After installing the firewall application called Little Snitch, I watched which applications on my Mac OS X are connecting to the Internet. Two notable services appeared – locationd and assistantd. The first is trying to determine your location based on checking nearby WiFi networks and asking Apple database for location of these networks. For example, calendar service or online maps use this service. Assistantd deals with text dictation and it’s similar to the popular service Siri or OK Google.
For Location privacy, we can choose the applications that have access to the resolved location (go to System Preferences / Security & Privacy and Privacy tab):
If the Location Services are turned on, the computer is trying to figure out the location periodically. Turning it off gives us additional privacy, but Find My Mac service stops working. In my opinion, the Find My Mac service is almost useless (unlike the version for phones). This service requires an active Internet connection to work, which means that the laptop has to be connected to a known network. If your computer is stolen and is encrypted and password protected (see our video tutorial how to enable hard disk encryption on OS X), the attacker cannot connect to an unknown wifi without reinstalling the OS. Therefore, I decided to turn Location Services off completely.
Dictation (similar to Siri) on OS X sends your entire contact list to Apple servers by default. This helps the online dictation service to determine which contact you spoke about. Sound of your voice is of course also sent to Apple’s servers, which return a text representation of the recording. Few people know that OS X can also use local voice recognizer that works even when you are offline. This prevents the sending of your contacts to Apple voice servers. If you happen to accidentally press the recognition key (default is double pressing of the Fn key), it sends the recording of sounds around you to Apple.
The correct setting looks like this (you get to it via System Preferences / Dictation & Speech )
How do you make sure that even after proper configuration, these or other programs do not send anything to the Internet ? I mentioned Little Snitch firewall and there’s also HandsOff, which is a similar alternative. Both are user friendly, but not free. If you just want to allow or deny access to the Internet per application, I suggest an alternative firewall called TcpBlock, which is free. You may have noticed also a standard Firewall in Security & Privacy preferences. This firewall restricts incoming connections from the Internet to your computer. To limit where applications connect, you need an outgoing firewall, such as TcpBlock, Little Snitch Snitch or HandsOff.
