Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Mac OS X / Safari saving webpages (i.e. spying on us?!)

jnasato

jnasato

macrumors regular
Original poster
Jan 7, 2004
107
1
paradise
Hello, all!

So yesterday, I thought that I'd accidentally erased some important files, so I used Stellar Phoenix Data Recovery to scan my drive for deleted files. Many hours later, the app finished scanning my drive, and I decided to save all deleted files that it could find.

What did I find in the JPEGs folder? I found JPEGs of whole webpage windows in Safari!!! There are tons and not of times when I would take a screenshot. There are large browser window images of my e-mail browsing, forum browsing, etc. And when I say large, I mean that if one has to scroll down to see a webpage, the image is actually of 2 vertical pages or so, so the images are of parts that would go off the page.

What the F*CK is going on here? WHY or HOW can there be such image recordings on my hard drive? It's not cache in HTML but as JPEGs. The images are from Safari on Tiger, by the way.

Here are some examples:
http://www.nothinggg.com/mr/browser_wtf_1.JPEG
http://www.nothinggg.com/mr/browser_wtf_2.JPEG
http://www.nothinggg.com/mr/browser_wtf_3.JPEG
http://www.nothinggg.com/mr/browser_wtf_4.JPEG
http://www.nothinggg.com/mr/browser_wtf_5.JPEG

If anyone has time to scan their hard drive for deleted files, please check on this browser window image thing.

There are images of open e-mail messages, etc. This is ridiculous.
 
jnasato

jnasato

macrumors regular
Original poster
Jan 7, 2004
107
1
paradise
I am using Safari 3, but I did switch to 4 for a couple weeks or so.

Safari 4 makes sense. Thank you, and I'm glad Apple isn't randomly taking pictures of our web browsing! ...unless one uses Safari 4.
 
clevin

clevin

macrumors G3
Aug 6, 2006
9,095
1
jnasato said:
I am using Safari 3, but I did switch to 4 for a couple weeks or so.

Safari 4 makes sense. Thank you, and I'm glad Apple isn't randomly taking pictures of our web browsing! ...unless one uses Safari 4.
Click to expand...
and whenever you open top site, safari will check for update of the sites automatically in background.

I begin to think that might be a security issue.

my think aside, u should delete those preview caches, because they can be huge!. somebody reported 4.7GB HDD space getting eat up by it.
 
jnasato

jnasato

macrumors regular
Original poster
Jan 7, 2004
107
1
paradise
clevin said:
begin to think that might be a security issue.
Click to expand...
Yah, definitely! The images of my e-mail windows were large enough that I could read the content of the messages.

Or what if an image is taken when signing up for a credit card? All personal information needed for fraud, in a JPEG.
 
clevin

clevin

macrumors G3
Aug 6, 2006
9,095
1
jnasato said:
Yah, definitely! The images of my e-mail windows were large enough that I could read the content of the messages.

Or what if an image is taken when signing up for a credit card? All personal information needed for fraud, in a JPEG.
Click to expand...
well, thats part of it, I think you can submit a bug report to apple, ask them to shrink the preview to certain degree that can avoid this problem, and also ask apple not to preview secure pages (im not sure if they are doing it right now)

the other part is that site preview function of safari 4 is actually an somewhat independent app with its own thread in the system. I'm worrying that maybe malicious codes can go through safari and establish itself somewhat in the preview function. Since site preview kept pulling information to update preview image from internet in the background without users' consent. It might be used to deliver malicious codes or breach users privacy.

Im not saying its happening now, just that the such automatic data transmission should be kept minimum and properly checked, Im not sure it is right now.

Site preview is apple's in-house project, AFAIK, maybe apple should open source it and send to to webkit project and let community scrutinize the code and try to improve it.
 
L

littlegreencube

macrumors newbie
Aug 31, 2009
1
0
how to disable safari preview

http://imnotbruce.blogspot.com/2009/06/safari-40-stealing-cpu-cycles.html

here's a blog post i found to disable it. looks like you can either delete the utility inside of safari.app or use some command line functions to turn it off. there doesn't seem to be anything in the preferences that let you do it with a checkbox - kind of surprising.

(by the way, this isn't my blog - just passing along the info)

i'm a web designer and actually like the idea of being able to have automatic screenshots of the sites i'm looking at for design inspiration. but you make a great point about all the confidential information that's being documented without users' knowledge. kind of scary.
 
D

devburke

Guest
Oct 16, 2008
1,190
0
clevin said:
well, thats part of it, I think you can submit a bug report to apple, ask them to shrink the preview to certain degree that can avoid this problem, and also ask apple not to preview secure pages (im not sure if they are doing it right now)

the other part is that site preview function of safari 4 is actually an somewhat independent app with its own thread in the system. I'm worrying that maybe malicious codes can go through safari and establish itself somewhat in the preview function. Since site preview kept pulling information to update preview image from internet in the background without users' consent. It might be used to deliver malicious codes or breach users privacy.

Im not saying its happening now, just that the such automatic data transmission should be kept minimum and properly checked, Im not sure it is right now.

Site preview is apple's in-house project, AFAIK, maybe apple should open source it and send to to webkit project and let community scrutinize the code and try to improve it.
Click to expand...

It already doesn’t do it for secure pages. My logged in page for my bank is just a lock icon. But not every page you log in to is a secure page, so things like e-mail and stuff will still be previewed.

But here’s a tip: If you’re using Gmail, you can log in to it with https instead of http to make it secure and prevent previews. There’s a setting under general to always use https too.

Screen shot 2009-08-31 at 4.01.41 PM.png
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom