Safari 4's Messy Trail

← Back to Stories (view on slashdot.org)

Posted by kdawson on Saturday May 23, 2009 @07:53AM from the if-disk-space-were-infinite-and-free dept.

Signum Ignitum writes "Safari 4 comes with a slew of cool new features, but extensive data generation combined with poor cleanup make for a data trail that's a privacy nightmare. Hidden files with screenshots of your history, files that point back to Web pages you've visited and cleared from your history, and thousands of XML files that track the changes in the pages in your Top Sites can add up to gigabytes of information you didn't know was kept about you." Some of Safari's bloat is kept in quite obscure locations; it takes a fairly knowledgeable user to find it and clean it up. You can avoid some of the worst of it by disabling Top Sites.

35 of 200 comments (clear)

Advert co-incidence by ZERO1ZERO · 2009-05-23 07:57 · Score: 3, Interesting

Is it only I that see ths advert for 'Clean you Mac' in the panel beside the summary?
(frosty piss)
1. Re:Advert co-incidence by Silas+is+back · 2009-05-23 09:48 · Score: 4, Funny
  
  Keywords:
  Did, not, get, joke
  
  --
  this sig is useless
2. Re:Advert co-incidence by centuren · 2009-05-23 20:41 · Score: 4, Insightful
  
  Not any more. If you're a good boy, you get to disable ads on /. while you're logged in. I now just get a little box saying "Ads disabled [tick] Thanks again for helping make Slashdot great!".
  Dear Slashdot policy makers,
  The feature introduced to allow active participants the option of disabling advertisements on the site has to be one of the most awesome things I've seen implemented re: ads on community driven sites.
  Keep the great ideas coming.
Oh that Apple by wampus · 2009-05-23 07:59 · Score: 5, Funny

I for one like it because it is so innovative and it fits in well with my hip, young lifestyle.
Safari does clean up after itself. by ozzmosis · 2009-05-23 08:05 · Score: 5, Interesting

There is a "Empty Cache" button under the "Safari" menu.
Before "Empty Cache"
ahze:/private/var/folders/zz/zzzivhrRnAmviuee++31gU+-Ev6/-Caches-/com.apple.Safari ahze$ du -sh
129M .
After "Empty Cache"
ahze:/private/var/folders/zz/zzzivhrRnAmviuee++31gU+-Ev6/-Caches-/com.apple.Safari ahze$ du -sh
32K .
1. Re:Safari does clean up after itself. by Anonymous Coward · 2009-05-23 08:25 · Score: 5, Funny
  
  Yes but that last 32k is the EVIL 32k
2. Re:Safari does clean up after itself. by mallumax · 2009-05-23 08:47 · Score: 4, Informative
  
  "Empty cache", doesn't delete everything.
  before: 737M -Caches-
  after: 571M -Caches-
  This is seriously fucked up.
  
  --
  TechSutra
3. Re:Safari does clean up after itself. by Ilgaz · 2009-05-23 09:03 · Score: 4, Informative
  
  /var/folders is generally folder for storing possibly sensitive data of ANY application. I don't know the exact reason of why some files are cached there and some in ordinary caches folder but I mean it is NOT just Safari cache. There could be caches of anything, any program.
  It could be decided like ''If a program binary is signed and it connects to net'' by core OS itself. Again, it is just a very rough guess.
  Did you really expect 700+ MB of Cache from a browser? It indeed cleaned its Cache and didn't touch other applications files. /var/folders is just randomized (sandboxed in future?) temp dir. Nothing exclusive to Safari or any other program.
4. Re:Safari does clean up after itself. by monktus · 2009-05-23 09:13 · Score: 5, Funny
  
  32k of evil ought to be good enough for anybody.
  
  --
  Weaseling out of things is important to learn. It's what separates us from the animals... except the weasel."
5. Re:Safari does clean up after itself. by Anonymous Coward · 2009-05-23 10:57 · Score: 5, Insightful
  
  You're not seriously considering Chrome over Safari for privacy reasons?
6. Re:Safari does clean up after itself. by CarpetShark · 2009-05-23 12:27 · Score: 3, Funny
  
  32k of evil ought to be good enough for anybody.
  Unless you're called Bill, in which case you'll want around 640k of evil.
7. Re:Safari does clean up after itself. by dangitman · 2009-05-23 14:14 · Score: 4, Insightful
  
  Jeeze, seriously, I didn't even RTFA but I noticed TFS said Safari 4 was generating potentially gigabytes of cached info, which it did -not- delete when you "cleaned" the cache.
  Yeah, slashdot summaries are known for being highly accurate and reliable, and not at all sensationalistic. Of course, anything could potentially generate gigabytes of data. My text editor could do it if I had enough monkeys. But is the average Safari user's cache weighing in at several gigabytes? I don't think so. That was just put there to cause alarm for attention-getting reasons.
  
