One of the new features you can get with new OSX Yosemite is enhanced spotlight. What exactly Spotlight doing ? Indexing all of your content, except you’re not excluded something in settings. Also Apple tell us “Safety. Built right in.” So does it true ?
Spotlight always knows everything about your old and new files, it indexing not only files, but calendar records, bookmarks, browser history, contacts and emails. Spotlight knows everything about your files and you.
What it does when you’re typing something in a search field Spotlight search everywhere and everything and even loading webpages from your bookmarks and history, questions ?, follow next:
I am take Wireshark sniffer, turn off all other programs and start to watch what exactly Spotlight did when i am type something.
Let’s start with simple query “weather”, take a look at this:
another one more interesting “porn”:
For more handy view leave only DNS queries
Spotlight fully load web page with safari in background
query “buy phone”
another one query and spotlight load page from browser history
Very intersting that even if those pages are loaded they haven’t any effect on spotlight search results, nothing related at all. That is very suspicious fact.
Such hidden queries and behavior can provoke sensitive data leak, and obviously that kind of leak can be very dangerous. At least you’re send your IP address to 3d party resources, furthermore query related web pages will be opened in hidden mode, and suddenly spotlight can open some exploit that use some vulnerability of safar engine.
How to avoid hidden and dangerous Spotlight queries
By default Spotlight settings looks like this:
Take a look at “Other” item what can it be ? I don’t known maybe you know ?
I am turn off all that potentially can uses 3d party services: Bing Web Searches, Spotlight suggestions, Bookamarks & History and of course Other.
Second screen of settings with exceptions:
WARNING: When you’re updating operating system for example to Yosemite, settings of exception will be restored to default values (YES FUCK APPLE)
Very intersting that tab which called “Privacy” contains nothing! And even if you’re setup something here there is no warranty that after next operating system update settings will be there.
Also I am recommend you to add all of your sensitive data to exception for indexing by Spotlight. By the way there are project called https://fix-macosx.com/ which allows you disable all bad things in Spotlight by launch small python program in a terminal. (Also this is my version of it, with a bit more disabled items https://github.com/noroot/fix-macosx )
If you’re want to completly disable Spotlight from your OSX you can do it like this:
sudo su chmod 0000 /Library/Spotlight chmod 0000 /System/Library/Spotlight chmod 0000 /System/Library/CoreServices/Search.bundle chmod 0000 /System/Library/PreferencePanes/Spotlight.prefPane chmod 0000 /System/Library/Services/Spotlight.service chmod 0000 /System/Library/Contextual Menu Items/SpotlightCM.plugin chmod 0000 /System/Library/StartupItems/Metadata chmod 0000 /usr/bin/mdimport chmod 0000 /usr/bin/mdcheckschema chmod 0000 /usr/bin/mdfind chmod 0000 /usr/bin/mdls chmod 0000 /usr/bin/mdutil chmod 0000 /usr/bin/md
chmod using in this hack for backup puproses, if you want to turn on spotlight just chmod files to normal permissions.
After reboot you should run this commands to completly remove old index files.
rm -r /.Spotlight-V100 rm -r /private/var/tmp/mds exit
That’s all. Welcome to comments and discus this weird stuff.