Slashdot Mirror

← Back to Stories (view on slashdot.org)

Safari 4's Messy Trail

Posted by kdawson on from the if-disk-space-were-infinite-and-free dept.

Signum Ignitum writes "Safari 4 comes with a slew of cool new features, but extensive data generation combined with poor cleanup make for a data trail that's a privacy nightmare. Hidden files with screenshots of your history, files that point back to Web pages you've visited and cleared from your history, and thousands of XML files that track the changes in the pages in your Top Sites can add up to gigabytes of information you didn't know was kept about you." Some of Safari's bloat is kept in quite obscure locations; it takes a fairly knowledgeable user to find it and clean it up. You can avoid some of the worst of it by disabling Top Sites.

8 of 200 comments (clear)

  1. Re:Safari does clean up after itself. by mallumax · · Score: 4, Informative

    "Empty cache", doesn't delete everything.
    before: 737M -Caches-
    after: 571M -Caches-
    This is seriously fucked up.

    --
    TechSutra
  2. Re:Oh expoitable by node+3 · · Score: 4, Informative

    The real scary part of this for me is not the government, more on that in a sec, but your girlfriend/boyfriend/housemate. Anyone who feels like he/she wants to do some snooping now has a treasure chest of stuff to take out of context.

    They've always had this. It's called "History" and "Temporary Internet Files". The only difference here is Safari has added screenshots.

    If you're that worried, you can enter Private Browsing mode, you can selectively clear out parts of your history (and cache and screenshots), entirely clear out all of the above (including cookies), or just turn the feature off in the first place.

  3. Re:Safari does clean up after itself. by Ilgaz · · Score: 4, Informative

    /var/folders is generally folder for storing possibly sensitive data of ANY application. I don't know the exact reason of why some files are cached there and some in ordinary caches folder but I mean it is NOT just Safari cache. There could be caches of anything, any program.

    It could be decided like ''If a program binary is signed and it connects to net'' by core OS itself. Again, it is just a very rough guess.

    Did you really expect 700+ MB of Cache from a browser? It indeed cleaned its Cache and didn't touch other applications files. /var/folders is just randomized (sandboxed in future?) temp dir. Nothing exclusive to Safari or any other program.

  4. Re:Mac abstraction affects the non-savvy... by node+3 · · Score: 3, Informative

    Sorry, the menu item is "Safari -> Reset Safari..." where the option is to "Remove all webpage preview images".

  5. Re:beta software by alanQuatermain · · Score: 4, Informative

    Would anyone care to look at the permissions on the -Caches- folder in question? I know, it'll make it harder to spout hyperbole about security, but it could be instructional I think:

    MacBook-Pro:1tUM+kJcGEqwqSH2bBdLR++++TI jim$ pwd
    /var/folders/1t/1tUM+kJcGEqwqSH2bBdLR++++TI
    MacBook-Pro:1tUM+kJcGEqwqSH2bBdLR++++TI jim$ ls -l
    total 0
    drwx------ 92 jim staff 3128 12 May 20:53 -Caches-
    drwx------ 13 jim staff 442 23 May 20:12 -Tmp-

    As you can see, the permissions on the -Caches- folder mean it's only readable by the owner, namely the current user. So it has the same protections as something inside the user's home folder. Also, by benefit of being in /var/folders/xxxx/-Caches- the operating system can clean this out more or less upon a whim-- this is, after all, the purpose of temporary folders and caches.

  6. let me get this straight by mzs · · Score: 3, Informative

    The whole commotion is that temporary files are stored under per user only readable subdirs of /var instead of under ~/Library? I don't know about you but my home dir is mounted from a server. That seems a whole lot more secure (and efficient) to put that in a place more or less guaranteed to be local and not exported. It seems to me some people just have to learn about another place temporary data can appear. Also where it is makes it really easy to just rm -rf all of it when they want to.

  7. Re:At least it is not windows temp by thePowerOfGrayskull · · Score: 3, Informative

    Why change it? %TEMP% in the address bar will take you there every time, straightaway... doing that ensures you can find all of your temp files (including those from apps that make assumptions about the location of the temp folder, instead of obtaining it properly.)

  8. Re:Safari does clean up after itself. by Ilgaz · · Score: 3, Informative

    I would do it in single user mode (Apple key+S on boot). What people (and that blog) doesn't understand is, that structure doesn't only carry Safari caches. There are some system caches, font caches and caches of OTHER users there.

    Also they didn't even bother to check the new method of Safari (and other webkit) cache creation. They now create the file in a reasonable (64MB here) size and fill it with zeros.It is a flat file, I guess one of the reasons is to prevent fragmentation.

    Safari does a good job cleaning it. The reason is ''force quit'' and similar. If it loses track of its own file, it (in fact, OS) re-creates in another random dir and they all add up.