  --
  ... and then they built the supercollider.
8. Re:Safari does clean up after itself. by Ilgaz · 2009-05-23 22:52 · Score: 3, Informative
  
  I would do it in single user mode (Apple key+S on boot). What people (and that blog) doesn't understand is, that structure doesn't only carry Safari caches. There are some system caches, font caches and caches of OTHER users there.
  Also they didn't even bother to check the new method of Safari (and other webkit) cache creation. They now create the file in a reasonable (64MB here) size and fill it with zeros.It is a flat file, I guess one of the reasons is to prevent fragmentation.
  Safari does a good job cleaning it. The reason is ''force quit'' and similar. If it loses track of its own file, it (in fact, OS) re-creates in another random dir and they all add up.
At least it is not windows temp by linzeal · 2009-05-23 08:06 · Score: 5, Funny

Windows temp (/username/appdata/local/temp) which if not cleaned can hold every single unzipped file/torrent/etc since you installed the operating system. Just cleaned up a computer at a friend's house that was nearing 200 gigs in temp from mostly anime porn avi he downloaded and unzipped. I showed his gf some of the stuff thinking it was funny and was told to leave the house, he was not very happy either. Damn kids, lol.

--
An Education is the Font of All Liberty
1. Re:At least it is not windows temp by Runaway1956 · 2009-05-23 10:07 · Score: 4, Interesting
  
  Am I the only one who changes the temp directories immediately after installation? C:\tmp for both user and windows temporary folder. I clear it frequently. Sometimes, stuff just doesn't WANT to delete, so I start in safe mode, and delete it anyway. No computer has the right to store data that I consider "sensitive". Anime porn, government subversion, or funding for the most outstanding charity in the world, it is MY business, and no one else's. People should learn what the environment variables are for, and use them intelligently - whether they use Mac, Windows, or *nix
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
2. Re:At least it is not windows temp by wipeMyButt · 2009-05-23 10:16 · Score: 5, Insightful
  
  And this has what to do with Safari's shockingly poor behavior?
  Why is it that everyone's response to any sort of problem is "Windows is worse"? If someone described a serious flaw in say, a Prius, would your response be, "Yeah, but Honda sucks."
  I'm not trying to excuse crappy design problems in Windows, but when is Apple going to lose this untouchable luster and take it's lumps along with everyone else?
3. Re:At least it is not windows temp by ya+really · 2009-05-23 12:14 · Score: 3, Interesting
  
  Probably one of the best ways I've found to deal with temp stuff (if you have enough ram) is to create a ram drive and throw your web cache, page file, and all temp files on there. At least that way when you reboot, they're all gone.
  This method works great with Opera or Firefox, but as far as I know, Safari does not let you change the location of it's cache. In Opera, just type opera:config and then search for cache, in firefox, just type about:config and then it's a matter of adding a string to the config (google if you would like to know more).
  Aside from keeping pesky temp files from building up, this also helps to cut down on disk fragmentation because many of your most modified files will now be isolated on a ram disk and ram doesn't really have any loss compared to a hard disk for fragmentation.
4. Re:At least it is not windows temp by thePowerOfGrayskull · 2009-05-23 15:05 · Score: 3, Informative
  
  Why change it? %TEMP% in the address bar will take you there every time, straightaway... doing that ensures you can find all of your temp files (including those from apps that make assumptions about the location of the temp folder, instead of obtaining it properly.)
Mac abstraction affects the non-savvy... by ruphus13 · 2009-05-23 08:07 · Score: 5, Insightful

The big value-proposition of the Mac has been that it is easy for the non-geeky user to use. Unfortunately, things like these make those very users vulnerable. Without exposing easy ways to flush potentially sensitive and private information, it is the same users Apple attempts to serve that will be exposed. And, this will probably be the default browser for most new systems, so unless this is patched, expect the problem to proliferate...
1. Re:Mac abstraction affects the non-savvy... by Ilgaz · 2009-05-23 08:57 · Score: 4, Interesting
  
  But is there really anything to fix besides the files getting into the /var/folders on secure home dir scenarios?
  Browsers cache/store history since they were invented and that click happy site found there is a treasure there. Well, that is why Apple spits files to the randomized and soon to be more secure caches dir. The breach (!) requires someone sitting on your chair and browsing your Caches. It is the same formula for getting Mac fanatics attention and unfortunately every time, it works.
  What will they do? 128 bit encrypt general public jpegs? Not that it can't be done, just enable filevault or whatever equivalent on Windows.
  time.
2. Re:Mac abstraction affects the non-savvy... by node+3 · 2009-05-23 11:28 · Score: 3, Informative
  
