PDA

View Full Version : Is Apple spying on my Mac?



NC5P
10-23-2009, 03:06 AM
My Mac is constantly (every few minutes) sending packets on port 123 to Apple HQ at 17.151.16.20 Does anybody know what the computer is sending and why? I'm concerned that it is reporting my keystrokes and or sites visited. This sounds more like a Microsoft trick.

KA7O
10-23-2009, 03:16 AM
Get your self a packet sniffer - see what's inside those packets.

Something like Wireshark - dunno if they have an OSx version or not. But, it is normally a *nix app.

EDIT:
DOH!! Sorry, I'm being dense. You told me what it's all about already. Port 123 is used for Network TIme Protocol (NTP). Your PC is calling a pre-defined NTP server to re-set it's internal clock and verify that it's working correctly. You should be able to configure and use whatever NTP server you'd like. See http://www.pool.ntp.org for some public options.

Here, read up on NTP (http://en.wikipedia.org/wiki/Network_Time_Protocol). Pretty cool stuff! (I should have clued in earlier - I run a flip'n statum 3 NTP server here.)

KE5SZY
10-23-2009, 03:53 AM
Yup ...that is a time server and 123 is used for NTP. Your machine is merely updating its time from the server.

N2RJ
10-23-2009, 01:08 PM
Every few seconds? That sounds a bit extreme just to keep a home computer's clock in sync.

Yeah yeah, I know how ntp works... just sayin'

N3XP
10-23-2009, 01:22 PM
My Mac is constantly (every few minutes) sending packets on port 123 to Apple HQ at 17.151.16.20 Does anybody know what the computer is sending and why? I'm concerned that it is reporting my keystrokes and or sites visited. This sounds more like a Microsoft trick.

Nope Mac is track you for advertising purposes. They use port 123 to mask this activity as (NTP) time updates. It's sort of like malware writers using port 53 to mask suspicious activity as legitimate DNS.

Mac has become the big brother it fought against. What a shame.

AF6LJ
10-23-2009, 01:29 PM
Nope Mac is track you for advertising purposes. They use port 123 to mask this activity as (NTP) time updates. It's sort of like malware writers using port 53 to mask suspicious activity as legitimate DNS.

Mac has become the big brother it fought against. What a shame.
It was Jobs intention all along.
A computer shouldn't need to make a call to port 123 more than every twelve hours.

N2OBS
10-23-2009, 02:38 PM
YES. It's called Paranoid Schizophrenia by Technological Disorder. Interesting how we can see things that aren't there while things we know exist apparently disappear from our sight....hmmm interesting as it appears to effect the general society who are being brainwashed by the media and other unconfirmed related sources.

http://en.wikipedia.org/wiki/Schizophrenia

AF6LJ
10-23-2009, 02:49 PM
N2OBS
I have to disagree
I don't want anybody in my house without permission.
It's not paranoia, I like to have control over what enters and leaves my home.

A good firewall takes care of the problem, not a software firewall but a separate standalone one.

KA7O
10-23-2009, 06:55 PM
When I was working for a local Managed Services Provider (not that long ago), I was often asked by our clients about Network, LAN, system and PC security. Over time, I came up with an analogy that helped paint a generic picture. It was often distracting and very time consuming to go into detail. After all, that's what they were paying me to do - make it right for them. Not turn them into security d00dz.

The Internet Analogy, by KA7O:
Having a broadband Internet connection is similar to being in Times Square on New Years Eve - buck naked in the middle of the crowd

You're kind of obvious - you're noticed. No matter how inconsequential you are, everyone is looking - some are pointing. A few may even be laughing. If you remain in that state, sooner than later you will become a victim - of something or other. Even if it's just the prevailing social inertia.

It's up to you to learn how to dress and behave so you don't become a victim or a target and actually enjoy what you're there for.

Same with the I-nets. You have to learn behavior (best practices) and how to dress (hardware, software and implementations) to protect yourself.

Just as there are many people in the world, many activities (not everyone is in Times Square to watch the ball fall) as well as social and cultural differences: there is no one RIGHT WAY to be safe on the I-nets. Firewalls, AV, patches, updates, configurations, OSes, Software, IDS, log reviews and more are all the various garments that can be used. For certain activities, you'll want certain garments. Depending on what you're doing, some serve better or are more appropriate than others. Not too many people ski in a bikini - but it is done, special on water.

Factoring certain generic constants - such as Windows XP - there are some generalizations that can be suggested. Still doesn't mean they are RIGHT for everyone using XP. Things like browsers, online practices, Anti-virus, firewalls, NAT, etc.

So, if you wanna go out and 'play in the street', learn how to "be careful out there" (apologies to "Sgt. Phil Esterhaus").

And for sanity's sake, put some pants on already.

N5USR
10-23-2009, 11:36 PM
If your Mac is updating time every few minutes, and it's been doing that for a while, I'd say there's something wrong with the clock in the computer! When NTP first fires up, it can update a little more often, but over time should slow down considerably (like, in a day or so at most) unless the computer clock has a lot of slew or jitter to it. I had a laptop that NTP was hard pressed to keep the time right on with many frequent updates, and a server that was so stable the thing only checked every few hours.

And if you're paranoid and think Apple's spying, point NTP to another server. If the packets keep going to Apple, you're right! :D

Just looked and I see my Macbook Pro is checking time every 512 seconds (just over 8 minutes). You can open a terminal window and run 'ntpq -p' which will show the status of the daemon. The 'poll' column is how often (in seconds) it is checking.

Okay, just watched it get past 512 seconds, and the poll time is now 1024 seconds. So it's happy with the results and is slowly increasing the time. Must get reset down when I sleep the machine - perhaps that confuses the NTP client. (The computer has been running for a few hours now, since I got home from work.)

Edit: Doing a bit more checking, it appears 1024 seconds is the longest delay by default. A config option can be added to get it to a max of 36 hours.

KA8NCR
10-24-2009, 04:10 AM
In terminal:

sudo tcpdump -i en1 -nnvvXS udp

Use en1 for your Airport card, en0 for the ethernet port.

Watch all the pretty traffic, see what it is. It's really time data...

AF6SS
10-25-2009, 02:01 PM
As stated this points to NTP data.

If you're terminal savvy, you can verify this here:



iWil:~ wil$ cat /etc/ntp.conf
server time.apple.com
iWil:~ wil$ dig +short time.apple.com
17.151.16.20
17.151.16.21
17.151.16.22
17.151.16.23
iWil:~ wil$


Additionally, you can check via System Preferences.

System Preferences --> Date & Time --> Date & Time

See if 'Set date and time automatically:" is checked and if it's set to the default of 'time.apple.com'.

You can uncheck that and it won't send NTP packets anymore, or you can change to another NTP server.

time.nist.gov is a pretty popular alternative.

AF6LJ
10-25-2009, 02:34 PM
Just looked and I see my Macbook Pro is checking time every 512 seconds (just over 8 minutes). You can open a terminal window and run 'ntpq -p' which will show the status of the daemon. The 'poll' column is how often (in seconds) it is checking.

Okay, just watched it get past 512 seconds, and the poll time is now 1024 seconds. So it's happy with the results and is slowly increasing the time. Must get reset down when I sleep the machine - perhaps that confuses the NTP client. (The computer has been running for a few hours now, since I got home from work.)

Edit: Doing a bit more checking, it appears 1024 seconds is the longest delay by default. A config option can be added to get it to a max of 36 hours.
Even 1024 seconds is way too often.
It makes me suspicious of Apple's hardware if the clock needs to be updated that often. Not to mention that updating that often is not being a good network citizen.
My router updated it's clock twice a day, I changed it to once a day after reading the log and finding it was only off by .3 milliseconds in twelve hours.
This computer only updates every fourteen days and is never more than half a minute off. Same with my TV recording box, I will manually update it once a week.

KA8NCR
10-25-2009, 07:31 PM
Even 1024 seconds is way too often.
It makes me suspicious of Apple's hardware if the clock needs to be updated that often. Not to mention that updating that often is not being a good network citizen.
My router updated it's clock twice a day, I changed it to once a day after reading the log and finding it was only off by .3 milliseconds in twelve hours.
This computer only updates every fourteen days and is never more than half a minute off. Same with my TV recording box, I will manually update it once a week.

It isn't that the hardware needs to be updated that often, I'm sure Apple is taking into account that their computers, by default, are set to go into energy savings modes. That means NTP *isn't* polling and many hardware states become undefined. Likewise, portables move in and out of network access frequently, traverse networks that may or may not permit time access, etc. Clocks drift, this fixes it. What's the big deal?

If you only update the time on your DVR once per week, I guess you don't consider accurate time a necessity. If the service is available, and Apple is willing to front the expense of having every one of their customers slamming their servers every 17 minutes for a time update, what does it matter? Greater bandwidth is wasted on far far stupider things.

N5USR
10-26-2009, 12:26 AM
Even 1024 seconds is way too often.
It makes me suspicious of Apple's hardware if the clock needs to be updated that often. Not to mention that updating that often is not being a good network citizen.

That isn't Apple's default (except by omission), that is the default for the ntpd software. Wouldn't matter whether you run Mac, Linux, or whatever else it'll compile on.

I checked my Ubuntu systems, and they don't have a setting in the config either, so they too default to a max of 1024 seconds. My older systems (running Slackware) I set the software up myself, and put in the config line to extend it out to many hours.

I do understand the defaults, though, in respect to ntpd's primary focus - it wants and tries to keep the clock accurate to within a few milliseconds. That takes a good bit more sampling to achieve, especially if the machine doesn't stay running 24x7.

AF6LJ
10-26-2009, 01:30 AM
That isn't Apple's default (except by omission), that is the default for the ntpd software. Wouldn't matter whether you run Mac, Linux, or whatever else it'll compile on.

I checked my Ubuntu systems, and they don't have a setting in the config either, so they too default to a max of 1024 seconds. My older systems (running Slackware) I set the software up myself, and put in the config line to extend it out to many hours.

I do understand the defaults, though, in respect to ntpd's primary focus - it wants and tries to keep the clock accurate to within a few milliseconds. That takes a good bit more sampling to achieve, especially if the machine doesn't stay running 24x7.
What piratical use clock accuracy better than 1 second for the average user?

KA8NCR wrote.....


It isn't that the hardware needs to be updated that often, I'm sure Apple is taking into account that their computers, by default, are set to go into energy savings modes. That means NTP *isn't* polling and many hardware states become undefined. Likewise, portables move in and out of network access frequently, traverse networks that may or may not permit time access, etc. Clocks drift, this fixes it. What's the big deal?

If you only update the time on your DVR once per week, I guess you don't consider accurate time a necessity. If the service is available, and Apple is willing to front the expense of having every one of their customers slamming their servers every 17 minutes for a time update, what does it matter? Greater bandwidth is wasted on far far stupider things.


My DVR is a dedicated computer, and keeps very good time all by itself just like this computer and my router (a linux box) They all get shut down each and every night. If I am recording a TV show I don't any more accuracy than plus and minus thirty seconds. I have a two minute overhead in my recording time.
All modern PCs have chrystal controlled clocks that run off the CMOS battery when the computer is not in use and detached from a source of power.

If there are 100,000 macs all using the default ntp settings that means that server is really busy handeling the four or five packets from each and every one of those macs. Since Apple has complete control over their operating system, I would expect better from them considering the cost of a Mac.

WB2WIK
10-26-2009, 01:55 AM
Just because you think they're after you, doesn't mean they aren't.:p

K9STH
10-26-2009, 01:59 AM
LJ:

Even though the clock in your computer is "crystal controlled" doesn't mean that it is accurate. There have been many comments over the years about the accuracy of computer clocks. The consensus is that a $10 (or cheaper) clock from Walmart is much better at keeping time than a $1000 computer.

