Darkside of the Spotlight (English version)
One of the new features you can get with new OSX Yosemite is enhanced spotlight. What exactly Spotlight doing ? Indexing all of your content, except you’re not excluded something in settings. Also Apple tell us “Safety. Built right in.” So does it true ?
Spotlight always knows everything about your old and new files, it indexing not only files, but calendar records, bookmarks, browser history, contacts and emails. Spotlight knows everything about your files and you.
What it does when you’re typing something in a search field Spotlight search everywhere and everything and even loading webpages from your bookmarks and history, questions ?, follow next:
I am take Wireshark sniffer, turn off all other programs and start to watch what exactly Spotlight did when i am type something.
Let’s start with simple query “weather”, take a look at this:
another one more interesting “porn”:
For more handy view leave only DNS queries
Spotlight fully load web page with safari in background
query “buy phone”
another one query and spotlight load page from browser history
Very intersting that even if those pages are loaded they haven’t any effect on spotlight search results, nothing related at all. That is very suspicious fact.
Aftermath ?
Such hidden queries and behavior can provoke sensitive data leak, and obviously that kind of leak can be very dangerous. At least you’re send your IP address to 3d party resources, furthermore query related web pages will be opened in hidden mode, and suddenly spotlight can open some exploit that use some vulnerability of safar engine.
How to avoid hidden and dangerous Spotlight queries
By default Spotlight settings looks like this:
Take a look at “Other” item what can it be ? I don’t known maybe you know ?
I am turn off all that potentially can uses 3d party services: Bing Web Searches, Spotlight suggestions, Bookamarks & History and of course Other.
Second screen of settings with exceptions:
WARNING: When you’re updating operating system for example to Yosemite, settings of exception will be restored to default values (YES FUCK APPLE)
Very intersting that tab which called “Privacy” contains nothing! And even if you’re setup something here there is no warranty that after next operating system update settings will be there.
Also I am recommend you to add all of your sensitive data to exception for indexing by Spotlight. By the way there are project called https://fix-macosx.com/ which allows you disable all bad things in Spotlight by launch small python program in a terminal. (Also this is my version of it, with a bit more disabled items https://github.com/noroot/fix-macosx )
If you’re want to completly disable Spotlight from your OSX you can do it like this:
sudo su
chmod 0000 /Library/Spotlight
chmod 0000 /System/Library/Spotlight
chmod 0000 /System/Library/CoreServices/Search.bundle
chmod 0000 /System/Library/PreferencePanes/Spotlight.prefPane
chmod 0000 /System/Library/Services/Spotlight.service
chmod 0000 /System/Library/Contextual Menu Items/SpotlightCM.plugin
chmod 0000 /System/Library/StartupItems/Metadata
chmod 0000 /usr/bin/mdimport
chmod 0000 /usr/bin/mdcheckschema
chmod 0000 /usr/bin/mdfind
chmod 0000 /usr/bin/mdls
chmod 0000 /usr/bin/mdutil
chmod 0000 /usr/bin/md
chmod using in this hack for backup puproses, if you want to turn on spotlight just chmod files to normal permissions.
After reboot you should run this commands to completly remove old index files.
rm -r /.Spotlight-V100
rm -r /private/var/tmp/mds
exit
Another one screenshot with apple spotlight terms of use:
That’s all. Welcome to comments and discus this weird stuff.