A blogger and Macintosh developer has found that a component in the latest release of the MacOS is doing something very similar to what has so many people riled up about Windows Genuine Advantage; it phones home on a regular basis.
Daniel Jalkut is a former Apple (Quote, Chart) engineer who founded his own company, Red Sweater Software, a few years ago. In a July 3 blog entry, he pointed out that Apple's Dashboard Advisory utility was routinely contacting Apple in the background.
The only reason he caught it was due to a utility running to catch outgoing traffic. "If I didnt run Little Snitch I wouldnt have any idea this was going on, because Apple made no point of informing me of the new feature and what it would entail," he wrote.
When MacOS 10.4.7 shipped last month, there was a one-sentence mention in the release notes that "You can now verify whether or not a Dashboard widget you downloaded is the same version as a widget featured on (www.apple.com) before installing it." But it does not say how that verification is done.
The Apple Dashboard Advisory verification software is designed just to verify that widgets being downloaded are actually coming from the developer. Macintosh widgets, like the ones in Vista or available from Yahoo, are small, desktop applications that perform simple, singular tasks.
Apple provides links to thousands of widgets but does not actually host them. The widget has to be hosted by the developer. To protect the end user, Dashboard Advisory verifies that the widget submitted to Apple is what is being downloaded. It's all designed to prevent spoofing, the practice of impersonating a server without permission.
Anuj Nayar, a spokesman for Apple, insists there is no spying on users going on. "Apple takes protecting user privacy very seriously. The Dashboard Advisory feature is a security tool to insure that the correct version of a widget has been downloaded from a third party site. No personal info is transmitted back to Apple or anyone else," he said.
Nayar said that while there isn't a way to turn off this check from the UI it can be done through a terminal entry. He also said that Dashboard Advisory does not work on any other elements of the operating system and is not active at any time other than when the user is downloading a widget.