DealsOnTheWeb Daily Deal: J&R Computerworld.com: Free Shipping on TVs 42" and Under - Extended
The Devil's Advocate - Spotlight: Is Your Mac Going To Rat On You?
by
- December 28th, 2005
Spotlight is bloated, slow as sin, and has a UI designed by a committee that seems to spend its time either spitting on the old Mac User Interface (UI) Guidelines (and UI studies) or designing most of its new UI themes by hiring monkeys to throw UI feces at the screen to see what sticks. Oh yea, and as an added bonus, it now tracks the comings-and-goings of files as if it were just waiting for the chance to rat you out like Rooster the pimp. Mac users may already be experiencing the inadvertent metadata disclosures that have some analysts concerned about Microsoft's vaporous Vista.
Spotlight the File System Snitch
For example, when you download files from Safari or transfer them via iChat, and you select the file and "Get Info" from the File menu in the Finder, you will see a "Where from" entry that shows the file source.
Screenshot of a "Get Info" window.
(Click the thumbnail for a larger image.)
As you can see, the Get Info panel shows not only the mode of the transfer, i.e., iChat, but it also shows the full name and contact information of the person that provided the file. When you download files via Safari, the source Web address is stored. If I were a content/media company executive, I know I would ask Apple "pretty please with sugar on top" for such file tracking.
Most times this is no big deal and actually is quite useful, but as more and more metadata gets saved regarding your files, you should be aware this is happening. I'd wager that most users had no idea this kind of file source tagging was taking place on a file system level. And not knowing can lead to all kinds of security gaffs.
Security Reasons for Metadata Stripping
For instance, I often have to strip metadata before sending files to clients or adverse parties. In the past, I have seen Microsoft Word files with edits and other comments that caused difficulties for the sender. Word files keep all kinds of information hidden, i.e., edits/revisions, the names of people who worked on the files, comments, etc. This information can be a great liability if unintended parties gain access to it.
For example, sometimes comments and collaborative edits are in a file and are intended just for team members. Sending a contract with a hidden comment stating "$X million is the highest price we will pay, but let's try to low ball them first" is a pretty good way of spoiling your negotiating position (unless you're being canny and putting it in there on purpose). Anyway, many corporations use tools to strip much of the metadata from Word files (unfortunately, I don't know of any Mac products that do this).
However, with Vista coming down the pike, and the Mac OS keeping a bunch of different metadata types about, it's getting more difficult to know exactly what information you will be sending to others or what your computer is tracking about your activities. For example, some of you old Mac veterans may think that the "Where from" information is stored in the resource fork of the file and that nuking it with tools like RemoveMacOSJunk.app will remove it just like color label information. Not so. Even with a hex editor, you cannot see the information in the file.
New Spotlight Metadata
Then where is the information stored? "Where from" entries (an much more metadata) are stored in the Spotlight index database. You can access this metadata using the mdls and mdutil command line tools.
Screenshots of the mdls and mdutil commands in the terminal.
(Click the thumbnail for a larger image.)
The good news is that Spotlight information seems to be stuck to your hard drive volume. Generally speaking, this information is useful and welcome; and that it doesn't necessarily track the file is a good thing, security-wise. However, it seems that if you use other volumes, like thumb-drives and USB drives, Spotlight may be populating those volumes with metadata as well. So when you hand that thumb-drive over, you may be handing over more than just files as some metadata may follow.
Two Layers of Metadata: Application and File Level
At any given time there may be at least two layers of metadata present on your system. There is application layer metadata and file level metadata.
The Spotlight database as well as the iTunes and iPhoto databases show that there are some types of metadata that stay with the program and do not travel with the file. For example, the number of times you played a song in iTunes does not travel with the file. So if you blow your iTunes database or have to rebuild it from scratch, you will lose that information. The "Where from" metadata seems to be of this type of metadata.
Then there is the file level metadata. That is metadata that is embedded within the file and travels with the file. You see such things in Microsoft Word in the form of comments and in the Properties dialog box.
