My general feeling on this is the following:

Apple is doing things to ensure stable, reliable, secure
configurations of its software. The best way to do this is via
dynamic checks/updates with a known central location. In my personal
view, these mechanisms are nothing more than an extension of the
automated software update paradigm.

Here's a message I crafted about this issue for another forum:

I can't help but say, "So?"

This isn't "phoning home", in the way people traditionally refer to
it. It's not a slippery slope. It's not sending personal information.

You don't "opt in" to Software Update, and it still "sends" plenty of
information when it does its weekly checks. (On this topic, are the
really people out there who are so paranoid that they disable
Software Update, and download all updates by hand?)

The purpose of the Dashboard Advisory feature is to ensure the
legitimacy of Dashboard Widgets; nothing more. Not to "check to see"
which ones you're running. Or to do surveys to see how many people
have updated to 10.4.7. Can that information be gotten incidentally?
Sure. Would it make any difference at all if Apple had a privacy
statement promising they're not using that information in that way?
Would it even matter if they did? If you think that something as
benign and helpful as this is something to get up in arms about,
would you believe any statement from any vendor?

Also, it doesn't SEND information to Apple. It GETS urls, and
compares them with things on your system. Can Apple infer that
machines checking in are running 10.4.7? Could they build a
geographic profile by IPs on who's, say, running 10.4.7 so far? Um,
yes, but why in the name of all that is sensible would you even care?
This is NOT a slippery slope, because what Apple is actually *doing*
DOES MATTER. If it started sending information, or there was new
suspicious activity, I'd agree. But what it's *actually doing now*
DOES MATTER.

(And the iTunes Mini Store was clearly announced and described;
perhaps its only fault was that it was on by default.)

In short, this is NOTHING like Windows Genuine Advantage. Nothing at
all.

Further, the feature is announced BEFORE you install 10.4.7. If
you're this concerned about this sort of thing, part of your due
diligence should be reading the release notes linked to directly in
the Software Update notes and release notes:

"You can now verify whether or not a Dashboard widget you downloaded
is the same version as a widget featured on (www.apple.com) before
installing it."

Granted, this doesn't specifically explain what's happening. But what
is happening is the following: the first time you open a Dashboard
Widget, its authenticity is verified with Apple.

Bottom line: if Mac OS X is to maintain its well-deserved reputation
of being secure and malware-free, etc., why would Apple not make
efforts to make such checking ubiquitous, and do so where appropriate
throughout the OS? Now, before anyones says "what's to stop them from
doing this for all apps", I'd argue that Dashboard and Apple-
integrated apps are different since they are applications integrated
into the OS, and the authenticity and security of what they do and
how they handle things is important.

And if you want to disable it:

sudo launchctl unload -w /System/Library/LaunchDaemons/
com.apple.dashboard.advisory.fetch.plist

For those who obsess about knowing anytime their computer makes a
network request that they didn't explicitly authorize, Little Snitch
is a great tool:

http://www.obdev.at/products/littlesnitch/

Regards,

Dave Schroeder | University of Wisconsin - Madison
Senior Systems Engineer | Division of Information Technology
Email: das (at) doit.wisc (dot) edu [email concealed] | Systems Engineering
Web: das.doit.wisc.edu | B263 Computer Science and Statistics
Cell: +1 608 444-5672 | 1210 West Dayton Street
Phone: +1 608 265-4737 | Madison, Wisconsin 53706-1685

On Jul 5, 2006, at 3:55 PM, mfossi (at) securityfocus (dot) com [email concealed] wrote:

> I've seen two stories today about Apple components phoning home
> with info - one saying Dashboard does it, the other saying Mail.app
> does as well. Has anyone looked into it? If these stories are
> true, exactly what information is being sent back and forth? I'm
> not currently in an environment where I can test either one with my
> MBP.
>
> Dashboard:
> http://www.macnn.com/articles/06/07/05/dashboard.calls.home/
>
> Mail:
> http://www.macnn.com/articles/06/07/05/mail.phones.home/
>
> Cheers,
> Marc

0? *?H?÷

 ?0?

10 +0? *?H?÷


 ?+0?ô0?] 
DM0
 *?H?÷


0S10 UUS10U
Equifax Secure Inc.1&0$UEquifax Secure eBusiness CA-10
050829160720Z
150829160720Z0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0?0
 *?H?÷



0?èHQÜ%wË ktëùNßM}V?ïȶÂ#¹.³S*?¥I|R±%ö3?~?cëG:!+·Ä? ÇL$ò­©«
8)?¿.Æ01qL|?I?¿Öm²\×[¼'¯íG̪»´V ?ëùçe><|¯÷?°
æp;?Ã??

£?0?0U

ÿ
?0U?RRbG,k,
¸iñ©7,#$0U
#0?Jx2RÛY6^ßÁ6@jG|L¡0U

ÿ0

ÿ09U2000. , *?(http://cr
l.geotrust.com/crls/ebizca1.crl0
 *?H?÷


%ñDX3wç֍ת· ?7kæÞßµ±z°c_?+åLÓPpGOsÉ>ف¬ÐDÓ±Ü-++?ü}£Z??d£Áù'öTï¡*)ÿw~G²?¨ø
Oµö¬U~ºbSJh,óN¨GTaßs\ÇDØéR#êeb¨Åg0?/0?? 

0
 *?H?÷


0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison0
050908172150Z
060908172150Z0¾10 UUS10U Wisconsin10UMadison1(0&U
University of Wisconsin-Madison1#0!UFaculty - Staff - Students10UDavid Schroeder1 0 *?H?÷


das (at) doit.wisc (dot) edu0 [email concealed]?0
 *?H?÷



0?¬ì2øF2^K<{RÚÈ­76¥b¿?¾
iÉDZ"pãfîÚ?Sw´?.ÖÙ²õ?}ãfÁ½
ÇoÚÖ§ñÓÓp¸[;n"FÞ*ç6~j?s?[?vÇÉc¤B?.öX3Ûâ<Ñ?Z#\qäó×??Wï`Á
Ý?kKd

£p0n0U

ÿà0;U40200 . ,?*http://crl.geot
rust.com/crls/wisconsin.crl0U#0??RRbG,k,
¸iñ©7,#$0
 *?H?÷


)ßÌ>×ÐÊ:¬X+kô䝪p
»´7ÝZöXMàá?Ê?êëàJ5Fª?5°sP¦hr°aïV=5i#7Y¦Ã??mh?Î?É
?Á?.??=dÀ"[JùxEø;²Óëüv:?ý-çÞ­?%ºG?Òw­?0!?ï÷ü²]G,?1?ß0?Û

00?1
0 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0 + ?
¥0 *?H?÷

1 *?H?÷


0 *?H?÷

1
060705211628Z0# *?H?÷

1??lm<ÀÞV$Ç¡×òYא;0  +

?71?00?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0¢*?H?÷

1? 0?10 UUS1+0)U
"Division of Information Technology1#0!UFaculty - Staff - Students1(0&UUniversity of Wisconsin-Madison
0
 *?H?÷



?Zѧ\Â×j?Ö*:=ë??§÷Ø??mèfb­ÄôËôø??ِÅjrcùTv?ü×¥z]]¾=©?tè?øý;CO
^É×k
âÄH©4eyæ^C?»QYS^î(jl?-nåø5 ygvqz1ìä4Y ñ@/?î?«x×ݱ?ÌÀ?

[ reply ]