7182 Views 14 Replies Latest reply: Jun 26, 2010 12:10 AM by ron App
I have Little Snitch and this is how i documented how SubmitDiagInfo behaved. In the beginning it behaved, then it started becoming subversive. I never consented to automatic data collection. The SubmitDiagInfo dialog provided automatic data collection as a choice but i always avoided. Then the choice went away with subsequent crash reports dialogs, then i was not prompted anymore. This is when SubmitDiagInfo started calling home regularly.
I am a programmer and so i know that this behavior has been coded deliberately, it does not appear to have been done in good faith. It is very easy to have the SubmitDiagInfo dialog boxes behave in a consistent manner.
My interest is to turn off this automatic data collection so SubmitDiagInfo behaved like it did before, only popping up to do one-off crash reports. I want to conserve computer resources as this machine is a specialized machine for music and i do not want uncessary applicatins running in the background. And i definitely do not want a machine that "phones home" all the time. It does not give me peace of mind. I deal with this privacy invasion with my Windows machines and i sick of it.
When i brought up Console preferences, the checkbox for "Automatically send anonymous diagnostics and usage data to Apple" is unchecked and disabled. This confirms that SubmitDiagInfo is "phoning home" without consent. This is illegal and unlawful because of how consent was initally being requested via dialog boxes. I refused to enter into such contract. Apple better **** well fix this and stop spying on its users.
Prove that it's sending if that preference is desabled.
Obviously, if this setting is "off", Little Snitch active, and indicate that SubmitDiagInfo wants to connect to Apple, anyone would guess that it does so to send something.
Which is not nice, because that is exactly what happens (even with 10.6.4).
Can you please clarify.
In your first post you wrote:
The OSX diagnostic reporting, called "SubmitDiagInfo" is now regularly "calling home" without my knowledge
If it was without your knowledge, how did you know?
Then you wrote:
I have Little Snitch and this is how i documented how SubmitDiagInfo behaved.
Little Snitch has never alerted me to this behavior. and that box in my Console Prefs is unchecked. How are you getting this alert? Exactly what is LS saying? What process is it coming from? If LS is giving you this alert, it should be giving you the option to Deny and you would be able to stop it calling home right there. This really isn't making any sense. Do you know which rule the alert is coming from?
Message was edited by: WZZZ
You are correct in that the behavior has been coded deliberately (obviously) and extensively documented, although I don't know how the leap to "does not appear to have been done in good faith" was accomplished. Relax a bit and peruse the links previously provided (the ReportCrash page in particular has additional tech note and bug reporting links).
The differences in the dialogs is because the normal setting for CrashReporter is for application crashes. To include background and command line processes, use the /Developer/Applications/Utilities/CrashReporterPrefs.app to change the preference.
Since the OP said this behavior was "documented" from Little Snitch, I would still like to know how this was documented. I would have thought LS would have popped up a dialog box from which it would have been possible to "Deny" the connection.
If not, I don't understand how else it would have been possible with LS running to become aware of this.
My thought was that an application crashed and a message allowed at some point (which opted in the reporting), then later not allowed but reporting was not opted out via the Console. In that case, there would not be a dialog if a background process crashed, although Little Snitch may alert depending on the rule. I don't see anything nefarious in this behavior (the difference being just the particular preferences/rules), but I can see how some can be a bit gun shy since just about every application sends something somewhere.
The application firewall i am using pops up an information windows that tell me what application is accessing the internet, the URL, ectera. Download an application firewall and see it for yourself. If you are security conscious you will find a number of security issues on your machine that you were not aware before, did not authorize, etctera.
Since this post i have documented a number of Apple applications/services that try to "Phone Home". You have to be naive to believe that your Mac only contacts Apple when you tell it to do so. It is similar to what i have documented on Windows machines. Over the past 5 years i have noticed that this "Phone Home" phenomenon increases with every next version of the OS or update. I am new to Macs, but on Windows machines, even the NTKernal will now occasionally try to contact Microsoft servers. An OS kernal has no business doing this kind of stuff. I have even observed where arbitrary ports are being used, not the typical port 80, port 443, etcetera. I thought i had spyware on my machine. Nope. On Windows NT/2000/XP, it appears Windows even has a hidden service that periodically does a type of Win32 memory injection to hi-jack other applications and use them as proxy to "phone home", always to Microsoft servers. Sounds crazy, but i have witnessed it many times over the years. Even some open source software such as Firefox is guilty of doing this kind of thing. Firefox does the "phone home" during a webpage request. What it does is initiate webpage request, interrupt and "call home" to one of several Mozilla servers, then re-initiate page request and continue. Very sneaky.