  Sorry, the menu item is "Safari -> Reset Safari..." where the option is to "Remove all webpage preview images".
beta software by commodoresloat · 2009-05-23 08:07 · Score: 4, Insightful

Keep in mind this is a beta, folks; if you're using it, you're presumably volunteering to help inform Apple about stuff like this. So in addition to letting everyone else know safari is doing this, it might be a good idea to let Apple know that it is unacceptable in a web browser. Presumably the company released the beta in order to solicit just this kind of information from its users; hopefully enough concern from users will lead them to take these "features" out of the final release candidate.
1. Re:beta software by node+3 · 2009-05-23 08:56 · Score: 3, Insightful
  
  Please don't do this. This "unacceptable in a web browser" feature is fantastic, and if you still find it unacceptable, you can turn it off. I, personally, find it a very nice touch.
2. Re:beta software by falcon5768 · 2009-05-23 10:02 · Score: 4, Insightful
  
  um yes, they should. Thats the WHOLE POINT of a beta, that you are testing it in a real world, uncontrolled environment with all the risks it entails.
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
3. Re:beta software by node+3 · 2009-05-23 11:36 · Score: 4, Insightful
  
  putting screenshots of websites you visit outside your home directory is a fantastic feature?
  You're referring to an implementation detail, not a feature. The feature is the web page previews. Whether they are stored in /var or in ~/Library has no effect on the feature, but does affect the underlying implementation of it.
  By all means, put the previews in the ~/Library folder. By all means, file a bug report about this detail, but don't request the removal the feature.
  
  wow i sense the RDF is strong in this one
  Correct, because as we all know, nothing bolsters a straw man like ad hominem.
4. Re:beta software by alanQuatermain · 2009-05-23 12:23 · Score: 4, Informative
  
  Would anyone care to look at the permissions on the -Caches- folder in question? I know, it'll make it harder to spout hyperbole about security, but it could be instructional I think:
  MacBook-Pro:1tUM+kJcGEqwqSH2bBdLR++++TI jim$ pwd /var/folders/1t/1tUM+kJcGEqwqSH2bBdLR++++TI MacBook-Pro:1tUM+kJcGEqwqSH2bBdLR++++TI jim$ ls -l total 0 drwx------ 92 jim staff 3128 12 May 20:53 -Caches- drwx------ 13 jim staff 442 23 May 20:12 -Tmp-
  As you can see, the permissions on the -Caches- folder mean it's only readable by the owner, namely the current user. So it has the same protections as something inside the user's home folder. Also, by benefit of being in /var/folders/xxxx/-Caches- the operating system can clean this out more or less upon a whim-- this is, after all, the purpose of temporary folders and caches.
Oh expoitable by johncandale · 2009-05-23 08:14 · Score: 5, Interesting

The real scary part of this for me is not the government, more on that in a sec, but your girlfriend/boyfriend/housemate. Anyone who feels like he/she wants to do some snooping now has a treasure chest of stuff to take out of context.

I hope no one here is naive enough to use the "if you have nothing to hide..." line.

Getting back to the government, most cases are not high profile law&order style procedural deals. I could easily see local lawyers taking porn sites as evidence you killed her, technology sites as evidence you were researching bombs, map sites that you were researching crimes, and I can see local judges allowing it, and local jury's believing it.

Of course they could get most of this from ISP logs, but that would be just that much harder to get, and wouldn't come with screen shots.
1. Re:Oh expoitable by node+3 · 2009-05-23 09:01 · Score: 4, Informative
  
  The real scary part of this for me is not the government, more on that in a sec, but your girlfriend/boyfriend/housemate. Anyone who feels like he/she wants to do some snooping now has a treasure chest of stuff to take out of context.
  
  They've always had this. It's called "History" and "Temporary Internet Files". The only difference here is Safari has added screenshots.
  If you're that worried, you can enter Private Browsing mode, you can selectively clear out parts of your history (and cache and screenshots), entirely clear out all of the above (including cookies), or just turn the feature off in the first place.
2. Re:Oh expoitable by phantomfive · 2009-05-23 09:10 · Score: 3, Insightful
  
  The real scary part of this for me is not the government, more on that in a sec, but your girlfriend/boyfriend/housemate. Anyone who feels like he/she wants to do some snooping now has a treasure chest of stuff to take out of context.
  
  If you are seriously worried about those people snooping around in your computer like that, you have serious problems. You're supposed to be able to trust your girlfriend. If you can't, you may consider getting a new one, because she's going to cheat/breakup before long.
  
  Can't always do as much for your housemate, but if you are seriously worried about them snooping around in your computer, you ought to password protect your computer. And get a lock for your bedroom.
  
