Safari 4's Messy Trail

← Back to Stories (view on slashdot.org)

Posted by kdawson on Saturday May 23, 2009 @07:53AM from the if-disk-space-were-infinite-and-free dept.

Signum Ignitum writes "Safari 4 comes with a slew of cool new features, but extensive data generation combined with poor cleanup make for a data trail that's a privacy nightmare. Hidden files with screenshots of your history, files that point back to Web pages you've visited and cleared from your history, and thousands of XML files that track the changes in the pages in your Top Sites can add up to gigabytes of information you didn't know was kept about you." Some of Safari's bloat is kept in quite obscure locations; it takes a fairly knowledgeable user to find it and clean it up. You can avoid some of the worst of it by disabling Top Sites.

24 of 200 comments (clear)

Oh that Apple by wampus · 2009-05-23 07:59 · Score: 5, Funny

I for one like it because it is so innovative and it fits in well with my hip, young lifestyle.
Safari does clean up after itself. by ozzmosis · 2009-05-23 08:05 · Score: 5, Interesting

There is a "Empty Cache" button under the "Safari" menu.
Before "Empty Cache"
ahze:/private/var/folders/zz/zzzivhrRnAmviuee++31gU+-Ev6/-Caches-/com.apple.Safari ahze$ du -sh
129M .
After "Empty Cache"
ahze:/private/var/folders/zz/zzzivhrRnAmviuee++31gU+-Ev6/-Caches-/com.apple.Safari ahze$ du -sh
32K .
1. Re:Safari does clean up after itself. by Anonymous Coward · 2009-05-23 08:25 · Score: 5, Funny
  
  Yes but that last 32k is the EVIL 32k
2. Re:Safari does clean up after itself. by mallumax · 2009-05-23 08:47 · Score: 4, Informative
  
  "Empty cache", doesn't delete everything.
  before: 737M -Caches-
  after: 571M -Caches-
  This is seriously fucked up.
  
  --
  TechSutra
3. Re:Safari does clean up after itself. by Ilgaz · 2009-05-23 09:03 · Score: 4, Informative
  
  /var/folders is generally folder for storing possibly sensitive data of ANY application. I don't know the exact reason of why some files are cached there and some in ordinary caches folder but I mean it is NOT just Safari cache. There could be caches of anything, any program.
  It could be decided like ''If a program binary is signed and it connects to net'' by core OS itself. Again, it is just a very rough guess.
  Did you really expect 700+ MB of Cache from a browser? It indeed cleaned its Cache and didn't touch other applications files. /var/folders is just randomized (sandboxed in future?) temp dir. Nothing exclusive to Safari or any other program.
4. Re:Safari does clean up after itself. by monktus · 2009-05-23 09:13 · Score: 5, Funny
  
  32k of evil ought to be good enough for anybody.
  
  --
  Weaseling out of things is important to learn. It's what separates us from the animals... except the weasel."
5. Re:Safari does clean up after itself. by Anonymous Coward · 2009-05-23 10:57 · Score: 5, Insightful
  
  You're not seriously considering Chrome over Safari for privacy reasons?
6. Re:Safari does clean up after itself. by dangitman · 2009-05-23 14:14 · Score: 4, Insightful
  
  Jeeze, seriously, I didn't even RTFA but I noticed TFS said Safari 4 was generating potentially gigabytes of cached info, which it did -not- delete when you "cleaned" the cache.
  Yeah, slashdot summaries are known for being highly accurate and reliable, and not at all sensationalistic. Of course, anything could potentially generate gigabytes of data. My text editor could do it if I had enough monkeys. But is the average Safari user's cache weighing in at several gigabytes? I don't think so. That was just put there to cause alarm for attention-getting reasons.
  
  --
  ... and then they built the supercollider.
At least it is not windows temp by linzeal · 2009-05-23 08:06 · Score: 5, Funny

Windows temp (/username/appdata/local/temp) which if not cleaned can hold every single unzipped file/torrent/etc since you installed the operating system. Just cleaned up a computer at a friend's house that was nearing 200 gigs in temp from mostly anime porn avi he downloaded and unzipped. I showed his gf some of the stuff thinking it was funny and was told to leave the house, he was not very happy either. Damn kids, lol.

--
An Education is the Font of All Liberty
1. Re:At least it is not windows temp by Runaway1956 · 2009-05-23 10:07 · Score: 4, Interesting
  
  Am I the only one who changes the temp directories immediately after installation? C:\tmp for both user and windows temporary folder. I clear it frequently. Sometimes, stuff just doesn't WANT to delete, so I start in safe mode, and delete it anyway. No computer has the right to store data that I consider "sensitive". Anime porn, government subversion, or funding for the most outstanding charity in the world, it is MY business, and no one else's. People should learn what the environment variables are for, and use them intelligently - whether they use Mac, Windows, or *nix
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
2. Re:At least it is not windows temp by wipeMyButt · 2009-05-23 10:16 · Score: 5, Insightful
  
  And this has what to do with Safari's shockingly poor behavior?
  Why is it that everyone's response to any sort of problem is "Windows is worse"? If someone described a serious flaw in say, a Prius, would your response be, "Yeah, but Honda sucks."
  I'm not trying to excuse crappy design problems in Windows, but when is Apple going to lose this untouchable luster and take it's lumps along with everyone else?
Mac abstraction affects the non-savvy... by ruphus13 · 2009-05-23 08:07 · Score: 5, Insightful

The big value-proposition of the Mac has been that it is easy for the non-geeky user to use. Unfortunately, things like these make those very users vulnerable. Without exposing easy ways to flush potentially sensitive and private information, it is the same users Apple attempts to serve that will be exposed. And, this will probably be the default browser for most new systems, so unless this is patched, expect the problem to proliferate...
1. Re:Mac abstraction affects the non-savvy... by Ilgaz · 2009-05-23 08:57 · Score: 4, Interesting
  
  But is there really anything to fix besides the files getting into the /var/folders on secure home dir scenarios?
  Browsers cache/store history since they were invented and that click happy site found there is a treasure there. Well, that is why Apple spits files to the randomized and soon to be more secure caches dir. The breach (!) requires someone sitting on your chair and browsing your Caches. It is the same formula for getting Mac fanatics attention and unfortunately every time, it works.
  What will they do? 128 bit encrypt general public jpegs? Not that it can't be done, just enable filevault or whatever equivalent on Windows.
  time.
beta software by commodoresloat · 2009-05-23 08:07 · Score: 4, Insightful

Keep in mind this is a beta, folks; if you're using it, you're presumably volunteering to help inform Apple about stuff like this. So in addition to letting everyone else know safari is doing this, it might be a good idea to let Apple know that it is unacceptable in a web browser. Presumably the company released the beta in order to solicit just this kind of information from its users; hopefully enough concern from users will lead them to take these "features" out of the final release candidate.
1. Re:beta software by falcon5768 · 2009-05-23 10:02 · Score: 4, Insightful
  
  um yes, they should. Thats the WHOLE POINT of a beta, that you are testing it in a real world, uncontrolled environment with all the risks it entails.
  
  --
  "Slashdot, where telling the truth is overrated but lying is insightful."
2. Re:beta software by node+3 · 2009-05-23 11:36 · Score: 4, Insightful
  
  putting screenshots of websites you visit outside your home directory is a fantastic feature?
  You're referring to an implementation detail, not a feature. The feature is the web page previews. Whether they are stored in /var or in ~/Library has no effect on the feature, but does affect the underlying implementation of it.
  By all means, put the previews in the ~/Library folder. By all means, file a bug report about this detail, but don't request the removal the feature.
  
  wow i sense the RDF is strong in this one
  Correct, because as we all know, nothing bolsters a straw man like ad hominem.
3. Re:beta software by alanQuatermain · 2009-05-23 12:23 · Score: 4, Informative
  
  Would anyone care to look at the permissions on the -Caches- folder in question? I know, it'll make it harder to spout hyperbole about security, but it could be instructional I think:
  MacBook-Pro:1tUM+kJcGEqwqSH2bBdLR++++TI jim$ pwd /var/folders/1t/1tUM+kJcGEqwqSH2bBdLR++++TI MacBook-Pro:1tUM+kJcGEqwqSH2bBdLR++++TI jim$ ls -l total 0 drwx------ 92 jim staff 3128 12 May 20:53 -Caches- drwx------ 13 jim staff 442 23 May 20:12 -Tmp-
  As you can see, the permissions on the -Caches- folder mean it's only readable by the owner, namely the current user. So it has the same protections as something inside the user's home folder. Also, by benefit of being in /var/folders/xxxx/-Caches- the operating system can clean this out more or less upon a whim-- this is, after all, the purpose of temporary folders and caches.
Oh expoitable by johncandale · 2009-05-23 08:14 · Score: 5, Interesting

The real scary part of this for me is not the government, more on that in a sec, but your girlfriend/boyfriend/housemate. Anyone who feels like he/she wants to do some snooping now has a treasure chest of stuff to take out of context.

