Q: Unwanted network connections.

I know that Spotlight sends search data to apple, and disabling certain options was supposed to prevent that.

But I still see SpotlightNethelper connection attempts every day.

Evidently "every single keypress is sent to api.smoot.apple.com along with very accurate longitude and latitude and device information." http://goo.gl/HpB0MD

EVERY SINGLE KEYPRESS.

"In Yosemite, all Safari web searches are sent to not only the search engine you've selected (e.g., Google, DuckDuckGo), but also to Apple, even if you've disabled "Spotlight Suggestions" (System Preferences > Spotlight Suggestions, as per Apple's privacy documentation) and sharing of Usage and Diagnostics data." https://goo.gl/bTEjv8

Obviously this also applies to El Capitan.

I DON'T WANT APPLE SPYING ON ME! That sort of privacy intrusion is why we're so concerned about all the connections.

OregonRebel wrote:

It seems you too missed the point of this discussion.

I was responding to you directly, in an attempt to highlight why the process 'pops back up'. I have already added my thoughts on this topic.

If you don't want to know why they return that is fine but you will not manage to stop these processes unless you actually unload the job that is specifically keeping them alive. It helps to learn how something works before you use tools on it, but who can be bothered to read manuals?

OregonRebel wrote:

I DON'T WANT APPLE SPYING ON ME! That sort of privacy intrusion is why we're so concerned about all the connections.

This is not the OS for you, the good news is that a Mac can install Linux, Windows, BSD…

I'll bet there are millions of OS X users who don't want EVERY SINGLE KEYSTROKE being sent to Apple!

They should all continue using Apple hardware but find alternative OS's to protect their privacy?

I've been using Apple's OS's since Panther and have managed to become an advanced user despite never having read the manual pages. I can usually find commands online for what I want to do, if there is a command for it.

I have a lot of software installed and have never read even one page of the manuals for most of them. Others I refer to as necessary.

If you're happy letting Apple know where you are at all times, what websites you're viewing and everything else you do on your computer/device, that's your prerogative. But I don't recall signing away my privacy rights when I bought my Mac.

Maybe it's in the EULA (which I also haven't read).

Seems like Apple has become Big Brother and is monitoring our every move.

I thought that was Google's job.

GreenMamba wrote:

 

Drew Reece,  FishingAddict ; OregonRebel ; ....

 

I wish I was able to click "This Helped Me" for the 3 of you but for some reason i cannot.

No problem the tokens here are worthless anyway, they don't pay my bills . I'm glad you got some value from it.

I think the Sparkle issue it is blocked by default via Gatekeeper if 'allow from anywhere' is not enabled unless I have read the wrong sources. Developers with Apple certs will get them pulled once it is seen in the wild. It's hardly Apple's fault that the Sparkle devs allowed http updates though.

QRadar looks like overkill but I think the network is where this needs to be blocked since iOS & other devices squirt out the same GPS data all the time. It is used for improving Apple's services (Diagnostics & usage in settings.app on iOS is supposed to disable it). You can disable Mac processes via launchctl if you really want to do so, but it is very unclear what else these jobs do - YMMV.

Good luck with it, give Charles a go to see what is in the http requests, it may help you see what is sent.

http://charlesproxy.com/

Whoa - I said I was advanced, but not that advanced.

I would prefer to enable SIP again, but Apple doesn't seem to be ashamed of their fugly Dock which needs a bag over it. So I'll continue using cDock for the foreseeable future despite the vulnerabilities that were introduced when SIP was disabled.

I've always wondered what the points here were good for - I thought maybe something actually useful like discounts toward Apple merchandise.

But I just read about the "privileges" granted for different levels and LMAO! What a worthless incentive! Like winning a cupie doll, only that's more tangible.

Way to go Apple - get people to spend countless hours helping others with their problems FOR FREE so you won't have to pay your AppleCare reps to do it.

I'll just revel in my 25 points and the knowledge that I haven't donated hundreds of hours to Apple in exchange for attending a conference call or to "access The Lounge and My Subscriptions for high level users."

Award points, level up, and earn new privileges

I've never seen another site where you had to work your way to some arbitrary level before you were given the "priviledge" of uploading a custom avatar.

First post didn't show up even after logging out & back in, so I posted it again and then they both appeared.

So I changed one to this explanation.

Forgot to say I don't have a FB or Twitter account.

I would prefer to enable SIP again

Then buy your software from a developer who has a valid developer certificate from Apple. These do not require you to defeat SIP.

GreenMamba wrote:

AssetCacheLocator.xps- all kinds of weird stuff

Block it with Little Snitch, then try downloading a software update from the App Store or iTunes store - let us know if you can download anything.

