[Groovy]

ok I'm not sure if this has been talked about before but it is the first time I ran into it
or heard about it myself so I'm posting a beware!

So I download this app off version tracker. It is free but you have to register.
The app is called "You Control Tunes" it is a nice app. Anyway on first launch it puts
up a dialog box and in the text fields are my full real name and main e-mail account.
I was like WTF? Where did it get that info. My e-mail account no big deal since I use
that all the time but my full real name I have NEVER put my real name on my computer
in such a way that any app could find instantly in a standard place. They would have
to scan into random place documents (so i thought)

So i did a search of ALL CONTENT with my real name. BOOM i found it in Apples address
book data file.

There in the address book is a card with all the info i REGISTERED with when
i bought my G5 and did the registration online with apple. Not just my name
but my address and other info.

Apple took that info and made a card of it in the address book. After a quick scan
of the dev docs at apples site I see that ANY app has access to that info. Yes
even your home address and phone number.

i deleted the card of course and launched "You Control Tunes" and this time
none of the text fields had any of my personal info.

F@#$ now i wonder what other apps read my info but were not nice enough to
let me know they did it.

I can't believe apple would send that info to the address book to begin with but
to also allow apps to access that info is just insane.

[jasong]

I think the subject line should be in all caps . . .

-- Jason

[Brass]

Sounds perfectly reasonable to me. In fact, if the OS installer didn't do it for me, I'd be creating my own card with all the details in it myself. And I WANT it to be available to other applications. I want fax software, email software, envelope addressing software, etc, etc, to be able to find that information without jumping through hoops to do so.

None of that information is terribly private - it's only available to application that are run as myself. And as you've discovered, you can easily remove it.

[yukon]

This is the price of interoperability, applications can request info of other applications, and your info is magically shared. Saves time, no?

Remember, any personal info you put into the computer, anything on your computer could have access to it. If you're that worried, rebuild your addressbook, toss your SendRegistration file, and don't tell the next installation any of your information. Oh, only run applications you trust, and if you don't trust anything then get an application level firewall.

[wataru]

This is a non-issue: The OS X info-gathering welcome screens have always put your data into the Address Book. If you don't want your info there, just don't put it in. It's that simple. For the other 99% of users, it's a convenient, time-saving feature.

[ManOfSteal]

That's it, I'm off to using XP after this awesome discovery...

[aaanorton]

I just checked and he's right! But not only that, in the little picture box, it says "me". So if anyone ever broke into my house, he/she'd know my name and home address! AAAAAHHHHHHHHH!!!

[Link]

Taking computer paranoia to a whole new level.

[jasong]

OMG!!! I have my picture in my Address Card, if anyone broke into my house, not only would they have my address, they would know what I look like!

-- Jason

[Millennium]

Actually, I'd very much like to see a Little Snitch-like app for controlling which apps have access to the Address Book. Although Groovy may be overreacting, this is a privacy issue, and could also become a vector through which worms can spread when they're written.

This is something Apple should have integrated into the OS in the first place, similar to their "Running for the first time" thing that they've had to do recently. The first time an app tries to access the Address Book, you get a dialog, asking whether to allow access only that time, to automatically allow access in the future, or to deny access.

[badidea]

That's exactly the reason why I never told my computer who I am!
If my computer doesn't know me, no app or hacker can ask my computer to tell them who I am!

[Millennium]

Originally posted by badidea:
That's exactly the reason why I never told my computer who I am!
If my computer doesn't know me, no app or hacker can ask my computer to tell them who I am!

I don't care so much about my own Address Book entry. I do, however, care about my other Address Book entries. I see this as a potential vector for Trojan horses and worms. A simple allow/disallow dialog would go a long way toward reducing the risks.

[CatOne]

Originally posted by manofsteal:
That's it, I'm off to using XP after this awesome discovery...

Holy cow, gorickey! You changed accounts when you hit 100K or whatever, and that was like a month ago, and you already have more posts on this new account than I do in almost 3 years!

You need to work more, or whatever you do when you're not posting

[IamBob]

I have a throw-away account for testing new apps, why don't you?

+1 for a dialog.

[Groovy]

Originally posted by Brass:
Sounds perfectly reasonable to me. In fact, if the OS installer didn't do it for me, I'd be creating my own card with all the details in it myself. And I WANT it to be available to other applications. I want fax software, email software, envelope addressing software, etc, etc, to be able to find that information without jumping through hoops to do so.

None of that information is terribly private - it's only available to application that are run as myself. And as you've discovered, you can easily remove it.

but you use Apples address book. i do not. I do not use Apple mail app either.

if Apple TOLD US they were gonna do that then give us the option
to NOT have it do that then fine by me. The problem is I had no idea
Apple did that and even WORSE that other apps could access that info
and they HAVE.

You may like it but i hope you realize apps have taken your info
and sent it to their servers over the internet without you knowing it.

What is a trojan or virus used that info. WHat if some shareware accesses
that info and sells your name for some mailing list etc...

Originally posted by Brass:
[B
None of that information is terribly private - [/B]

Are you kidding me? Your real name and address and phone # is is not private?

Originally posted by Brass:
[B
None of that information is terribly private - it's only available to application that are run as myself. And as you've discovered, you can easily remove it. [/B]

Any app can read that info. not just ones you launched yourself.

Futhermore, You can only remove it IF you know about it. See the problem?
Apple not telling me they did that is a BAD thing. For all i know dozens of apps
have sent that info to their servers just like this app would have done
but was at least nice enough to tell me it was gonna do it.