I hope no one here is naive enough to use the "if you have nothing to hide..." line.

Getting back to the government, most cases are not high profile law&order style procedural deals. I could easily see local lawyers taking porn sites as evidence you killed her, technology sites as evidence you were researching bombs, map sites that you were researching crimes, and I can see local judges allowing it, and local jury's believing it.

Of course they could get most of this from ISP logs, but that would be just that much harder to get, and wouldn't come with screen shots.
1. Re:Oh expoitable by node+3 · 2009-05-23 09:01 · Score: 4, Informative
  
  The real scary part of this for me is not the government, more on that in a sec, but your girlfriend/boyfriend/housemate. Anyone who feels like he/she wants to do some snooping now has a treasure chest of stuff to take out of context.
  
  They've always had this. It's called "History" and "Temporary Internet Files". The only difference here is Safari has added screenshots.
  If you're that worried, you can enter Private Browsing mode, you can selectively clear out parts of your history (and cache and screenshots), entirely clear out all of the above (including cookies), or just turn the feature off in the first place.
Oh well... by PopeRatzo · 2009-05-23 09:16 · Score: 5, Funny

...a data trail that's a privacy nightmare...gigabytes of information you didn't know was kept about you.
Remember those famous Apple "1984" advertisements where they're the young, free person breaking out of the crushing tyranny of Big Brother?

--
You are welcome on my lawn.
Bullshit scaremongering. by Anonymous Coward · 2009-05-23 09:19 · Score: 5, Insightful

Use "Private Browsing" mode and this junk won't get in your history in the first place for you to need to delete it. The end. Meanwhile, fulltext searching of your history is hella convenient.
Re:Why would you use Safari anyway? by UnConeD · 2009-05-23 09:23 · Score: 5, Insightful
Here's why I use and love Safari 4 on OS X. And yes, I am a huge geek who hacks code for a living.
- It's bloody fast, in every way. From loading speed, to rendering speed, to JavaScript execution to Canvas rendering. Firefox does not compare, and Chrome still isn't available for Mac.
- Full-text indexing of your history + thumbnails are a life saver for finding that one blog post or article that you read 3 days ago but can't remember the URL to or find on Google (because the site's SEO sucks). Coverflowing through a set of thumbnails lets you identify specific pages really quickly if you've seen them before. It really is waaay more than just a cool effect.
- Safari has the best web standards support and includes a bunch of awesome proposed features on top of that. Web fonts, box/text shadows (+ rounded corners), css transforms, border image, etc. It's awesome fun to develop on.
- It is the most polished browser on OS X, by far. The scrolling is butter-smooth and feels analog (multitouch trackpad++), the form widgets feel like real Aqua, the textareas are resizable, the font rendering is the most consistent.
For me, Safari provides the best web experience. For you, Firefox 3 is the sweet spot. Why can't you just accept that people have differing priorities and requirements, instead of smugly deriding others for using a "miserable little browser"? If you want to hate on a browser, hate on IE. At least there's demonstrable evidence of how IE has damaged the web. Us Safari users are doing just fine.
Re:Advert co-incidence by Silas+is+back · 2009-05-23 09:48 · Score: 4, Funny

Keywords:
Did, not, get, joke

--
this sig is useless
Re:Advert co-incidence by centuren · 2009-05-23 20:41 · Score: 4, Insightful

Not any more. If you're a good boy, you get to disable ads on /. while you're logged in. I now just get a little box saying "Ads disabled [tick] Thanks again for helping make Slashdot great!".
Dear Slashdot policy makers,
The feature introduced to allow active participants the option of disabling advertisements on the site has to be one of the most awesome things I've seen implemented re: ads on community driven sites.
Keep the great ideas coming.