The Properties dialog box from a Word file.
(Click the thumbnail for a larger image.)
Also, you see this behavior with ID3 tag information that travels as part of your MP3 files.
The xattr factor
But there is a gray layer between the two. For example, if you have an MP3 file with no ID3 tag information, in some instances iTunes can generate an ID3 tag and use the filename to embed that information into the ID3 tag information. The information can flow in the other direction where application metadata can be pressed out into the file. For example, iTunes will use the track number and song title from the ID3 tag to name its files. Clearly, what iTunes is doing is very useful, but it doesn't take much imagination to see how metadata can creep from one layer into another in unwanted circumstances.
One such place in Mac OS X may come in the form of the xattr, i.e., extended attributes. The xattr is useful as it helps Spotlight by storing even more types of metadata. For example, it seems that Apple has added attributes to aid in the control of Digital Rights Management and Intellectual Property, e.g., kMDItemRights. SpotMeta lets you play with this a little. With the xattr, metadata can follow files, even to foreign file systems. It's not tough to imagine that a lot of information that Spotlight is storing in its application layer database may be moved to the file level via xattr in the future.
Get Rid of That Not-So-Fresh Feeling
So what do you do if you want to clean your files of metadata before you send those files off? You have a few options. If the information is in the resource fork, you can use RemoveMacOSJunk.app. If the information is part of the file, then you will have to either edit it within the program, get a specific program to strip that type of metadata, or export the file to another format (e.g., saving a Word file as a PDF will strip most metadata). If the information is part of the Spotlight database or xattr data, then you can use mdutil to get at the information. MainMenu.app allows you to delete your entire Spotlight index file on your main volume, but it may not help with all xattr metadata. Basically, it seems that, currently, there is no single and easy solution for scrubbing your files of all the metadata crud that may be attached.
What To Do?
Don't Panic! For right now simply saving your files as PDFs before sending them will suffice for most people. That being said, the management of metadata, who owns it and who controls it, is an area rife with serious security concerns. Most users don't want to know about or deal with metadata management. They want things to just work.
As such, Apple should consider providing users with a framework to control metadata. Software developers can help out through Spotlight plug-ins. By knowing all the metadata tags that are stored inside the developers' files through plug-ins, Apple can use those tags to strip all the metadata from the files. Apple can provide users with a "Clean Metadata" command next to the "Secure Empty Trash" menu in the Finder, which will clean metadata from any selected files and/or folders. Simple. Having Mail.app automatically scrub metadata from any attachments (with an optional override button) would also be a welcome move.
If Apple doesn't want to look more and more like the dorky big brother guy from its 1984 commercial, it better give some power back to the users to help people secure their information.
is an attorney. Please don't hold that against him. This work does not necessarily reflect the views and/or opinions of The Mac Observer, any third parties, or even John for that matter. No assertions of fact are being made, but rather the reader is simply asked to consider the possibilities.
You can send your comments directly to me, or you can also post your comments below.
Most Recent Columns From The Devil's Advocate
- Mac UI Ain't All That: The Future & History of the User Interface - August 15th
- MacWindows: The New Trojan Wars - April 4th
- TMO Scoop: Apple Files Patent for Looking Glass - January 25th
The Devil's Advocate Archives
Observer Comments
This is not good news for us Apple users. Spotlight should give us the option of what information we want to have attached to our saved and downloaded files.
I know that a lot of people may take the "I've got nothing to hide" attitude, but it still is your personal information that may get misused in the future.
Wed Dec 28, 2005 11:07 am Subject: Not all file types, it seems
I have nothing to add here, but want to extend props to you for bringing this to everyone's attention. Metadata is a serious privacy concern, IMHO, as it is personal in nature. NOBODY should have access to my metadata without me explictly granting them permission to access it. Without this protection, I can no longer have a PERSONAL computer, and will no longer feel the need to purchase computer related products for home use.
Classic : )
QuoteGuest wrote:
My wife is a Republican, she downloads disgusting things from these sites daily. What if my computer gets seized and all of this information gets out in the open and I'm accused of being one too? Can they use this data to lock me up as if I had been veiwing porn?