[Groovy]

Originally posted by yukon:


Remember, any personal info you put into the computer, anything on your computer could have access to it. If you're that worried, rebuild your addressbook, toss your SendRegistration file, and don't tell the next installation any of your information. Oh, only run applications you trust, and if you don't trust anything then get an application level firewall.

sure my info is on my mac but in files I made and know about and not
something Apple did behind my back. There is a HUGE difference
between my personal info being in a word document which i wrote and
that app would have to scan all files on my drive to find it and then guess
what is what in that document versus doing exactly what this app did and
get personal info in a place they know apple stores it without telling us.

it is not the end of the world and why i said in my first post to beware.

My post was for those people who do NOT know apple does this and
that other apps are reading that info and sending it to their servers.
Just like this app was about to do if I didn't stop it.

[Groovy]

Originally posted by wataru:
This is a non-issue: The OS X info-gathering welcome screens have always put your data into the Address Book. If you don't want your info there, just don't put it in. It's that simple. For the other 99% of users, it's a convenient, time-saving feature.

i disagree. I had no idea Apple did that because like many people I do not use apples
address book or mail app. So far it is only a non issue to people who KNEW apple
did that. Apple should only do that if you say YES some where in registration
process to allow that.

Also it is not so much that apple did that as the fact that ALL apps have access to that
info without first having to ask you for access.

You think it is a non issue but i bet you a bunch of apps read your personal info
and you never knew it.

[Groovy]

Originally posted by Millennium:
Actually, I'd very much like to see a Little Snitch-like app for controlling which apps have access to the Address Book.

yes this would be good.


[/B][/QUOTE]
Although Groovy may be overreacting, [/B][/QUOTE]

nahhhh

This is pretty major stuff and if you read my first post the first thing i said was

"ok I'm not sure if this has been talked about before but it is the first time I ran into it
or heard about it myself so I'm posting a beware!"

I never mentioned grabbing pitch forks and attacking Steve Jobs

[Groovy]

Originally posted by Millennium:
I don't care so much about my own Address Book entry. I do, however, care about my other Address Book entries. I see this as a potential vector for Trojan horses and worms.

good point. yeah that would be real bad

[Groovy]

Originally posted by IamBob:
I have a throw-away account for testing new apps, why don't you?

total kludge. A computer should make things EASIER on your life not
harder with jumping through hoops making test accounts and moving around
pref files once you think the app is ok etc...

A test account. wow and here i thought i was paranoid
you must really feel apple dropped the ball big time

[yukon]

I would like the idea of a "application firewall" for file access. If a program wants to alter a file, access or delete a file, I want to be able to stop it. In fact, I think a Windows firewall did this, not sure if it was ZoneAlarm or TPF or the Kerio one, all I remember is that it was a cool feature but got annoying fast.

To be honest, a truly privacy-concious person wouldn't be putting their personal info into their computer if it could be avoided, just as someone wouldn't put that on the internet. If I tell the MacNN forums that I'm Jackie O'Hara living at 42 Oakridge in northern New Hampshire, then I have no reason to expect any random person to be able to find that out. If I run applications I don't trust, I give them access to the files on my HD - not really anyone's fault but mine, though as stated above I would like a way to be able to run untrusted applications AND control what they see and do. Maybe I need to figure out how to run OS X GUI-based apps in chroot or just run them as an even less privledged user, until then I'll only store personal information on machines that only have programs I trust.

edit: Many windows malware programs (wanting to call them a cross between a worm and a trojan) use the address books to send copies to friends and family posing as the user. I believe KDE/GNOME are working hard ATM (at least KDE is) to strive for interoperability between applications, to get the addressbook information over to the instant messaging program, etc.

[Kristoff]

Originally posted by Groovy:

Are you kidding me? Your real name and address and phone # is is not private?

Uh, nope...it's not.

Guess what? I can find out whether you rent or own, and if you own, I can find out how much you paid for your house, how much you put down, who the lien holder is the interest rate, and the term. Just about the only thing I can't find out is anything between you and your doctor, or you and your lawyer. Everything else is a matter of public record.

As Scott McNealy said "You have no privacy....get over it."

And, your next passport will have RFID.

[Xeo]

If you run Little Snitch, you never have to worry about anything you getting out that you don't want. But Millennium's idea for Address Book makes sense and would be painless to the user. It'd be good if Apple implemented it.

[aaanorton]

Originally posted by Groovy:
You may like it but i hope you realize apps have taken your info
and sent it to their servers over the internet without you knowing it.

Like what apps exactly? Be precise please.

And what if TRAINED ASSASSINS kidnapped you on your way TO the Apple STORE? They could then hold you at dart point til you told them your ADDRESS and PHONE number. Or what if they figure out how to send an electric SHOCK through the wiring of your home that comes up through your keyboard and into your FINGERTIPS??? They could ELECTROCUTE you to DEATH. Or they could USE the fingertip SHOCK treatment to BRAINWASH you and MAKE you fill out a web form WITH your NAME, ADDRESS and PHONE number! Best to just sit IN YOUR OWN HOME with the lights and other electrical devise OFF always. Much safer.

[turtle777]

Originally posted by jasong:
OMG!!! I have my picture in my Address Card, if anyone broke into my house, not only would they have my address, they would know what I look like!

Mwahahaha

They could steal your soul !

-t

[jfinete]

Originally posted by Xeo:
If you run Little Snitch, you never have to worry about anything you getting out that you don't want. But Millennium's idea for Address Book makes sense and would be painless to the user. It'd be good if Apple implemented it.

NEWSFLASH: Any application you run has the potential to read, modify, or delete any of your files. Most people consider this part of a normal, computing experience.