higher, and in Los Angeles "The Los Angeles Times" app will probably be listed first. Likewise, if you're at a software testing conference where Michael Bolton is speaking and you search "Michael Bolton" you will probably see results about him and his work, rather than the famous singer.
This has the side-effect, though, of giving your location and search terms to Microsoft, Google, and Apple every time you search (whether you're on your phone or your laptop). On its page about Spotlight Suggestions, Apple said:
"If you do not want your Spotlight search queries and Spotlight Suggestions usage data sent to Apple, you can turn off Spotlight Suggestions. Simply deselect the checkboxes for both Spotlight Suggestions and Bing Web Searches in the Search Results pane of Spotlight preferences in System Preferences on your Mac. If you turn off Spotlight Suggestions and Bing Web Searches, Spotlight will search the contents of only your Mac."
The solution is to follow these instructions. For seriously high-tech users, they have a script to run that will make the changes directly.
Additionally, there are three separate checkboxes to find and they are poorly labelled. The two mentioned by Apple are logically with Spotlight, but the third is in Safari's preferences where "Include Spotlight Suggestions" will also invoke this behavior.
On an iOS8 device, similar preferences have to be checked: General, Spotlight Search, Spotlight Suggestions, and Bing Web Results needs to be unticked. The third option is really buried in iOS8: Privacy, Location Services - scroll all the way down to System Services and turn off many options like Spotlight Suggestions.
Note that none of these options, except one under iOS, is under the heading of privacy. This suggests that Apple does not regard these as privacy-related options.
The necessity to make it clear from the start
Apple is not making it sufficiently clear that opting into a feature like "spotlight suggestions" transmits your location data and search queries while you're typing them (even if you don't press Enter). Because this is such a change, it deserves more explicit language from Apple. Users do not realize that everything they search for (even if they're just using Spotlight to start a program, like Microsoft Word) is being sent to Apple and Microsoft. If Apple wants its desktop operating system to be used in places where "phoning home" is not acceptable, they need to have a big switch somewhere labelled "local search only" and turn all the options on or off at once.
Surprisingly, Linux did it first
The first operating system to do this level of search integration was Ubuntu Linux in 2012. By default, the operating system included Amazon product searches as a side-effect of searching for data on the Linux desktop. For the last two years there was as steady drumming of irritation from users, prompting Micah Lee to create Fixubuntu. It is a script that disables those Ubuntu features by default. Ubuntu requires an explicit opt-in to these search features, starting with Ubuntu 14.10.
Users who care about privacy hope that Apple responds in less than the 18 months it took Canonical to respond.
Paco Hope is a security consultant at Cigital.
Author of the Web Security Testing Cookbook and frequent conference speaker, Paco Hope is a security consultant with Cigital who has been working in the field of software security for almost two decades. Paco helps secure software in the financial, retail, and online gaming industries through security requirements, source code review and architectural risk analysis. He serves as a subject matter expert to (ISC)² for the CISSP and CSSLP certifications. Outside of secure software, he is passionate about privacy, user experiences, and data visualization. Paco fundamentally believes that security is less about wizardry and more about common sense.