Wed Dec 28, 2005 12:33 pm Subject: Confidence is a preference.
I had problems with spotlight just not finding things no matter how many times i forced it to reindex. I had to add things using a terminal command. So, I'm left not fully confident in it's ability to find things. It would be nice if you still had the old option of searching.
Other than that, I've got used to the way spotlight does things, can only hope it gets quicker.
QuoteHopefully.Guest wrote:
My wife is a Republican, she downloads disgusting things from these sites daily. What if my computer gets seized and all of this information gets out in the open and I'm accused of being one too? Can they use this data to lock me up as if I had been veiwing porn?
Don't worry. Nobody is going to put you in jail for reading, thinking, saying or writing things Republican, no matter how disgusting and offensive it might seem to you. You only have to worry if your wife starts downloading things from sites which attempt to hold the current administration accountable for starting wars under false pretenses, for violating US wiretapping laws solely for the purpose of exercising the "authority of the executive branch." If your computer gets seized then say goodbye to the world of a US citizen and say hello to the limbo of being considered an illegal combatant.
QuoteGuest wrote:
My wife is a Republican, she downloads disgusting things from these sites daily. What if my computer gets seized and all of this information gets out in the open and I'm accused of being one too? Can they use this data to lock me up as if I had been veiwing porn?
So, you found out they finally put a feature back in to Mac OS X that we had in Mac OS 8 and 9 -- namely "Get Info" showing the URL of where a downloaded file came from. Were you griping back in the mid-to-late 90s, too?
While the idea above to allow us to set preferences about what to share is a good one, I personally am glad to get the metadata. I've missed in in OS X for years. It helps me track down where some of the more obscure pieces of junk came from after I've let them build up for months without me having to actually open the file. And, if I see a file from a place I know I never visited, then I can be certain it came from someone else's disk or was put there somehow else and I shouldn't be launching it.
This is something to make good use of -- not to demonize and spread fear about! Marketing companies didn't clamor for this stuff back in the 90s at the height of the Internet bubble; I doubt we'll see them clamoring now. They have other ways to know where we are and what we're doing.
QuoteDean Lewis wrote:
So, you found out they finally put a feature back in to Mac OS X that we had in Mac OS 8 and 9 -- namely "Get Info" showing the URL of where a downloaded file came from. Were you griping back in the mid-to-late 90s, too?
While the idea above to allow us to set preferences about what to share is a good one, I personally am glad to get the metadata. I've missed in in OS X for years. It helps me track down where some of the more obscure pieces of junk came from after I've let them build up for months without me having to actually open the file. And, if I see a file from a place I know I never visited, then I can be certain it came from someone else's disk or was put there somehow else and I shouldn't be launching it.
This is something to make good use of -- not to demonize and spread fear about! Marketing companies didn't clamor for this stuff back in the 90s at the height of the Internet bubble; I doubt we'll see them clamoring now. They have other ways to know where we are and what we're doing.
The difference is that back in OS 9 it wasn't put in as an xattr. Back then all you had to do was rebuild the desktop to clean that stuff away. Now even when you delete the spotlight index this stuff sticks around. The system didn't put an entire database of metadata on a volume. So now when you give someone a USB drive or some other volume they have all the metadata history for the entire drive.
QuoteGuest wrote:
The difference is that back in OS 9 it wasn't put in as an xattr. Back then all you had to do was rebuild the desktop to clean that stuff away. Now even when you delete the spotlight index this stuff sticks around. The system didn't put an entire database of metadata on a volume. So now when you give someone a USB drive or some other volume they have all the metadata history for the entire drive.
Oh yea, and also, the fact that lots of things sucked in os 9 and went un-fixed didn't make them acceptable. The fact that racism used to go completely unchecked and pops up frequently now doesn't somehow make it ok.
I don't want my computer tracking what I do without my knowing it, and I want to control what information I choose to give to people.