  Getting back to the government, most cases are not high profile law&order style procedural deals. I could easily see local lawyers taking porn sites as evidence you killed her, technology sites as evidence you were researching bombs, map sites that you were researching crimes, and I can see local judges allowing it, and local jury's believing it.
  
  What exactly are you planning on doing that you will end up in such a situation? Judges typically don't allow evidence that is not directly related to the case, so if you're worried about being framed for killing your girlfriend with a pipebomb at a popular geocaching site I can see why you're worried, but most people don't have that problem. Oh, maybe this goes back to your weird housemate thing again?
  
  --
  Qxe4
Oh well... by PopeRatzo · 2009-05-23 09:16 · Score: 5, Funny

...a data trail that's a privacy nightmare...gigabytes of information you didn't know was kept about you.
Remember those famous Apple "1984" advertisements where they're the young, free person breaking out of the crushing tyranny of Big Brother?

--
You are welcome on my lawn.
Bullshit scaremongering. by Anonymous Coward · 2009-05-23 09:19 · Score: 5, Insightful

Use "Private Browsing" mode and this junk won't get in your history in the first place for you to need to delete it. The end. Meanwhile, fulltext searching of your history is hella convenient.
Re:Why would you use Safari anyway? by UnConeD · 2009-05-23 09:23 · Score: 5, Insightful
Here's why I use and love Safari 4 on OS X. And yes, I am a huge geek who hacks code for a living.
- It's bloody fast, in every way. From loading speed, to rendering speed, to JavaScript execution to Canvas rendering. Firefox does not compare, and Chrome still isn't available for Mac.
- Full-text indexing of your history + thumbnails are a life saver for finding that one blog post or article that you read 3 days ago but can't remember the URL to or find on Google (because the site's SEO sucks). Coverflowing through a set of thumbnails lets you identify specific pages really quickly if you've seen them before. It really is waaay more than just a cool effect.
- Safari has the best web standards support and includes a bunch of awesome proposed features on top of that. Web fonts, box/text shadows (+ rounded corners), css transforms, border image, etc. It's awesome fun to develop on.
- It is the most polished browser on OS X, by far. The scrolling is butter-smooth and feels analog (multitouch trackpad++), the form widgets feel like real Aqua, the textareas are resizable, the font rendering is the most consistent.
For me, Safari provides the best web experience. For you, Firefox 3 is the sweet spot. Why can't you just accept that people have differing priorities and requirements, instead of smugly deriding others for using a "miserable little browser"? If you want to hate on a browser, hate on IE. At least there's demonstrable evidence of how IE has damaged the web. Us Safari users are doing just fine.
Okay, this is ridiculous. by geekboy642 · 2009-05-23 10:03 · Score: 3, Insightful

Everybody on here needs to grow up. You're whining and crying about your browser keeping a history of your browsing. That's been an accepted feature for over a decade. Only now, you've got a porn mode so it doesn't keep a history. That's new. Why are you wanking fools whining about a browser cache now? Are you seriously crying that a file on your computer might have a screenshot of where you've been on the web? Really? I've got a hint for you: NOBODY CARES ABOUT YOUR DONKEY PORN.
Don't bother responding, I've already answered your objections:
"Oh, but Geekboy, I live in a totalitarian regime, and I'm a freedom activist! They monitor everything I do!" Your browser history is the absolute last place the KGB is gonna look for information. They'll talk to your neighbors, your boss, your parents, and probably drag you in for interrogation before they even consider looking in your history.
"Oh, but Geekboy, I just love looking at little kids! It's not sexual at all, it just makes me happy!" Do like pedophiles have done since the middle ages: become a priest. Get it off the internet, those parents' groups and TV shows are really annoying. Also, same thing as in the KGB. Even if they don't catch you in an actual sting, they'll grab your stacks of CDs and piles of imported manga way before they give a rats ass about your browser.
Now mod me down, and prove you're all pathologically paranoid morons.

--
Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
let me get this straight by mzs · 2009-05-23 13:44 · Score: 3, Informative

The whole commotion is that temporary files are stored under per user only readable subdirs of /var instead of under ~/Library? I don't know about you but my home dir is mounted from a server. That seems a whole lot more secure (and efficient) to put that in a place more or less guaranteed to be local and not exported. It seems to me some people just have to learn about another place temporary data can appear. Also where it is makes it really easy to just rm -rf all of it when they want to.
/var by jbolden · 2009-05-23 15:36 · Score: 3, Insightful

Call me a crotchity old unix head but I'm very happy that Apple is using /var for cache information and not /Users/username/Library/Caches.... in fact i think that whole directory should point to /var.
I'd love to be able to partition my /var stuff off like I do in Linux. So if Apple is moving in this direction and keeps it up, good.