Glen, K9STH

AF6LJ
10-26-2009, 01:25 PM
LJ:

Even though the clock in your computer is "crystal controlled" doesn't mean that it is accurate. There have been many comments over the years about the accuracy of computer clocks. The consensus is that a $10 (or cheaper) clock from Walmart is much better at keeping time than a $1000 computer.

Glen, K9STH
I understand but even those clocks based on 30KHZ chrystals don't get that far off unless the CMOS battery is nearly discharged. My main issue is with the frequency of updating said clock and unnecessary bandwidth usage.
Even a Swan VFO will stay on frequency for a while :D
I understand people's wishes regarding proper time.
One thing most people never consider is the packet latency between you and the server may be as much as 100 milliseconds one way. Your clock is only going to be good to within two tenths of a second. You can do better with that wal*mart clock setting it to WWV manually. (not much better)

Again I fall back on my orginal question;
How accurate is accurate enough for the average home user?

KA8NCR
10-26-2009, 08:50 PM
I understand but even those clocks based on 30KHZ chrystals don't get that far off unless the CMOS battery is nearly discharged. My main issue is with the frequency of updating said clock and unnecessary bandwidth usage.
Even a Swan VFO will stay on frequency for a while :D
I understand people's wishes regarding proper time.
One thing most people never consider is the packet latency between you and the server may be as much as 100 milliseconds one way. Your clock is only going to be good to within two tenths of a second. You can do better with that wal*mart clock setting it to WWV manually. (not much better)

Again I fall back on my orginal question;
How accurate is accurate enough for the average home user?

That's why there's time servers around the country, in various stratas to curb latency.

I don't know what the accuracy needs to be for the average user, I don't think that's the issue. Obviously Apple feels that it's important enough that they set their products to poll about 4 times per hour and maintain no less than 7 time servers. Undoubtedly it's done so users don't have to worry about it, ever.

Quit worrying about what other people do with their bandwidth. It's not a conspiracy by Apple to track their users. This is a waste of bandwidth no more than Windows update queries are a waste.

Back in the 80's, I was listening to a QSO on 40 meters one cold Saturday afternoon and this guy breaks in and ask if anyone knew what frequency the Swan users net met on. After a pause, one guy replied that he should just pick one and wait for the net to drift by.

(drum fill)

KJ4HMO
10-27-2009, 02:45 PM
One thing most people never consider is the packet latency between you and the server may be as much as 100 milliseconds one way.


I've never understood why the NTP client doesn't just send a couple of pings to the time server and then use the average ping time to calculate the difference to make it more accurate. Of course I'm not sure that anyone would really need to be that accurate.

AF6LJ
10-27-2009, 02:50 PM
I've never understood why the NTP client doesn't just send a couple of pings to the time server and then use the average ping time to calculate the difference to make it more accurate. Of course I'm not sure that anyone would really need to be that accurate.
If you need to be that accurate you should use WWVB, or get a standard of your own. :)

KA5LQJ
10-27-2009, 03:13 PM
It really IS a conspiracy :eek: :rolleyes:! It's the Federal Government and the space aliens spying on every keystroke. You've come under suspicion for e-mailing messages containing: Inside, [I][B]NUDE pictures of Nancy Pelosi and then not including the pictures. Shame, shame, shame, LOL! :p Jest kidding!

Over the decades, there have been stories of Bill Grates-on-my-last-Nerve and Microflatulence, spying into people's computers. Well, in a way, they are doing that now, but it's to check for pirated M$ software. As soon as I get moved (to a secret bunker inside THE DEVIL'S TOWER), I'm going to run WIN 2k Pro (the last KNOWN good M$ OS) and Ubuntu Linux. :D The computer network will ONLY go on-line as needed, once-a-day, but at different times. That should minimize my exposure, LOL!

Now, pardon me while I readjust my foil tin hat, so that the Democrats in Congress can call me a Nazi Racist, only they're wrong, I'm a red-neck NASCAR fan! <==== Tongue in cheek humor, with a chaw of Beechnut Wintergreen.

Respectfully submitted,
73,

Don/KA5LQJ

ad: dxeng