Mojave becoming like windows " the real spy "

[Bion1nc]

Hello everyone,

I'm new here, do not know what to say but hey I was looking at /private/var/db/analyticsd there you will find a folder called " aggregates " by defaults it is locked and for a reason, unlocking it will reveal a bunch of files on everything we are doing on our machines and reports to apple and it seems to me that in this new version of macOS we are being tracked down even more.

The CoreAnalytics artifact provides a historical and current perspective on program execution, on a near-daily basis. This data is derived from two sources:

• Files with the extension .core_analytics in /Library/Logs/DiagnosticReports/ that are comprised of JSON records: The first two records can be parsed to reveal the timestamps that the diagnostic period began and ended; the data following those records indicates system and application usage over the diagnostic period.
• Files with GUID-like names in /private/var/db/analyticsd/aggregates/ that are comprised of nested arrays: The subsystems that report to the analytics daemon temporarily stage program execution data in these aggregate files, for the current diagnostic period. The staged data is typically pushed to a .core_analytics file at the end of the diagnostic period.

The diagnostic period is defined within the .core_analytics files within the first two lines, which establish the times that the period began and ended. Each diagnostic period ends at the first system sleep or shutdown after 00:00:00 UTC. As mentioned above, data for the day is staged in aggregate files before being submitted to a .core_analytics file for longer-term storage at the end of the diagnostic period. Consequently, CoreAnalytics cannot be used to determine the exact time that a program was executed, but can be used to determine the time frame (approximately within a 24-hour period) in which the program was run.

Anybody looking at this already how we could prevent the system to send back everything we open ( evidence of program execution ).

I am going to keep my eyes on that and see if I can lock files to prevent the system to send, what I have done so far, is "aggregates folder" > get info > and by default _analyticsd as read only and I changed to write only dropbox and remove every files there. I do not know if this will do something or not. and I will do the same to the other folder.

A quick opening of the files in the aggregates folder with Hex Fiend editor and it will show you everything you have done, installed... everything.

 

[SoyCapitanSoyCapitan]

A quick opening of the files in the aggregates folder with Hex Fiend editor and it will show you everything you have done, installed... everything.

'Everything' is an exaggeration. The logs only capture system configuration and events. They don't capture private personal data or your documents. Every modern OS has this for the sake of keeping the system operational, tracking errors and fixing bugs.

 

[keysofanxiety]

There’s always been something similar on MacOS. How else do you think the Console reads application crash logs for the last indefinite timescale? They’ve got to be stored somewhere.

The reason this is now “locked down” is because it’s protected by System Integrity Protection to increase privacy (by preventing third party apps from reading or capturing it), rather than to feed some tracking conspiracy as you’re suggesting.

 

[ApfelKuchen]

Go to System Preferences > Security & Privacy > Privacy > Analytics. You can choose whether to Share Mac Analytics with Apple, Share with App Developers, and/or Share iCloud Analytics. You can also click the About Analytics and Privacy... button.

As to why they're collected automatically? It can be very, very hard to answer the question, "Why did this system crash?" if it's not already logging prior to the failure. No logging = no bug squashing.

 

[Bion1nc]

'Everything' is an exaggeration. The logs only capture system configuration and events. They don't capture private personal data or your documents. Every modern OS has this for the sake of keeping the system operational, tracking errors and fixing bugs.

Hello SoyCaptitanSoyCaptitan,
First thank you for answering and giving me your point but you think that this is an exaggeration?

Well how would you explain that the CoreAnalytics: Determine the extent to which a system was in use, with accuracy up to one day, that it determines which programs were run on a particular day, whether in the foreground or in the background, that it determines how long, approximately, a program was running and/or active, as well as provide an approximate number of times the program was launched or brought to the foreground interactively
I think that what I discribed has provided a technical overview and analysis of the CoreAnalytics artifacts found in macOS, as well as a means for " investigators " to parse this artifact into a more digestible format.

I can elaborate the above more if it does not suffice...

 

[chrfr]

Hello SoyCaptitanSoyCaptitan,
First thank you for answering and giving me your point but you think that this is an exaggeration?

