Apple to Mountain Lion users: "Tell us who your friends are if you want to talk to us."

Filed Under: Apple, Featured, OS X, Privacy

"Open the pod bay doors, HAL."
"I'm sorry, Dave. I'm afraid I can't do that.
You haven't uploaded your contact list yet."

An alert Naked Security reader and Mountain Lion early adopter has pointed us at a quirky new twist in the licensing conditions in Apple's latest OS update.

Roger (not his real name) from South Australia (not his real location) grew up with IT at around the same time I did.

In those days, PCs were called microcomputers and Apples were still named after the company, not a raincoat. Computers you could talk to were just round the corner, along with your personal jetpack.

Fast forward 30 years, and Roger just dropped a biggish wedge of cash on a brand-new Macbook Pro, then maxed out the RAM and pimped up the storage with SSD.

With a computer of some vigour, Roger found himself drawn to the new dictation software in his Mountain Lion upgrade. Perhaps his new Mac would at last be powerful enough to make sense of his voice in real time, wither rout tamale king a complete docker's diner offer hole fink?

Frayed knot:

When you use the keyboard dictation feature on your computer, the things you dictate will be recorded and sent to Apple to convert what you say into text.

Seems as though HAL 9000, the giant, sentient, centralised computer in the spaceship Discovery One in the movie 2001, A Space Odyssey (you can see where this is going, can't you?), was actually a pretty good prediction of how computer speech recognition technology would pan out.

Your powerful, portable computer doesn't do the work. That's done in Apple's giant server farms out in cloud-land.

Back to 2012, and what made Roger really sit up and take notice was the additional condition that:

Your computer will also send Apple other information, such as your first name and nickname; and the names, nicknames, and relationship with you (for example, 'my dad') of your address book contacts.

According to Apple, your contact data is "used to help the dictation feature understand you better and recognise what you say."

You can see why this might be useful: names are notoriously difficult to recognise and spell correctly, since they frequently don't come from the same linguistic and orthographic history as the language of which they've become part. The Australian mainland's highest point, Mount Kosciuszko, is a lofty example.

But useful or not, it's hard to see why letting dictation software at your contacts is necessary.

Apple has been in trouble already in 2012 for allowing into its App Store software that hoovered up your contact details.

This time, Apple is making sure that you opt in up front, which is a good thing.

Opt in or not, however, I can't help being disappointed - just like Roger - that there doesn't seem to be a way to use Apple's voice-to-text software without handing over your dictation data to the cloud, and without telling Apple who your friends are. Even if you try out the dictation feature and then turn it off later:

Apple will delete your User Data, as well as your recent voice input data. Older voice input data that has been disassociated from you may be retained for a period of time to generally improve Dictation and other Apple products and services. This voice input data may include audio files and transcripts of what you said.

I'm not entirely comforted by that. How long is "a period of time"? And, more significantly, how is a transcript of your dictation - in which you might very well mention all sorts of personal stuff, such as your own name, your employer, your mortgage lender, and much more, "disassociated from you"?

Roger still hasn't decided whether he's willing to accept these terms and conditions. I bet you he's started taking his helmet to the airlock while he thinks about it, though.


, , , , , , ,

You might like

45 Responses to Apple to Mountain Lion users: "Tell us who your friends are if you want to talk to us."

  1. bob · 1161 days ago

    DragonDictation on my iPhone wanted my contacts to upload them to cloud land too. I chose no.

  2. Reynard · 1161 days ago

    Will not upgrade until this "feature" is fixed. Period. Total FAIL.

    • Bastion · 1161 days ago


      As it clearly states in the article, it is an "opt-in" feature. Don't want to share the information, that is fine, but don't expect to dictate to your computer...

      However, there is no reason to "opt out" of the whole Mt. Lion upgrade because of this.

    • Sean · 1161 days ago

      Ummm. You can upgrade to OS X 10.8 without enabling the dictation feature. It is an annoyance that to use this you need to allow access to your contacts and as the previous reply mentions it is stated in the clearly marked "About Dictation and Privacy" button.

