This morning, The Washington Post called out an unexpected privacy concern in Apple's new Yosemite operating system. Apple's Spotlight application, previously used to index material on a user's hard drive, has added a new Suggestions feature that points to external sites relevant to a given search term. As the Post article points out, that means search terms have to be transmitted back to Apple with a lot of extra information, including location data that the Post found to be precise enough to pin down a specific building.
On closer inspection, many of the claims are less damning than they seem
The biggest concern is that a user might accidentally search their own computer for a sensitive file — in Post reporter Barton Gellman's example, "secret plans Obama leaked me" — and unwittingly reveal that search term to Apple more broadly. But under the new scheme, there wouldn't be anything to tie the search to Gellman himself other than the ephemeral ID. More importantly, users who are concerned about such a scenario can easily disable Spotlight's Suggestions feature, effectively disabling the attack.
Update October 20th, 8:28PM: Apple has further detailed how Spotlight Suggestions work behind the scenes. In a statement to The Verge, the company says it's taken steps to "blur" location on devices, use temporary session identifiers, and let people opt out of the feature completely:
We are absolutely committed to protecting our users' privacy and have built privacy right into our products. For Spotlight Suggestions we minimize the amount of information sent to Apple. Apple doesn't retain IP addresses from users' devices. Spotlight blurs the location on the device so it never sends an exact location to Apple. Spotlight doesn't use a persistent identifier, so a user's search history can't be created by Apple or anyone else. Apple devices only use a temporary anonymous session ID for a 15-minute period before the ID is discarded.
We also worked closely with Microsoft to protect our users' privacy. Apple forwards only commonly searched terms and only city-level location information to Bing. Microsoft does not store search queries or receive users' IP addresses.
You can also easily opt out of Spotlight Suggestions, Bing or Location Services for Spotlight.