[OM_user]

Just felt I needed to point out an inaccuracy in the article:

In reply to:

---

While the MiniStore is a cool feature there was no way to turn it off, leaving users concerned about what information was being sent back to Apple's servers.

---

This is not true. Clicking the button toggle in the iTunes window or using the command under the Edit menu turns this feature off. That capability was in the initial iTunes 6.02 release. The only thing Apple did in the next iTunes update to appease users was to NOT set it on by default, but instead to show a small explanation of the feature, asking the user if they wanted it on or not.

[wardoggie]

In reply to:

---

...I may be stupid, but I trust Apple not to go prying into what is my business.

---

I may also be stupid, but I'm smart enough to have a little healthy paranoia about how a business operates. Had Apple been forthright about this new "feature", told customers what it was, and given them an easy way to turn it off if they so choose, this would be a non-issue. But they chose to not inform us of this feature, assuming that we wouldn't find out about it and/or that we wouldn't mind if I did.
Personally, I could care less what Apple knows about what widgets I'm running (two at work: calulator and dictionary; I prefer Konfabulator at home). But I do care when they stretch the limits of my trust with this "it's better to beg forgiveness than to ask permission" approach. Is this as bad as Microsoft's WGA feature? Not IMO. But it's one step closer to Microsoft's approach than OS 10.4.6 and earlier.

[macFanDave]

In reply to:

---

and I may be stupid, but I trust Apple not to go prying into what is my business.

---

I agree with you on that first part, tabasco_hot! /forums/ubbthreads/images/graemlins/wink.gif
Ironically, while I trust Apple with thousands of my dollars, I don't like this sneaky kind of move. It would have been easy enough to put a little toggle switch in the "Manage Widgets" panel of the Dashboard to let people opt in or out of this "service." Apple needs to know that we are not going to give up our personal data, no matter how innocuous, without our express permission. I let Software Update check in with the Mother Ship on a schedule I choose, and I expect all future data transfers to happen just as transparently.
You should, too. Then, you wouldn't be stupid.

[griffman]

I posted my thoughts on this bit of 1984ishness in an Editor's Notes entry, and my thoughts are much with yours: this probably would have been a non-issue had Apple just announced it and given us control over it...
-rob.

[jmincey]

"...this probably would have been a non-issue had Apple just announced it and given us control over it."
Right, and we were saying the same thing back when the MiniStore debacle occurred but most of us gave Apple a pass on grounds of having made an honest, good-faith misjudgment. But what are we to think now? Apple is well aware of the uproar that takes place in the wake of such stealth tactics. It knows that a PR hit is in store for such behavior -- and yet it does this anyway?
So what are we to conclude? Another honest, good-faith misjudgment? Or a renegade employee with his head up his...? Or the sign of more nefarious things to come -- maybe a proof of concept?
A company's reputation is a fragile thing; Apple can't trip over many more inept moves like this without doing true damage among its current and future customers.
And to run this risk all for what? For current widgets? That stretches credulity in the extreme.

[griffman]

Or perhaps something as simple as the iTunes team not working closely with the Dashboard team? Or perhaps management knowing that the functionality of the two were so very different they felt (wrongly) it wasn't worth defining as a major feature? Stuff happens.
As I understand it, this has much less to do with up-to-date widgets than it does with the possible security implications of running a widget that's not the same as the widget featured on Apple's site. For instance, you download Yahoo Price Grabber (YPG) from some shareware site. The YPG is also featured on Apple's Widgets site. The Widget Updater will compare your version of the widget to the "official" one provided on the Apple site and insure they're the same. This will prevent people from making "clones" of the third-party widgets and getting unsuspecting parties to run them, thinking they're one thing when they're really just a bunch of wild Javascript that could be doing almost anything behind the scenes.
I find it much simpler (and with lower blood pressure to boot) to live my life not thinking everyone's out to get me. If they are, they're gonna get me anyway, so I'm best off not thinking about it too much. /forums/ubbthreads/images/graemlins/smile.gif
-rob.

[jmincey]

In your article (a link for which you supply above), you say this (of open notification to Apple customers): "I think itd be easier on Apple and easier on the users. Most important of all, its the right thing to do." My question to you is this: Why is it the right thing to do? Might it be for these reasons?
1. A computer and the network to which it's attached is owned by the user and should remain under the control of that user. Any data which passes in or out of one's own computer should be under the owner's full control -- with full knowledge and consent.
2. When a company furnishes new software, whether in the form of an updated version or a new product outright, it is obligated to publish what the software consists of so the user can make an informed decision about it. This takes the form of feature sets, release notes, change logs, history logs, etc.
3. A company should be honest, open, and forthright with its customers about the behavior of its products so that no stealth operations take place unbeknown to the customer.
4. In organizations with many computers, the need to be apprised about I/O activity and network traffic by an operating system is imperative to the formation of trust and a good business relationship with a software developer.
I could go on and on with this list, but I regard the foregoing points as very significant, don't you agree? They may be variations on a theme, but they still -- in isolation and in the aggregate -- are not trifling considerations. This is particularly true since this is the second such fiasco for Apple in less than a year. And yet in your article you describe a reaction of being irked by all this.
Well, I don't think "irked" is a sufficient reaction. I think the Mac media in particular need to be much more than merely irked. We can be irked by bugs in software, but deliberate policies by Apple in which it sends data back and forth from our computers without our knowledge and consent is a serious matter -- irrespective of what the data are. This has to stop -- period.