      Not so much a FAIL, @Reynard, as a choice you can make.
      Given the number of folks using iCloud to store everything in the cloud, and those who plop everything onto facebook I don't think this rates. It isn't a google level data slurp, but it is an indication of how companies view user data. Why not let us use the dictation without the contact info as an option?
      And what happens if your "Contacts" is also connected to a corporate directory server? Does that information end up in Apple Land?

  3. Anonymous · 1161 days ago

    I am in love with the new dictation feature and seriously impressed with how well it works. Admittedly, I read the warning 'briefly', as you do. I noted it to say it would send my dictation to Apple, but did overlook the point about my contacts.

    Hmm, on one hand correlating contextual data to be more effective seems cool, but, do I want Apple to have my contact book? What else are they doing with it? Even if the answer *were* nothing, how are they protecting it? Also, why not the option to use the feature without the added 'correlation of contextual information'?

    Caveat emptor not withstanding, I really like the feature and feel unfairly forced to disclose additional information that I'm not confident really makes it all that much more effective than it would be without.

    • 4caster · 1161 days ago

      So why are the asterisks in "Even if the answer were nothing, how are they protecting it?"? Does some computer program think "were" is bad English?

      "Were" in this context is quite correct. It is present tense subjunctive mood, as in the song "If I were a carpenter and you were a lady". It is not past tense indicative mood, as in "The answer was nothing".

      • Paul Ducklin · 1160 days ago

        Using asterisks is a common way (when HTML markup is unavailable) of denoting text you would otherwise have set in italics, or which would have been said aloud with some sort of emphasis.

        But I think you know that and are just being petulant :-)

        (If I were the original poster, I'd have been more careful with my moods and made the verbs in the two halves of the sentence match, writing "if it would they", or "If it are they.")

    • Andrew Ludgate · 1160 days ago

      So having used the new dictation feature, you find you are able to manage with the "speak it all, send it, and wait for the response" approach? Have you tried a trial of Dragon Dictate, which does it all on the computer in real-time?

      For me, the address-book-sharing made me wary of trying the feature out, and then I decided not to bother at all when I heard that it wasn't doing real-time transcription (allowing you to correct and tune as you go) but instead just using Siri. Server-based transcription makes sense for a phone, but I can't see writing anything big with it.

  4. Guest · 1161 days ago

    Just wait for Apple to offer voice recognition offline like Google does with Jellybean.

    • Jose · 1161 days ago

      But with their system Apple supports English (in U.S., UK, and Australian variants), French, German, and Japanese with more on the way.

      Jellybean offline dictation only supports English (and US only from what I saw).

  5. JohnMWhite · 1161 days ago

    I get that Apple wants to improve the accuracy of their voice recognition, but requiring that you agree to their access to everything you dictate in order to upgrade your OS seems, frankly, sinister.

  6. So.... if a person in your "shared" contacts list IS a person of interest on some other list, do you then become part of yet another list associated to that of persons of interest?
    Not long ago, I purchased a new consumer digital camera, which once connected to my computer, installed a program (directly from the camera to the computer), with all kinds of nifty and yet FREE editing and image management features.
    Seems the camera, and free software, is capable of recognizing and tagging the faces of people you photograph. It even wen so far as to offer to scan the images already stored on my computer and identify the faces of people in every photo it found.
    I was amazed at how accurate the facial recognition and tagging software was, even on the lowest quality of images.
    It was more than a bit unnerving that the software accurately picked out and identified my face in the background of photos that I didn't actually realize I was in until later viewing images categorized under "My" name.
    Is Apple, Facebook, and my new cheap Camera storing information and images that to be compiled at a later date, or in another country, (where privacy laws may not consider it a crime to compile and profile such info), to be shared with or sold to, "Who knows", and for "what purpose", now or in the future?
    We identify ourselves, our locations, and habitual actions every day at bank machines, grocery stores, public libraries, airports and multiple other places where we choose to visit or do business.
    Sure, this IS the paranoid talk that is so often the meat of high tech espionage movies.
    But how much of our personal information is gathered without our knowledge and or permission, to be shared with marketers and retailers, or other organizations willing to buy a list containing the demographics that best suit their needs?
    Sounds like Apple is giving the option to opt in or out of information that they may otherwise be able to purchase elsewhere.

