3 key things to know about Yosemite and security

Like its National Park namesake, Apple's newest operating system can be imposing, perhaps even a little daunting to newcomers. And although you won't find any bears in the digital version of Yosemite, that doesn't mean it's danger free. After all, online security is rarely a walk in the park--and these three features of Yosemite could potentially impact your security.

Spotlight knows where you are

Spotlight became a lot more useful in Yosemite, but it also became more talkative. That's because in order to return information about local services such as restaurants and other retail establishments it needs to know your location. That sounds logical, but it raised concerns from privacy advocates--and privacy-minded users--about just what information was being transmitted and what else it might be used for.

For its part, Apple says it's taken privacy concerns into consideration with Spotlight's new features, and even spells out its policy within the Security and Privacy pane in System Preferences:

In a response to The Verge, the company got even more specific, saying it uses a temporary identifier that resets every 15 minutes and that only a user's approximate, "blurred" location is transmitted. Additionally, the information is transmitted over a secure HTTPS connection.

If you're still not comfortable with that kind of information being transmitted, you can opt out of location-based search results by launching System Preferences, selecting Security & Privacy, clicking the Privacy tab, clicking the Details button next to System Services, and disabling Spotlight Suggestions in the resulting sheet.

Continuity: Sharing your data with yourself

Yosemite's much-touted Continuity features allow you to use your Mac and iOS device in a more tightly integrated way. You can start composing an email message or Pages document on one device and continue working on it on another device. You can do much the same with iMessages, SMS texts, and even phone calls. You can even connect your Mac to your nearby iOS device and send files via an improved implementation of AirDrop--all without ever entering a password.

How secure can that be? The trick to keeping it secure is in Apple's implementation. It uses a secure form of Bluetooth LE (for Low Energy) 4.0 for the connection, and will only connect devices that use the same Apple ID, signed into iCloud. Only then will the Handoff features be enabled.

Given the systems limitations imposed and the fact that adding a Bluetooth LE dongle to your older Mac won't enable Continuity, it's likely there are other checks in place as well. But in typical fashion, Apple's not saying.

Still feeling cynical? You can opt out of this feature as well, even if you want to stay logged into iCloud on all your devices. Just go to the General pane in System Preferences and make sure the box next to Allow Handoff between this Mac and your iOS devices is unchecked.

Yes, you can change Safari's new URL display in Yosemite--but here's why you might not want to

You may have noticed a change in the way Safari displays web addresses in Yosemite. If you don't like it, you're certainly not alone--our own Kirk McElhearn dubbed it one of Yosemite's most annoying quirks. You may even be considering changing it back to the old behavior. It's certainly easy enough to do (and I'll even tell you how shortly), but before you jump on the give-me-back-my-full-web-address bandwagon, allow me to suggest that you leave things just the way they are.

Prior to Yosemite, Safari (and most other web browsers) displayed a web page's full URL--or at least as much of it as would fit in the address field. Beginning with iOS 7 (and continuing with Yosemite), Apple showed only the domain of the web page. In other words, if you visited www.apple.com/mac or apple.com/iphone, both would appear simply as apple.com in Safari's address field.

It's easy to assume that Apple altered the URL display solely because it liked the cleaner look. But the change also carries a security benefit, and aesthetics aside, that's why you might want to leave things just as Apple intended.

Say what you will about hackers, phishers, and other seedy denizens of the Internet, they can be a clever bunch. For one thing, they figured out that people were used to incredibly long, server-generated URLs, and stopped paying much attention to what appeared in the address field. They took advantage of this by creating intentionally long and convoluted addresses that spill out the back of the visible address field so that you can't see the real domain appended at the end. That .com you see early in the address may have another dot to the right, rather than a forward slash, which means that first whatever.com is bogus.

Apple's new display method cuts through all the clutter and shows us the real domain--front and center and stripped of all misdirection.

It's also worth noting that when you're on a legitimate, secure site, even the padlock indicator shares center stage with the domain name, arguably making it even more noticeable than in previous iterations.

So, before you revert back to that pre-Yosemite display, consider that it might be doing you a favor. And bear in mind that if you want to see the full URL in Yosemite, simply click in the address field and you'll see your web page's full URL in all its geeky, near-infinitely-long glory.

If you're still not convinced, open Safari's preferences, select Advanced, and enable the Show full website address option near the top of the window.

All's well that ends well

Staying safe online is a balance between convenience and security. Yosemite boasts lots of new features that make your Mac more useful than ever--especially in combination with your iPhone or iPad. Apple has put a lot of thought into its security and privacy implications. But to the company's credit, these features are all optional for those who don't consider the rewards worth the risk.

Tags AppleOS X Yosemite

Show Comments