[jmincey]

"Or perhaps something as simple as the iTunes team not working closely with the Dashboard team?"
Rob, you and I don't work with the Dashboard team either -- right? Nor do we work on the iTunes or iTMS projects. And yet we were well aware of the outcry over the MiniStore issue. Surely you don't mean to suggest that Apple insiders had no idea about this -- an event in which a public hue and cry resulted in a rapid development change in an Apple software team.
"Or perhaps management knowing that the functionality of the two were so very different they felt (wrongly) it wasn't worth defining as a major feature? Stuff happens."
Well, if this is what took place, (and it could well be), then I'm back to my original statement: Someone at Apple is brain dead. It hardly takes a quantum physicist to know that the public wants their computers left the <expletive deleted> alone, and if Apple itself can't figure that out, it needs to get religion on this very quickly.
"As I understand it, this has much less to do with up-to-date widgets than it does with the possible security implications of running a widget that's not the same as the widget featured on Apple's site."
Irrelevant. We should not be diverted by the reason Apple chose to implement this policy. There IS no good reason to implement a covert network contact in which data is passed back and forth without the user's knowledge, participation, or consent. This is the whole issue here -- at least it is for me.
As you say yourself in your editorial, it would be different if only Apple had notified the public and gave us the chance to enable or disable the feature (or to make it automatic or to have a manual update option). And in this you were absolutely right. And the reason this makes all the difference in the world is precisely that the issue is about disclosure. It's not about widgets or security or anything else.
I will not have my computer hijacked by other parties -- regardless of their supposed intentions.
"I find it much simpler (and with lower blood pressure to boot) to live my life not thinking everyone's out to get me."
Of course on this point you are right. I agree. But I want to keep my eyes open all the same. If Apple continues such behavior, then at least some of its customers will not be able to rest as easy with their computers, and that would be a pity.

[griffman]

Sorry, Jeff, but I'm only irked. Really. And this was an Editor's Notes blog entry, not a position paper for Macworld Inc. I was asked to comment on how I felt about the Dashboard Updater, so that's what I wrote about.
I agree with many of the things in your list, but I'd be hard pressed to name even one company that does all of those things, all of the time (see "Yahoo-China," "Google-China," etc. for related examples of how good can be bad). As such, it seems I'm more forgiving than you are relative to allowing a company (any company, not just Apple) to make such errors in judgement -- as long as they're relatively minor in scope, as this one was.
To each his own, and I respect your position, but it's not the one I personally take.
-rob.

[griffman]

"I will not have my computer hijacked by other parties -- regardless of their supposed intentions."
Just curious -- have you used tcpdump etc. to monitor your outbound connections? There are a suprising number of apps that do this silently in the background, without a user preference, and without notifying the user.
And if we go further with this, we'll get into the whole Smart Crash Reports thing, which is another whole can of worms, but very directly related to the functionality of the Dashboard Updater. (Many apps you use may use this, and during the install of the app, the Smart Crash Reports tool is also installed, without your knowledge or permission, usually. It then does some things to help the developers when their app crashes.)
-rob.

[Swordman]

Another prob I have with the 10.4.7 update is the stupid "syncing to .mac" thingy in Mail. I don't have a dot mac account, and never will. Yeah, I had a free one when I bought OS 9, but Apple screwed me out of that.
Anyway, is there a way to shut that thing off in Mail? I now have to wait for additional time in mail for that to check whatever it's checking. With all the times during the day I might check my mail, that's adding up to alot of seconds of wasted time. I can't just quit my email without seeing that now--very annoying!
Anyone else annoyed/bothered/put out by this? Is there a safe workaround or file I can delete that will stop mail from doin this?
--Swordman

[griffman]

I'm not sure exactly what you're talking about? Can you explain in a bit more detail? I haven't noticed any changes in Mail, but I do have a .Mac account...
-rob.

[Swordman]

Command Zero when launching mail will bring up your sending/receiving status bar. Mine now adds something that says "registering prefs with (or syncing prefs) with .mac account)", or something to that effect. Sometimes it's brief, sometimes it takes several seconds. I have broadband and am used to just getting things done. I check my mail and quit it (or keep it running, whatever I choose to do). Now I have to wait for that stupid syncing message before (or after) it checks my email account. You would think it knows I don't have a .mac account, and try to stop syncing with it?
Can I post a picture here? If so, I might be able to capture it, to provide a picture of exactly what's happening.
--Swordman

[Philbert]

If Apple really wanted to "hijack" a user's computer, I imagine there are much "stealthier" ways to go about it. Think about that the next time you run Software Update.
For us less paranoid users ... yawn.