    BTW, Naked Security gave me the option to log in using my Facebook Profile, another list?
    Then at the bottom of THIS form has a box where I can enter my: "Email (optional)", before clicking the Submit Comment button. LOL.

  7. Auto Roger · 1161 days ago

    Upon further thought the dictation shall remain off. This isn't worth the limited convenience when I don't know what happens to my contact data.

    Maybe I'll just buy Nuance's software directly from them.

  8. Auto Roger · 1161 days ago

    Upon further thought the dictation shall remain off. This isn't worth the limited convenience when I don't know what happens to my contact data.

    I shall keep wearing the helmet even in the airlock though.

  9. Allan Kaplan · 1161 days ago

    This is a pretty common feature with dictation software that I've encountered before. While I don't care for it either, and am surprised one can't opt out, I don't think you're being completely fair targeting Apple as though they're alone in this practice.

    • Paul Ducklin · 1161 days ago

      I don't think I targeted Apple "as though they're alone in this practice".

      Having said that, this is the first time I've heard of an OS upgrade with new T&Cs wanting to extract your contact data in return for activating the dictation software it included in the upgrade...and on that basis, it seemed worth writing about.

  10. @bomyne · 1161 days ago

    Don't know about the contacts thing, but the uploading what you say makes sense. Maybe the dictation database would bloat Lion's size. Maybe that's why it's sent to the cloud and the results are sent back, similar to what happens if I do a google search.

    I don't know. I don't work for Apple but that part doesn't seem so farfetched to me. Not sure what they'd use the rest of it for though.

    • Jem · 1111 days ago

      You think it's ok for and unelected private company to have total access to your private information just to have a novelty toy activated on your computer? Why is electronic mail and information not treated the same as written mail whereby, in my country, they need a search warrant to open your mail (Barring Customs & Excise Duty). The police can not even have that amount of control & you think its ok for Apple to?

      [Post edited for length.]

  11. Ralph Carr · 1161 days ago

    I'm always very cynical about being asked to trust big corporations with all of my personal data, and even more so when they demand it in what appears to be a threatening tone. Big thumbs down for Apple.

  12. Delta2 · 1161 days ago

    Another lame attempt at Apple. First you scaremonger all Apple users saying Apple gets over 9000 viruses so get your "free" product installed to protect yourself. I can see a subscription service coming along as soon as you have enough free users so they can be protected "Real time" or something ;)

    And why your blog gives me an option to login using my "facebook" account ? So your app can access my facebook friends, profile info, make posts and target ads ? haha

    Nice try though.

    • Paul Ducklin · 1161 days ago

      Our "free" product is, in fact, free.

      And it already provides real-time protection, for free.

      So neither the word "free" nor the word "real-time" needs air-quotes around it...

      (And whilst I don't recall us ever saying there were 9000 Mac viruses, I'm not sure what difference the number makes - if you're at risk of infection, I'd have thought one would be enough.)

    • "And why your blog gives me an option to login using my "facebook" account ?"

      That's to do with leaving comments. Some users like to leave a comment using their Twitter id or their Facebook account, rather than type in their name each time they want to respond to our posts.

      It's optional - you don't have to leave a comment on our site via that mechanism if you would rather not. So, err.. no. We're not accessing your Facebook friends or targeting you with adverts.

      You do however (again, it's optional) have the ability to repost any comment you make up on Naked Security to your Facebook page.

      Hope that helps explain things for you.

      • Delta2 · 1161 days ago

        Graham I have lot of respect for you but lately your team is taking pot-shots at apple and trying to scaremonger its users. I don't know what's your hidden agenda is but Apple obviously has its issues and fair share of viruses but keep in mind most of these caused by 3rd party applications (Java etc) and users giving permission to run the malware application. Unlike in windows Macs doesn't have 0 days or drive bys. You could get infected by going to a site without doing anything or get hit by a worm by simply being online. I still feel Apple does protects me fairly well without a use of Antivirus products compared to my Windows 7. Your articles about flame and stuxnet which pwned windows to its existence with 0days and even a MIM attack against windows updates aren't very exciting as posts about Apple's security problems. I just don't like the fact your company is trying to push Anti apple propaganda.

        Thanks for your reply though.

