Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Wait until OP discovers smoot.apple.com ... which literally sends every single Spotlight keystroke back to Apple.

My simple solution to blocking Apple's bullshit is simply to DNS-blackhole *.apple.com ; thanks for the info on icloud-content.com , which I've added to my blacklist.

Also consider: health.apple.com ; configuration.apple.com ; icloud.com ; apple.akamaiedge.com ; apple-dns.com ; apple-cloudkit.com ; iphonesubmissions.apple.com ; idiagnostics.apple.com ; configuration.ls.apple.com ; cdn-apple.com ; and MANY MORE!

>But then hOW WiLl yOu GeT SoFtWare uPDAtEs?

I download them manually from Apple.



>Wait until OP discovers smoot.apple.com ... which literally sends every single Spotlight keystroke back to Apple.

How else will you search for stuff on the internet without sending your query to the internet?


Personally, by visiting a search engine / LLM.

I'm just-now beginning a nascent journey into running my own local LLM.


It seems that you are suggesting that iphones should contain a database of every site on the internet so they can run search queries locally, which is a bit weird, not to mention it would make it impossible for spotlight to show recent results such as football scores.


My point is, that even "disabling" spotlight outbound searches, keystrokes for local searches shouldn't still be sent into the iCloud [which they still are].

Not everybody uses Spotlight for global search. Disabling this "feature" should actually disable it.


>Wait until OP discovers smoot.apple.com ... which literally sends every single Spotlight keystroke back to Apple

But what about the hill Apple fans were willing to die on, about Apple being the most privacy focused company? Doesn't this fact go against that PoV?


Spotlight search is a live web search. It displays results as you type.


So just like the Windows start menu search that HN says is the devil's anti-feature, but when Apple does it, it's suddenly a great feature?

Do you smell that? I smell double standards and hypocrisy.


Spotlight doesn't even give you a big warning in the form of massive sponsored segments that make it clear that This Is A Web Thing Now, like the start menu search does. I had no idea that spotlight was doing this, because I only ever use spotlight to find apps or files on my local machine, and consider the web searching to be an anti-feature.

If I use the search bar on my machine, I am consciously choosing not to be searching the web.


>Spotlight doesn't even give you a big warning in the form of massive sponsored segments that make it clear that This Is A Web Thing Now, like the start menu search does.

The crux of the matter is that they both beam whatever you search for to the web based mothership, defeating your privacy, not that the UI of the search feature looks nicer in one case than the other.


My point is that I realized my keystrokes would be sent to microsoft servers when I open the start menu and click on the search field and all kinds of web BS pops up. It's a clear signal that allows you to moderate your activity. Spotlight isn't clear when you summon it that it is about to shoot your activity to Apple's servers.

It's not a binary situation. There are always degrees


Yes, but the end result is the same: anti-privacy. How it looks doesn't change the result.


>I only ever use spotlight to find apps or files on my local machine

This is how I've seen many proprietary engineers search for their own local files, not realizing that Apple now knows their company's trade secrets.


Marketing can make most people believe anything


Sometimes you will find very interesting info in the EULA/TOS. At least i found it in Apple's TOS. So the work phone is only used for authentication.


Would you be willing to share your full list?


Not in its entirety, but these are some of the more helpful "global" non-default rules I employ on some of my "more restrictive" / "less advertising" / "less tracking" PiHoles DNS resolvers:

[BLACKLIST]:

(\.|^)google-analytics\.com$

(\.|^)googlesyndication\.com$

(\.|^)googletagservices\.com$

(\.|^)google\.com$

(\.|^)douclick\.net$

(\.|^)doubleclick\.net$

(\.|^)facebook\.com$

(\.|^)fb\.com$

(\.|^)fbcdn\.net$

(\.|^)googleapis\.com$

(\.|^)disqus\.com$

(\.|^)gstatic\.com$

(\.|^)apple-dns\.net$

(\.|^)salesforceliveagent\.com$

(\.|^)salesforce\.com$

(\.|^)force\.com$

(\.|^)apple\.news$

getpocket.com

reddit.com

[WHITELIST]:

youtube-ui.l.google.com

maps.googleapis.com

maps.gstatic.com

streetviewpixels-pa.googleapis.com


Curious, do you use anything iCloud or Apple services like iMessage then? I imagine this breaks stuff…


It breaks ALL THE THINGS (no, I do not use these Apple services; SMS and calls only).

Pi-hole allows one local DNS to provide different resolutions to each client (e.g. you could have different rules for your iPhone VS computers) — but I do not differentiate against my blacklist responses.

On my networks, *.apple.com (&c) resolve immediately into the trashcan.


So why Apple instead of something like a Pixel with GrapheneOS? Again, curious.


To be fair, you don't really control where the GrapheneOS Pixel sends traffic either.

I wish there was a firewall similar to Little Snitch for phones. The only options I've seen where flimsy workarounds using the VPN service to act as a DNS filter, but then, you've got no real VPN.


Just FYI, Little Snitch DOES NOT BLOCK DNS QUERIES — it just prevents your Mac from initiating connections to the resolved IP.

e.g: if a client using Little Snitch enters new.incriminating.website into their web browser, the computer still initiates a DNS query to AND receives the IP of said URL — it is at THIS POINT that the Little Snitch dialogue pops up and asks "should we allow a connection to this server/IP?"

If this nuance is unclear to you, than just know that Little Snitch only prevents your computer from initiating connections to IP addresses, allowing the DNS resolution to happen without any user input.

----

Many people do not believe this until I show them their "blocked" URLs, as noted by a locally-running PiHole [which sees the "blocked" domain names, and resolves an IP... if you don't have PiHole rule blocking the hostname].


You are correct. I do, however, use a VPN service whose DNS servers I trust, so that is fine by me.


> I wish there was a firewall similar to Little Snitch for phones.

This reminds me how people on Windows always fight with their own computer (e.g., to disable the telemetry) instead of switching to an OS that respects you.

Same here. My phone won't prevent me from installing anything I want (including Little Snitch) and will not attempt to send any data somewhere.


What phone can you install Little Snitch (a MacOS app) on?


> an OS that respects you.

I hope you mean Linux.

Hope.


Yes, I mean GNU/Linux. Also on the phone.


At least GrapheneOS devs are transparant about it, as it should:

https://grapheneos.org/faq#default-connections


Legacy — my iPhone is circa 2012 [from my pre-PiHole, fanboi days]. When it dies, I plan to get a Lightphone (or perhaps even simpler, a la early 2000's flip phone).

I have no lifelong plans for utilizing either Google or MSFT products.


I have no plans to emulate your setup, but mad props to you for putting the phone back into iPhone.


Wouldn't it be easier to unblock some sites for updates instead of doing it manually?


I can't follow you want to search the internet but not send anything to the internet?


I want to search the local computer, to launch an app, not search the internet.


You can deactivate online search...


My PiHole "determines... this is NOT the case" [read in MauryP's voice].

So I have all my telemetry and search options "DISABLED," and PiHole still sinks hundreds of *.apple.com requests, daily (mostly to smoot/icloud).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: