[Research] – Stop OSX Spotlight from sending your location

/ Uncategorized / By

Hey dear readers it’s been awhile,

tldr; How to avoid apple from yelling out your location to their servers

Bildschirmfoto 2015-06-15 um 00.51.23

I personally like to use the Searchlight function of OSX, it provides me a fast way to access my files – but this it also sends my geolocation to apple everytime i do a search. This blogpost will be about how to disable or at least prevent the built-in search function “Searchlight” from sending your IP-location to the Apple Servers.

But first have a look at what’s being sent:
GET /search?q=asd&latlng=48.082000,8.640000&geosrc=wifi,155.643824&storefront=143443-4,13&locale=de-DE&time_zone=Europe/Berlin&calendar=gregorian&key=montana4289 HTTP/1.1
Host: api.smoot.apple.com

This request was captured during a Burp session.

What you can see here in the Parameters

  • q is the Query you send to the the Apple Servers
  • latlng is the Latitude and the Longitude of your current (IP) location

I think it’s needless to say that those information should stay private (at least in my opinion). If you want to keep your searches fancy you can stop reading here, preventing the geolocation will change your search experience but you will gain some privacy back 🙂

How To: 

So the first way – Old School /etc/hosts

The /etc/hosts is a local text file that tells the system how to resolve an IP-Address to a Domain. The clue here is to point the Apple domain api.smoot.apple.com to the localhost address of your machine (127.0.0.1) this will tell the system to resolve every request to api.smoot.apple.com to the localhost address, thus leading nowhere. To do so:

1. Open a terminal
2. sudo vim /etc/hosts
3. Enter the following 127.0.0.1 line api.smoot.apple.com
4. Clean the DNS cache sudo discoveryutil mdnsflushcache
5. All set 🙂

Bildschirmfoto 2015-06-15 um 00.58.39

Second Way – Little Snitch

I don’t want to promote anything here, but the Little Snitch software is worth buying. Little snitch helps you to organize every incoming and outgoing connection, you can simply add a rule for the Spotlight search:

You want to disable the locationd Service that tries to connect to gs-loc.apple.com – forever  Bildschirmfoto 2015-06-15 um 01.17.29

you are done 🙂 Privacy saved.

If you enjoy this – give me a feedback as a comment here or drop me an email at patrik.fehrenbach(at)it-securityguard.com if you guys are interested i might do a complete writeup about an OSX hardening.

Related Posts

Log in

Start typing and press enter to search

en_USEnglish
de_DEGerman en_USEnglish