Wed Dec 28, 2005 10:08 pm Subject: Spotlight stinks! Quicksilver quickens your searches! (IMO!)
I found out how. Do the following:
http://www.macosxhints.com/article.php?story=20050430210248363
And then this:
http://www.tuaw.com/2005/05/13/tiger-tips-hate-spotlight-turn-it-off
No more processor-extensive, annoying 
Spotlight! 
Thu Dec 29, 2005 12:06 am Subject: Not quite right
QuoteDean Lewis wrote:
So, you found out they finally put a feature back in to Mac OS X that we had in Mac OS 8 and 9 -- namely "Get Info" showing the URL of where a downloaded file came from.
That was your browser saving the URI in the “Get Info†text area, not the OS. I think NetScape did this, and iCab still does.
Actually, i like this feature. Too bad it doesn’t work for every file type, though. The problem with the current implementation is that you can’t copy the source to the clipboard from the Finder’s Get Info.
QuoteJohn Kheit wrote:
John Kheit is an attorney. Please don't hold that against him.
’fraid i have to hold it against you; being an attorney is a choice, and you can choose to “go straight.†Get yourself into a 12-step program today! Don’t you realize that attorneys hurt people?
Quoteheifer wrote:
It's because of the current adminstration, and the solders in the field, that you even have the luxury of bitching about them.
Bullshit… this administration has done more to infringe on our freedoms than any other in the history of this nation.
And if think that we’re in Iraq because we’re protecting the American way of life, then you’re delusional. The Iraq war has made us less safe. Bush wanted to go to war with Iraq before he entered office because Saddam tried to kill his dad. Rumsfeld wanted to go because he wanted to flex America’s military might as a foreign policy tool to intimidate other nations, and Cheney wanted to give his good buddies at Halliburton some nice contracts.
Good god, they shopped around an excuse long enough: First it was about 9-11, but they found no ties to 9-11, so it became about weapons of mass destruction, but the inspectors found nothing (because there was nothing to find), so it became about freeing the Iraqi people. Anybody with half a brain could figure out it that they wanted to go to war, but weren’t telling us the real reason.
All the freedom’s we’ve lost during the Shrub, er little Bush, reign of terror in the name of “fighting terrorism†will never be “given back†to the people. They’re gone for good, and so is the American way of life our ancestors enjoyed. All we’re left with is the shadow of what we once had. And it’s only going to get worse.
“Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety.†– Benjamin Franklin
Keep the discussion on topic, which means take the political debate to the World News/Politics/Philosophy forum. I'll be happy to split the existing off-topic posts to their own thread...
Bryan - TMO
Thu Dec 29, 2005 2:35 am Subject: DRM in the filesystem?
Thought this might also be of interest to readers:
http://developer.apple.com/documentation/Carbon/Reference/MetadataAttributesRef/Reference/CommonAttrs.html
Apparently, the field tags for DRM and IP protection are also being put in place:
" kMDItemRights
Provides a link to information about rights held on the document. Contains a rights management statement for the document, or reference a service providing such information. Rights information often encompasses Intellectual Property Rights (IPR), copyright, and various property rights. If this attribute is absent, no assumptions can be made about the status of these and other rights with respect to the document."
Before I go on, let me reiterate that I don't necessarily disagree with the idea that metadata needs to be watched for abuse. I don't think we're there yet, much less at the level of Microsoft Word's problem. Word randomly took bits from the drive to fill out Word files with hidden data; these metadata are accessible and not encoded, etc. That's why I think John's being a bit alarmist. (Your opinion may vary of course. 
)
"The difference is that back in OS 9 it wasn't put in as an xattr. Back then all you had to do was rebuild the desktop to clean that stuff away. Now even when you delete the spotlight index this stuff sticks around."
But I didn't LIKE when they got wiped away. I liked them being there. If I wanted to get rid of them I could, but one simple desktop rebuild and I'd lose valuable info about where something came from. Control is being able to delete them individually, not losing all of them in one fell swoop.