Well how would you explain that the CoreAnalytics: Determine the extent to which a system was in use, with accuracy up to one day, that it determines which programs were run on a particular day, whether in the foreground or in the background, that it determines how long, approximately, a program was running and/or active, as well as provide an approximate number of times the program was launched or brought to the foreground interactively
I think that what I discribed has provided a technical overview and analysis of the CoreAnalytics artifacts found in macOS, as well as a means for " investigators " to parse this artifact into a more digestible format.

I can elaborate the above more if it does not suffice...

I also think it's an exaggeration. If you turn off the option to send analytics, all of that data goes nowhere.

 

[Bion1nc]

Go to System Preferences > Security & Privacy > Privacy > Analytics. You can choose whether to Share Mac Analytics with Apple, Share with App Developers, and/or Share iCloud Analytics. You can also click the About Analytics and Privacy... button.

As to why they're collected automatically? It can be very, very hard to answer the question, "Why did this system crash?" if it's not already logging prior to the failure. No logging = no bug squashing.

Well it's been a while that I have uncheck the privacy I have always done that, but it has nothing to do with this anymore the collection is happening regardless of settings. What I am trying to do is too find a permanant solution to disable this permanently

I mean the issue I am talking here is that the analyticsd process is very noisy in the log and this wasn't the case prior High Sierra and Mojave.
I assume that frequent "out of bounds" log entries exist in iOS also right? Then assuming your macOS version is up to date that particular log entry has absolutely no effect on performance -- but running Console does!

I mean come on even Homebrew now has enabled anonymous aggregate user behaviour analytics...

Has anyone else noticed also a lot of activity from this, despite not enabling/authorizing it?
[doublepost=1539955417][/doublepost]

I also think it's an exaggeration. If you turn off the option to send analytics, all of that data goes nowhere.

" analyticsd " is running regardless if you permit it or not, and that does not sound right to me.
[doublepost=1539955611][/doublepost]

There’s always been something similar on MacOS. How else do you think the Console reads application crash logs for the last indefinite timescale? They’ve got to be stored somewhere.

The reason this is now “locked down” is because it’s protected by System Integrity Protection to increase privacy (by preventing third party apps from reading or capturing it), rather than to feed some tracking conspiracy as you’re suggesting.

" Our Security " what are we giving away in name of our security ... wake up!!! that's your privacy you are giving away!

 

[keysofanxiety]

" Our Security " what are we giving away in name of our security ... wake up!!! that's your privacy you are giving away!

That's absolutely right. Let's just break it down.

1) Apple, one of the largest and most scrutinised tech companies in the world, who constantly talk about privacy, are stealing all of our data. A single privacy issue, regardless if it's from phishing and not a hack (iCloud celeb leaks), is ripped to pieces in the media.

2) In this instance, Apple is clearly logging everything we do, sent directly to Apple's servers, which has somehow escaped the eyes of, say, everybody else.

3) The only trouble is, the "data" in question that you cite are application logs which have existed on every iteration on OS X/macOS. These exist so that bugs can be fixed and crashlogs can be sent to developers, and they will either be automatically sent if you're running a beta, or manually transmitted if you choose.

4) Now it's locked with SIP to prevent other applications from accessing it. But the fact it's locked means that... it must be shady, right?

5) The folder isn't hidden. So, not a very good job to try and hide their nefarious behaviour.

So with the above in mind:

• It's either a massive global conspiracy, involving literally thousands of employees and overlooked by every security expert in the industry, OR -
• You've maybe, just maybe, misunderstood the purpose of the folder and you're overreacting.

wake up!!!

See above.

 

[ApfelKuchen]

I'm surprised you haven't mentioned Saved State yet (or call it auto-save, if you will). That's the feature whereby everything (or nearly everything) comes back immediately after a crash. That makes it an automatic background process that "steals" precious CPU ticks. Imagine how much more work our CPUs could do if they weren't so busy saving everything we do... in order to prevent the work of reconstructing whatever we'd done since the last time we remembered to click File > Save or press CMND + S.

Yeah, that's what I want... more work for me so that my poor, overworked machine doesn't have to work so hard.

