Apple's latest macOS High Sierra brings a number of new features, but is also creating a lot of issues in terms of security and user privacy. We have already seen a critical security flaw discovered by an ex-NSA hacker that enables attackers to steal plain-text passwords stored in Keychain. It appears that the new operating system brings more than just a potential password exfiltrator.
macOS High Sierra also brings an update to the Safari browser that allows the Cupertino tech giant to collect more user data than it previously did. The company first introduced this feature of Differential Privacy at its Worldwide Developers Conference last year when it became part of iOS 10 for comparatively low-level applications (emoji, Notes, etc). Apple's senior vice president of software engineering, Craig Federighi, had said at the time.
“Differential privacy is a research topic in the area of statistics and data analytics that uses hashing, sub-sampling and noise injection to enable this kind of crowdsourced learning while keeping the information of each individual user completely private."
High Sierra Security: Apple continues to expand data collection under Differential Privacy - doesn't collect raw user data
The company is now using this technology to collect information about user habits as they browse through its Safari browser. Apple suggests that this is being done to spot problematic websites that use too much memory or power.
Apple, however, notes - like many other technology companies - that the process will amass data without collecting any personally identifying information, making sure that user privacy isn't affected. It has long been debated if data collection can ever truly be non-identifiable, but researchers have suggested that this process helps the companies collect data while avoiding any raw user data. Apple is also certainly trying to start this process in the right way by making it an opt-in process.
According to TechCrunch, users won't be receiving any separate prompts as the new data collection process is part of the Device Analytics information. Currently, users who do check the box to send Analytics information to Apple, send the following data:
- Details about app or system crashes, freezes or kernel panics.
- Information about events on your Mac (for example whether a certain function such as waking your Mac was successful or not).
- Usage information (for example, data about how you use Apple and third-party software, hardware, and services).
It is likely this section will be updated soon to include the data that now will be collected using Safari. You can choose to opt out of the process at any time by tapping on Apple > System Preferences > Security & Privacy > Privacy, and toggle off Share Mac Analytics (or App and iCloud Analytics).
Earlier this year, Apple also introduced a new iCloud section to "improve intelligent features such as Siri and other similar or related services" using Differential Privacy. Federighi had previously said that Apple’s deep learning and AI analysis for smart services would be done locally on the device rather than in the cloud. It isn't immediately clear if that continues to be the case.
- In another news, Google's Project Zero just revealed that Apple's Safari is the worst browser in terms of security, trailing behind even Microsoft's Internet Explorer.