So, we are at a standstill, because I like the information, no matter the form it takes to attach itself to the file, because I find it to be helpful and useful to me. You would rather it not be there because you see some invasion of privacy and are somehow extrapolating out you'll never be able to modify it.
So, what do you do with your photographs? All digital photos have a wealth of EXIM data attached to them now. People could track down exactly what time you were at a particular location through them. Do you wipe out all of that data, too? Probably not, because organizing photos by date is often useful. (Check out Apple's video tours of Aperture to see how much data is kept with a photo; I was astounded.)
There are some real threats to security and privacy, but I don't think this is one of them. Can it be abused? Anything can be abused. But, this is the way things are going, so we're just going to have to deal with it. And this talk as if we'll never be able to edit or handle this data is just melodramatic handwringing as far as I'm concerned. We had tools to fiddle with metadata in OS 9, and we have them now.
"Apparently, the field tags for DRM and IP protection are also being put in place"
Well, if people wouldn't steal things, we wouldn't have to all be treated like children and have this DRM shoved on us. If it impairs my own personal use of what I have legally obtained, then I'll make a ruckus. As it is right now, steps have to be taken to do the best that can be done to ensure developers (and artists etc.) get some little payment they have earned. The idea that if it is on the internet it must be free is too prevalent to NOT do something. (I ran into it again this Christmas setting up a family's computer to handle their kids' new MP3 players. "But this site has all the music I want for free!") All this stuff won't stop the dedicated pirates making real money from fakes, but it keeps the honest folks honest and hopefully keeps the software and music (or whatever the work is) coming.
When I saw the title of the column, I thought I was going be treated to a new installment of John Dvorak's old "The Devil's Advocate" column which appeared on the back page on MacUser for many years. But this is some other guy.
Good topic though. Before I send files to people, I routinely check them for metadata I would rather keep private, and if necessary I strip unwanted metadata in iView Media Pro. Adobe Bridge is also great for seeing file metadata.
Hi John,
I ran across a handful of patent applications from Apple this morning while looking through them, and bookmarked them. While doing some follow up research to see if they might have some significance to anyone, I saw a link to your post here.
I've written about them in a blog post, and thought that you might be interested in seeing them. I don't know if they will add anything to your knowledge of how meta data works with the latest operating system from Apple, but they might. The post is here:
http://www.seobythesea.com/?p=76
Cheers.
Bill Slawski
Fri Dec 30, 2005 11:37 am Subject: Maybe people should generate their own files and meta data..
Maybe people should generate their own files and meta data..instead of using content and creativity that originates from other peoples hard work.
I like the comment above about the people that steal being at fault.
I think it's true and therefore I also blame these people for the current risk to our privacy such tracking put's all of us in.
I can't wait for the day when we can seperate the thieves from the artists and copyright owners. I know some consider thievery a form of art and if so maybe then they shouldn't object to data that gives them the credit for being that type of artist.
As for lawyers....they are nice when you need one but seem to be in the way when you don't. Creating ambiguity about where a file originates from is much like a lawyers version of truth. Something they prefer to interpret for us.
Nothing personal!
I find this author very interesting and hope to enjoy his comments on many issues in the future.
Good Luck!
Sincerely,
Gary
PS: The guy with the comments about Iraq and Bush etc. That post has the emotions of fresh conviction. Hopefully he/we can all try to get ahead of the curve and start talking about $#!% that is about to happen rather than $#!% that happened right in front of everybody. That's where I could really get behind a guy with balls and anger. Maybe it's time we all and I mean all took some blame for buying a bunch of bullshit or if not buying then not objecting loud enough at the time. Time to get back to truth is fact and bullshit is manipulation.
Sat Dec 31, 2005 7:35 pm Subject: RUMOR: xattr features in future OS X
I'll hide this rumor about some upcoming OS X features here for the very dedicated. A little birdy told me that as of right now, spotlight is not using xattr for storing metadata. The hooks are in there, and some people are making use of them as was cited in the article. SpotMeta and the Ars articles show this.