I think the whole thing is pretty simple. Yes, some of these logging processes jump to the top of Activity Monitor when the system is otherwise barely working - when total system usage is low, logging may be a high percentage of what little activity is going on.

I have Activity Monitor running full-time. It's telling me that your little bugbear analyticsd represents all of 0.0% CPU. It may be running, but it ain't bogging down my system performance. Now, sysmond just popped up to 9.0% CPU... Oh, yeah, that one only runs when I'm running Activity Monitor (1.9% CPU). It's nearly quantum-mechanical. We can't observe a particle without influencing it.

Overall CPU load at the moment? System 15.18%, User 7.37%, Idle 77.45% Moral of the story? Writing social media posts makes our biological brains work a lot harder than our silicon brains. My iMac is in a near-perpetual wait state, awaiting my next pithy turn of phrase.

Of course, those logs do take up precious HDD resources. Let's see... Library/Logs is a whopping 114 MB. ~/Library/Logs is another 150 MB, and private/var/logs is 370 MB. 634 MB, or 0.634 GB, or 0.000634 TB (give or take a decimal place). Oh, the waste!

 

[SoyCapitanSoyCapitan]

Hello SoyCaptitanSoyCaptitan,
First thank you for answering and giving me your point but you think that this is an exaggeration?

Well how would you explain that the CoreAnalytics: Determine the extent to which a system was in use, with accuracy up to one day, that it determines which programs were run on a particular day, whether in the foreground or in the background, that it determines how long, approximately, a program was running and/or active, as well as provide an approximate number of times the program was launched or brought to the foreground interactively
I think that what I discribed has provided a technical overview and analysis of the CoreAnalytics artifacts found in macOS, as well as a means for " investigators " to parse this artifact into a more digestible format.

I can elaborate the above more if it does not suffice...

Ok man you sold me. I’m gwan be paranoid now. Gwan build me a custom Linux computer, download some old wares apps for downloadz movies because The Illuminati in Apple and Netflix coming for me. Gwan buy me some shitcoinz, hodl and live in mom’s basement until the corporations tell me sorry. Gwan buy me gunz to protect me 4chan living style.

 

[fisherking]

Ok man you sold me. I’m gwan be paranoid now. Gwan build me a custom Linux computer, download some old wares apps for downloadz movies because The Illuminati in Apple and Netflix coming for me. Gwan buy me some shitcoinz, hodl and live in mom’s basement until the corporations tell me sorry. Gwan buy me gunz to protect me 4chan living style.

best idea ever

 

[cincygolfgrrl]

Ok man you sold me. I’m gwan be paranoid now. Gwan build me a custom Linux computer, download some old wares apps for downloadz movies because The Illuminati in Apple and Netflix coming for me. Gwan buy me some shitcoinz, hodl and live in mom’s basement until the corporations tell me sorry. Gwan buy me gunz to protect me 4chan living style.

Brilliant!

 

[Bion1nc]

Previously " Charset " banned but back under the profile that I had " I did not even remember that was years ago " Sorry MacRumors Profile that I had in 2014, completely forgot about that and that's why I got banned actually.


so here is what I had to say before I got banned ....
[doublepost=1540140695][/doublepost]

That's absolutely right. Let's just break it down.

1) Apple, one of the largest and most scrutinised tech companies in the world, who constantly talk about privacy, are stealing all of our data. A single privacy issue, regardless if it's from phishing and not a hack (iCloud celeb leaks), is ripped to pieces in the media.

2) In this instance, Apple is clearly logging everything we do, sent directly to Apple's servers, which has somehow escaped the eyes of, say, everybody else.

3) The only trouble is, the "data" in question that you cite are application logs which have existed on every iteration on OS X/macOS. These exist so that bugs can be fixed and crashlogs can be sent to developers, and they will either be automatically sent if you're running a beta, or manually transmitted if you choose.

4) Now it's locked with SIP to prevent other applications from accessing it. But the fact it's locked means that... it must be shady, right?

5) The folder isn't hidden. So, not a very good job to try and hide their nefarious behaviour.