        • JohnMWhite · 1161 days ago

          Anti-Apple propaganda? Pwned? Come on, grow up. It's a security blog, not an adolescent flamewar.

        • JohnMWhite · 1159 days ago

          My point was that using terms like 'pwned' and throwing out random accusations of 'anti-Apple propaganda' makes you look like somebody playing Call of Duty or screaming on the Youtube comments section. It's not the sort of thing I'd expect grown ups to be talking about on a security blog. You're parading yourself around like a stereotypical, reactionary fanboy and it's just silly. Somebody can criticise or point out a potential privacy issue in Apple software without it being some partisan swipe from the boys in the other treehouse.

  13. Tim Gowen · 1161 days ago

    HAL 9000 wasn't sentient. It was a complex computer system and the problems were caused by a particular type of loop which the system found itself in. If you read 2010 or see the film it explains the whole thing.

    • Paul Ducklin · 1160 days ago

      From _An Interview with Stanley Kubrick (1969)_, by Joseph Gelmis:

      Kubrick: "In the specific case of HAL, he had an acute emotional crisis because he could not accept evidence of his own fallibility. The idea of neurotic computers is not uncommon - most advanced computer theorists believe that once you have a computer which is more intelligent than man and capable of learning by experience, it's inevitable that it will develop an equivalent range of emotional reactions -- fear, love, hate, envy, etc. Such a machine could eventually become as incomprehensible as a human being, and could, of course, have a nervous breakdown - as HAL did in the film."


      Sure sounds sentient to me. Any later claim to the contrary can be written off as nothing more than revisionist claptrap :-)

  14. Graham Gooda · 1161 days ago

    I cannot remember the source (an age thing!), but I did read somewhere on an Apple blog that Apple were saying that the information gathered was not stored on their "normal" servers and would never be used for any purpose other than improving their voice recognition services.
    Regarding Allan Kaplan's comment about targeting Apple and the reply. I suspect that I am not alone in always detecting a certain amount of "delight" from Sophos in reporting any news which could be negative towards Apple. This has been the case for years.
    The Sophos "hidden agenda" - in my opinion. is to push businesses towards their Apple "EndPoint" offering which has been available (and which my Company until recently has used) for years. And yes - in my opinion Mac anti-virus is essential!
    As an aside - am I alone in feeling slightly embarrassed - whether alone or in company when talking to a computer? Plus, I still find, when writing either letters or "prose" that measured thought before input, tempered by the actual act of typing the copy, results in a more accurate - and in the long run quicker final result. As I said earlier - its probably "an age thing!"

    • Paul Ducklin · 1160 days ago

      If, as you say, we have a "hidden agenda", then there's no point in me denying it, is there? Since it's hidden, and all...

      I write about Apple stuff because I happen to be interested in it, as a UNIX-head, as a keen Mac user, and as a self-styled security pundit.

      I admit I've written about Apple-related security stuff four times in my past 20 or so articles, but I've also also about Facebook, Microsoft, Firefox, BlackHat, the National Health Service, Alan Turing, patching and hacktivism, plus three times about cybercrime busts and three times about USB keys and security.

      Is my interest in Apple security really out-of-kilter? Is the apparently-corresponding interest of our readers out-of-kilter, too?

      Apple is - after all - the biggest company in the world, at least in financial terms. If Wikipedia is to be believed, Apple is 40% bigger than Exxon, which is #2, and two-and-a-quarter times the size of Microsoft, currently at #3.

      Just saying :-)

  15. Graham Taylor · 1161 days ago

    So what is the option if I don't like the idea of Apple processing my dictation 'in the cloud' and accessing my address book? May be I need to buy Dragon Dictate for Mac software? I assume Dragon Dictate doesn't access my address book or process my dictation 'in the cloud'.

  16. Jim · 1161 days ago

    I put Bin Laden in as a contact and friend.

  17. Kenn · 1161 days ago

    Cuttlefish or vanilla paste?

  18. Anonymous Coward · 1161 days ago

    Ummmm, this is exactly how Siri works on the iPhone. We've known about Siri uploading voice commands, contacts, music, etc to Apple for some time now.

    So why is this really a surprise to anybody?