It appears* to be part of the 'Apple caching service' that can simply save internet bandwidth if you have a Mac OS caching server. OS X and iOS will look for many services on the local network - it is part of what makes Apple devices 'just work' (most of the time ).

http://help.apple.com/serverapp/mac/5.0/#/apd74DDE89F-08D2-4E0A-A5CD-155E345EFB8 3 (About Caching service)

From the Apple documentation:

Compare Caching service to Software Update service

… (2nd bullet point)

• The Software Update server requires you to manually configure clients to only use a specific software update server; the caching server requires no client configuration. OS X and iOS devices automatically access the available caching server on the network they’re currently connected to, making it mobile-client friendly. For example, when a user is using an OS X or iOS device at work, the device uses the caching server at work. When the same user uses the same device at home, it automatically uses another caching server.

Automatic connections on the local network - nothing to worry about. Your devices will look for local cache servers and then go to the stores via the internet if one is not available. OS X & the iTunes store will periodically look for app updates - harmless.

GreenMamba wrote:

ocspd - youtube- don't use

You are wrong, this is a daemon for OCSP nothing to do with YouTube…

https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol

OCSPD updates certificates from the internet for use with secure (https) connections. It makes sure that your computer knows which certificates not to trust and which are valid, certificates can be revoked at any point in time (e.g. if they are compromised on the server).

You may actually be weakening your Mac's security by blocking OCSPD - your Mac may trust certificates that are in the hands of criminals. Using old certificates does open your Mac up to spoofing & man in the middle attacks.

You could turn off this process in 'Keychain Access, Certificates tab' preferences, if you do not value your security on the internet.

GreenMamba wrote:

nsurlsessiond - another icloud thing

Many people speculate* this is iCloud however Apple use a similar feature on iOS for all applications including ones made by third parties - it handles background downloads on iOS. I suspect it does similar things on Mac OS for any third party app, not just iCloud*.

GreenMamba wrote:

AppleIDAuth - even though icloud is off

IMTransferAgents (multiple) -- even though I've turned these off too, THEY KEEP TURNING BACK ON!

It seems like you still have not disabled all of iCloud on your iOS & OS X devices. Perhaps these are just local connections?

You may feel like I am picking on you but it is not my intention, I'm hoping that you can see that operating systems are a complex things. I'm willing to bet that you may not understand how every piece of a car works, however you probably allow yourself to be transported by one at speeds that are 'unnatural' for a human. Computers are no different, many peices working in lockstep doing things we don't understand. I doubt you would decide to disable parts of a vehicle based on similar suspicions. That would be reckless.

I truly understand the need to control your data but do you really think Apple would start a legal fight with the US government if they didn't care about your data privacy?

http://www.apple.com/customer-letter/

It doesn't add up.

* Apple do not document many OS processes, most of what you read outside of apple.com is speculation, amateur sleuthing or sometimes based on informed testing. Working out which one is accurate is half the battle.

Here's a link to another network-monitoring app. http://goo.gl/QpIayO

This is abandonware but still works, so download & use at will.

I installed it yesterday on OS X 10.11.3 and added it to my login items.

I think it works well in conjunction with Little Snitch, although its CPU usage runs high, keeping it at or near the top of the list in Activity Monitor.

Rubbernet provides a breakdown of per-app network usage, so you can quickly detect apps that phone home, connect to servers without your knowledge, or blame the app that's slowing down your network.

Macobserver article: http://goo.gl/ROLhQ2

"Rubbernet will show all of the application and services on your Mac that are using the network. Some of them are expected, such as Safari and Mail, but some of the other items listed may be ones you hadn’t thought about, such as Push Services or MobileMe. In the Summary view for each application that is found, you can see the name, status (active, inactive or idle) the user that owns the application, current download rate, current upload rate, total data in, total data out, and time of last activity. There is also a connections view, which will show the remote host, port, application, user, download rate, upload rate and last activity, so you can get very specific.

Clicking on a specific application will show the aforementioned connections items, but only for that application. You can also click on a user, and it will show the connection items that belong to that user. The preferences allow you to enable or disable IP address resolution."

OregonRebel wrote:

 

Here's a link to another network-monitoring app. http://goo.gl/QpIayO

This is abandonware but still works, so download & use at will.

That installer is bundling other junk.

• Yahoo search engine hijack
• Mackeeper
• Various other junk apps

Are you sure it is not doing other malicious things? Installers have become a prevalent way to attack Macs, see the many threads here detailing adware & other junk that is bundled with apps that are no longer maintained or stored on dubious servers.

Does it even install the app you want to use, nothing appeared in /Applications after 'installing' (on a throwaway installation)?!

I'm not sure that running code that is found randomly on the internet is going to help anyones privacy. Apple are the least of your worries.