So with the above in mind:

• It's either a massive global conspiracy, involving literally thousands of employees and overlooked by every security expert in the industry, OR -
• You've maybe, just maybe, misunderstood the purpose of the folder and you're overreacting.

See above.

Woooow thank you so much for answering, I mean I did not mean to be an ass but we need to stand, I only noticed it, up recently on High Sierra and this where all started.


If you open the terminal and type:


ps -ef | grep analyticsd and hit enter, it is run by user 263, which is

> dscl . -list /Users UniqueID | grep 263_analyticsd 263


Now, there is a user _analyticsd created on the system, despite me not accepting the feature at install.


I have tried chmod 0 on that path /Library/Logs and it seems locked and if you check the Get info on that folder you will see that the " analytics user " is gone, but when I try to shut the /private/var/db oh boy that's another story that guy doesn't go away and my SIP is disabled... So something id definitely weird.


now as far as bugs go reporting to Apple, there are bugs in every macOS release, just as there are bugs with any complex operating system. There will always be bugs in every operating system there will ever be. Though addressing them is a continuous process with no end.


I hope I am paranoid and overreacting...


I am trying to find a clean way to shut that ******* stuff down ...
[doublepost=1540140896][/doublepost]Now even HomeBrew has started doing this ... https://docs.brew.sh/Analytics so Paranoid I do not think so.

 

[The Hammer]

I'm making a tinfoil hat.

 

[fisherking]

I'm making a tinfoil hat.

you don't have one already?

 

[StellarVixen]

...

It is OK to be concerned. I, am too, a privacy freak. But, I also understand that this kind of information is vital for maintaining the Mac OS and making it stable and solid like it always was, and there is absolutely nothing in these logs that can compromise one's privacy by exposing sensitive personal data.

And everything that even contains private data, goes through the algorithms involved in Apple's differential privacy system.
Apple is very clear on this, and as long Tim Cook is CEO, I trust Apple. I really do.

As for Homebrew, yeah, I do not like what they are doing now, but you can use MacPorts or even Fink.

EDIT: Who am I talking to, this guy got suspended...

 

[The Hammer]

you don't have one already?

I didn't think I needed it before.

 

[fisherking]

I didn't think I needed it before.

that's what they wanted you to think....

 

[Spazturtle]

All operating systems keep logs and have done so for at least the past 30 years, if they didn't then how would you fix things when they go wrong?

 

[blueorange38]

Install Little Snitch so you can filter what actually makes it off your computer. It's an outbound firewall.

 

[Bion1nc]

Install Little Snitch so you can filter what actually makes it off your computer. It's an outbound firewall.

Little snitch the worst thing in the world.. a firewall what does this as to do with this?

chmod 0 will shut everything down...

 

[212rikanmofo]

I can also recommend little snitch. It's a must have if you want to control incoming/outgoing traffic.

 

[fisherking]

Little snitch the worst thing in the world.. a firewall what does this as to do with this?

chmod 0 will shut everything down...

why is little snitch 'the worst thing in the world'??? ....

 

[212rikanmofo]

why is little snitch 'the worst thing in the world'??? ....

Yeah I have no idea about that comment at all. Little Snitch is a great tool to have.

 

[abidjan]

Thanks Charset for pointing this very important issue out. I believe everyone one should know about it because:
1. This is an issue of Apple's credibility. As a good business practice, you don't collect data when the consumer said no to it.
2. It's not just collecting the data, but we have noticed that it slows down the system considerably. Even if you are not running any resource intensive program, that extra apple user, that's collecting data and transmitting it on the go, slows down the system beyond belief. The question is: Why should the apple serve its end at my cost despite the fact that I pick up "no" in the set up to data collection from the system.

All business are businesses and operate to make a profit but if their ratio of making a profit and benefiting the consumers/clients is 50-50%, Apple is not even 10% conscious of the end user needs and concerns. It's 99% focused on self-aggrandizement.

Sooner or later, media will have a hint of this little user that Apple plants in the systems of unaware customers and it would have nothing to say except apologizing and coming up with lame excuses like in the case of deliberately slowing down iphones.