There is an apple tech note that discusses privacy issues found here:
http://developer.apple.com/documentation/Carbon/Conceptual/MetadataIntro/index.html#//apple_ref/doc/uid/TP40001268
Actually, it barely touches on privacy issues and basically drops the ball on to the developers:
"Developers should provide users with information about which data is indexed by their Spotlight importers. Developers should also consider providing preferences that allow users control over what data is extracted as metadata."
It doesn't seem likely that all developers will strive to keep this information safe and secure.
What this makes relatively clear, however, is that an upcoming version of OS X will have xattr implemented to store metadata. This may well come in the form as some revamped HFSX version of the filesystem integrating more tightly with spotlight and the finder.
Happy New Year everyone.
. . . a need for a user level 'Metadata' setting in the System Preferences - ideally it would work in a way that applications can register what metadata they record - and then you could have something simple in the user setup, that would allow the user to choose their own balance between privacy and functionality.
(A good compromise would presumably be metadata that is only readable / modifiable by the user. I presume that keeping it in a database rather than in the file also makes sending the file onwards safer).
Okay, so this current use of metadata may not be Big Brother yet, & I'de like to see more use of metadata for my benefit on my computer, but I want to make sure that it stays personal.
I used to hope that Apple would go against the tide when it came to restrictions & intrusions against it's users, but with the coming security on silicon & ties to the entertainment monster...
I'm thinking Apple has less concern for the user's needs.
I hope Im wrong, but if not, after more than twenty years on a Mac, I'll switch to some open source OS that doesn't track my usage & look for ways to consume media that doesn't force me into a EULA that strips me of my rights.
Even then I think it may be a losing struggle.
Recent Headlines - Updated Saturday, November 29th, 2008
- Sat., 9:00 PM
- Podcast - Apple Weekly Report #135: Apple Lawsuits, Banned iPhone Ad, Green MacBook Ad
- Fri., 12:45 PM
- Podcast - Mac Geek Gab #178: Batch Permission Changes, Encrypting Follow-up, Re-Enabling AirPort, and GigE speeds
- Thu., 1:30 PM
- iPO Review - Scosche kickBACK iPhone case
- 7:00 AM
- Happy Thanksgiving from TMO!
- Wed., 6:00 PM
- TMO Appearances - Nancy Gravley Joins MacJury Gift Guide
- 5:15 PM
- TMO Visits The Bay, a Premium Apple Reseller in New Zealand
- 3:25 PM
- iPO Oh the Games You'll Play - iPhone: The Wii of Handheld Gaming Devices?
- 2:15 PM
- Sonnet Releases Simply Fast FireWire 800 to 400 Adapter
- 1:10 PM
- Mac Gaming News - Disney Plans 1st Annual PotC Online Thanksgiving Event
- 12:05 PM
- iPodObserver - UK Shuts Down iPhone 3G Ad
- 11:15 AM
- TMO Appearances - Jeff Gamet on MacJury Gift Guide
- 10:30 AM
- TMO Contest - TMO Announces Macworld Expo Pass Winners
- 9:50 AM
- PhotoCopy 1.1 Adds iPhoto Event Support
- 9:15 AM
- Acclivity Buys MYOB US
- 8:30 AM
- Review - Bento 2 Holiday Pack
- 7:50 AM
- Microsoft Offers Black Friday Office Discount
- 7:30 AM
- iPO Quick Tip - iPhone: Google Street View
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
New MacPro Memory 800Mhz With Apple Spec Heat Sink - 2GB $72 / 4GB $104 / 8GB $204. Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
Marshmallow Popper Gun Shooter: $9.99 Delivered - Make the Yam Side Dish a Sporting Event 
OnSale's ThanksGiving Day/Black Friday Combo Sale - Turkey, Deals, and LeftOvers - The Holiday Trifecta! 
Fall Knuckle Deep into Dell Small Business's Black Friday Sale - Going on Now!!!!! 
File Your Nails Now - Overstock's Black Friday Sale is Coming! Get Great Gifts at Great Prices