I have even observed where servers out on the internet such as Google will try to connect to my computer using a variety of ports other than standard internet ports. Sorry, you should not need anything but port 80 to use Google and surf the internet. Use a good application firewall and you can observe this yourself.
I think everybody who takes privacy seriously should start looking into this. Where is the security community on this? It appears to be compromised, talks about everything else but this elephant in the room that i have witnessed the past 5 years. The prevailing propaganda is that this is all benign. I program software for a living and know you do not need to code software that makes regular connections with servers on the internet without user knowledge and explicit consent. This is unethical and possibly a common law crime.
Anyways, it appears that this "Phone Home" phenomenon is "by design". Fortunately there are products out there that allow you to deal with it. Unfortunately it is only a quick fix, it does not resolve the underlying security issue.
Humbug! No Apple app "calls home" or submits diagnostic messages to it unless the user has authorized same. Your windoze experience notwithstanding. That doesn't happen with Apple products.
From Apple's help files:
+You may specify any one of the following options for information collection:+
+Ask each time+
+You’ll be offered the opportunity to select a collection method when you encounter an unexpected application termination, force an application to quit, or are required to restart your computer.+
+To select automatic reporting: When prompted, select “Don’t ask me again,” and then click Agree. If you set up automatic reporting, diagnostic and usage information is periodically sent to Apple anonymously.+
+Automatic reporting of diagnostic and usage information is off by default. You must provide your consent before automatic collection can begin.+
+To select no reporting: When prompted, select “Don’t ask me again,” and then click Disagree. No reports will be sent to Apple.+
+To select ask each time: When prompted, deselect "Don't ask me again". You will then have the option to click either Agree or Disagree each time a diagnostic event described above occurs.+
I mentioned in a prior post that the "Automatically send anonymous diagnostics and usage data to Apple" in the Console application is unchecked and disabled. SubmitDiagInfo disregards and attempts to "Phone Home" regularly. SubmitDiagInfo no longer provides the reporting options you describe but will attempt to make contact with servers on the internet. I never consented to automatic reporting collection. My current solution is to use a software firewall and lock down outgoing internet access.
As far as all this "Phone Home" stuff, please get an adequate software firewall and witness what i have described. You need a firewall that monitors applications trying to make outbound connections. You would be naive to simply believe at face value that "No Apple app "calls home" or submits diagnostic messages to it unless the user has authorized same". The facts speak otherwise. Unless you have software that can show you what is going on, you do not know what is going on. Being a programmer i think this is a security issue that the public needs to be aware of. Both Apple and Microsoft systems are esentially compromised affair. Just because no person or no government has exploited what patently appears to be backdoor communication and/or access does not make it disppear. Sad to say, the security community has slept on their watch on this. It is inexplicable that only a few people have begin to look into this.
I have done little research regarding this.
It appears that Apple is indeed NOT collecting personal info and not sending it home without consent.
What actually happens, is - application crashes, proposes to send crash report. You agree, then it proposes to collect personal info, you do not allow it. Check box in console preferences is greyed out to prevent you from accidentally checking it (collecting info is already "not allowed"!). Then you block SubmitDiagInfo to send the report (which is just a report, without personal info!!), by blocking it with "little snitch" or otherwise (maybe it even simply fails to send it for some reason).
Now, crash report is not sent but it is stored (remember, at first you pressed "report"!!). SubmitDiagInfo will find outstanding crash report and will periodically try to send it.
Now, all you need to do to stop OS "calling home" is simply find the crash report and delete it, and if any other application crashes, simply press "ignore".
This behaviour is confusing, but I cannot see how it would be "wrong".