    I find the tone of the article to be mildly alarmist with the references to HAL which is not necessary. Report the facts, remind us that Apple started doing this with the introduction of Siri, and let people decide if they want this feature or not once they have been armed with the facts (pro and con).

    • Paul Ducklin · 1160 days ago

      humor (Brit. humour) [noun]

      * the quality of being amusing or comic, esp. as expressed in literature or speech
      * the ability to perceive or appreciate a joke

      (Humour aside, this article isn't about Siri on an iPhone. It's about OS-bundled dictation software on a modern, fast, poweful laptop. Call me old-fashioned, but in a world of quadcore laptops with blindingly fast processing speed, I naively expected that the big, centrally-located mainframe-type approach to processing would no longer be needed - especially for what is really just part of the user interface. I simply don't get the need to "call home" not only with what I say, but also with whom I know. If the reference to HAL offended you, sobeit. It's just the drollest example i could come up with of "a computer from pre-PC science fiction which people spoke to, which collected and assimilated everything it could, and where it all ended badly due to programming limitations which would best have been avoided".)

      • Anonymous Coward · 1160 days ago

        The problem with humour is that sometimes not everybody gets it (me as a case in point in this instance). In this case I failed to perceive. :-)

        I realize the article isn't about Siri or the iPhone, but my poorly made point is why would Apple drop that technology (which it paid a lot of money for) to build a stand-alone dictation application? So they probably re-packaged something like Siri to handle dictation. If we accept that premise for a minute then there are certain aspects to Siri that would be included in the "engine" like sending the data back to the Apple cloud for processing and looking at your contact list to extrapolate names, addresses, etc. From a convergence perspective, it makes more sense for Apple to leverage technologies across both the iOS and OSX platforms than to build separate (albeit similar) applications. Therefore why should we be so surprised to see them include a dictation program that behaves much like Siri?

  19. Carlos · 1161 days ago

    Apple should create a blog for apple users with the ability to post comments, ideas, suggestions, etc, etc instead of demanding to collect information from you in order to improve hardware, software and services.

    They can afford to employ people to read the blog.

  20. Stephen · 1161 days ago

    Having used ViaVoice, MacSpeech, and now Dragon Dictate for Mac, I find Dictate fills my needs more than adequately. I get 99% accuracy, and I get to keep my privacy to boot. There's no way I'd use Apple's offering in its current state.

  21. @BSPLtd · 1161 days ago

    It's just the same situation on the new iPad when you use Dictation. There is a link to 'About Dictation and Privacy'

  22. Elle Vee · 1161 days ago

    I am really sick of these companies invading our privacy.

  23. Verne Arase · 1161 days ago

    So buy Dragon Dictate and keep the processing local.

    You should know that Nuance wouldn't allow Apple to install their software on every Mac, not that Apple would want to steal that much Disk space from every Mac just for dictation.

    You know, they can't steal your soul if you wear a tin-foil hat ...

  24. David Pittle · 1161 days ago

    If you are not skeptical of Apple Corp. intentions you are both naive and uninformed. Many, if not most, Apple "innovations" have been ripped off of small companies. Apple has a habit of suing small innovation companies, then when the small company simply can't match the legal resources of Apple, they are forced to capitulate and sell out to Apple at bargain prices. Their other modus is to simple steal software, claim it and then when the small innovator tries to sue, they do the same "I've got more lawyers than you" approach.

    A friend of mine in the 1980s developed a hard disk interface for the Apple II. They pulled this on him. They bought him out for a few thousand dollars, rebranded the product and made a bundle.

  25. Delta2 · 1160 days ago

    haha all the anti-apple comments. Apple invading user privacy ?

    Lets talk about Google lol..

  26. James · 1158 days ago

    Note the wording...."such as" can bet it's more then just you email is getting sent in as well.

  27. ms k · 925 days ago

    This article is great and really clear particularly as these are exactly the issues that concern me. Many people around me expressed concern when we read what Apple wants to do and where Apple is going re privacy.

    It is wrong to make comparisons with other companies. An Apple consumer buys Apple and makes a contract with Apple. Therefore, the question is more about what are Apple's values for you as a consumer and do they respect consumer choice particularly privacy in my case. More importantly what they will do for people who do not want to share their data with Apple. The other big question is how much other Apple software does this kind of thing and why?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog