iCloud Was Storing Deleted Safari Browser History for Months, but Apple Fixed the Issue

[Alenore]

That is true, they don't sell you data. They give it to governments for free.

Just like Microsoft, Apple, or any company following the law. You see the trend here? The law.

Of course they do not sell their proprietary data. That would be selling the cow instead of the milk. They are the intermediary. But hey its not just Google. That is what your club cards are for too. These companies do reserve their right to sell their data [about you] to other entities. Read the fine print. And read the article linked previously about 23 and me.

They absolutely do collect a creepy amount of information tied to your real identity. Technically much of the information is stored in non-relational, big data, databases. The real technology in big data is the proprietary algorithms that can relate the information between identities and other data. Yes, they use it to sell profiles for marketing and other research in other spaces.

They can and do tie those advertising profiles back to a list of devices and real identities for targeted advertising. They route Hawaiian vacation ads to websites you happen to be visiting, after you browse an article about Hawaii, even on other devices.

If the general public ever saw what they could provide about an individual if they ever chose to, that would be their doom. But its all too abstract for most people to really care.

I know that, that's literally my job as I work in a big data context. What I was quoting, and refuting, was that google sold your personnal datas. Which is wrong, they just sell a channel to you, without knowing who advertisers sell to.
And the point is, "if they ever chose to". The army can also destroy your face, hell the closest fencing club can also poke people to death if they ever chose to.

 

[69Mustang]

You guys read this part, right?

"...Forensic software like Phone Breaker was required, which doesn't come cheap, and Phone Breaker only works with a user's Apple ID and password, or an authentication token pulled from a user's computer."

It isn't like Forbes pulled 7000 of someone else's deleted records. It was 7000 of their own deleted records.

We read all of it. I haven't read every comment but I don't think anyone is claiming Apple is doing something nefarious. The problem is, and the part you seemed to miss, that the information is stored and accessible. With proper funding and technical skill, that information would have been available for someone other than the owner. Forbes using their own information was "proof of concept" authentication that the company wasn't just blowing smoke.

The only evidence I've ever seen of Apple mining data was when an iMessage spokesman, explaining why they won't port it to other OSs, said at some point that they already have enough data for any potential AI projects. So much for end-to-end encryption.

Apple mines data. They straight up tell you that they mine data in the privacy policy. Evidence of data mining can be easily seen by not opting out of targeted advertising. If you don't opt out, your data is used to target ads to you. In my personal opinion, there's nothing wrong with it.

Of course they do not sell their proprietary data...

This directly contradicts what you said in that original post: "You realize Google's primary line of business is that they DO collect every bit of data on us imaginable and store it forever? Then sell it." Your subsequent post was more factual. It's odd to me. You seem to know exactly what Google (and Apple, btw) does, but tried to portray it in your earlier post in the meme fashion of Google sells your data. Why is that?

 

[TheGream]

Man I just love all the nay Sayers and doom and gloomers.

So iCloud was hacked by a company that makes hacking software and found a database of what should have been deleted history data. Then said hacking software company talk to Forbes about it and they used the software to backdoor iCloud.
Then Apple goes and does whatever they do to make all but two weeks with of history vanish.
Why we people not made at the hackers or Forbes?
I trust Apple with my information more than I trust myself with it. Yahoo was hacked and didn't tell people for years, and google straight up sales you info.
Apple just charges premium for hardware that tends to be older than it should be.

 

[iapplelove]

Ehh if you have any kind of digital life at all, expect anything and everything.

 

[crumpetkerfuffle]

I suppose this will sound paranoid, but...

"iCloud was caught storing deleted browser history by software company Elcomsoft, which develops cracking tools for extracting protected data from iOS devices. Speaking to Forbes, Elcomsoft CEO Vladimir Katalov explained that the company had been able to retrieve "deleted" browser history dating back more than a year. "

So a Russian software company just copped to using their cracking software to hack Apple's iCloud security and access everyone's protected Safari history data. Even if Apple has been collecting the data for a long period, it still doesn't change the fact that this company 1) touts making software which comprises us all and 2) probably copied everything found in that tombstone file. Sure, it's appalling that Apple has been collecting our data for this long (have fun reading those thousands of articles on the Star Trek Memory Alpha site), but it's even more appalling that these people are using this article as a veiled advertisement to peddle their wares to less-than-savory humans ready to exploit that data in far more damaging ways.

Again, paranoid, I know...

 

[DeepIn2U]

...

Apple was keeping deleted browser information in a separate iCloud recored called "tombstone,"

typo:
"Recored"
should be:
"record"

 

[moonjelly]

Just like Microsoft, Apple, or any company following the law. You see the trend here? The law.


I know that, that's literally my job as I work in a big data context. What I was quoting, and refuting, was that google sold your personnal datas. Which is wrong, they just sell a channel to you, without knowing who advertisers sell to.
And the point is, "if they ever chose to". The army can also destroy your face, hell the closest fencing club can also poke people to death if they ever chose to.

Yes. I edited my original post to more clearly reflect how that information is used. Big data collectors do sell this information to each other. I too work in a field related to big data.

Since you are in the field this article should interest you. https://www.scientificamerican.com/...fying-but-not-for-the-reasons-the-fda-thinks/ There are legitimate moral concerns about how the mere existence of the personal part of the data could affect society.

Apple recently introduced technology intended to allow them to collect some kinds of system usage data and have it inherently disconnected from personally identifiable data. Kudos to them for the effort.

 

[bmac89]

In iOS 9.3 and later (and Safari 9.1 and later), Apple also began turning URLs into unreadable hashes instead of plaintext when browser history is deleted, an additional security measure, but Forbes says that didn't stop Elcomsoft's tool from working with the newest versions of Safari.

Im trying to get my head around the above quote. Is this suggesting that the latest Safari is somehow easier to crack this particular information than in iOS 9.3?

It makes it sound like the Safari in iOS 9.3" is harder (or maybe not possible?) to access this information. Or maybe I'm just reading into it too much.

Anyone able to clarify this?


P.S. I remember a macrumors article about a security weakness in iOS 10... I think it was something to do with the kernel...? Has this been fixed yet?

 

[Mascots]

Too many companies seem to hide behind it was a bug excuse when they're caught hanging on to data they probably shouldn't have. For a company that seems to pride itself on privacy, this is rather disappointing.

I get that, but there isn't much Apple can do about it now that the situation is remedied. I hardly believe it was anything other than a bug that went unnoticed because of its obscurity. If it was done in malpractice, it would have been done correctly from the get-go or there would be other obvious signs.

I work in the industry so maybe I am biased. I just don't see what else you could want from them short of an admission that it was done purposely, yet doesn't seem to be the case. Nothing can be done about it, it's a remote issue that is corrected across the board.

I just don't know what people who don't believe want in exchange, I suppose is my hold up

 

[moonjelly]

The problem is, and the part you seemed to miss, that the information is stored and accessible. With proper funding and technical skill, that information would have been available for someone other than the owner.

This directly contradicts what you said in that original post: "You realize Google's primary line of business is that they DO collect every bit of data on us imaginable and store it forever? Then sell it." Your subsequent post was more factual. It's odd to me. You seem to know exactly what Google (and Apple, btw) does, but tried to portray it in your earlier post in the meme fashion of Google sells your data. Why is that?

I edited my original post to hopefully be more clear, while still pointing out that as you say "...the information is stored and accessible..." Also they reserve the right to sell the data itself. Why is that? The computer era has brought legitimate concerns about the mere existence of compiled and detailed personal information. When it comes to privacy, when something feels creepy to a majority of society, something is wrong with it.

 

[simonmet]

Oversight? Not for a second!

A company as economical as Apple would never store a lot more than they had to by accident.

This confirms suspicions I've had about iCloud storing deleted usage information and data like contacts and is likely part of Apple's secret NSA obligations.

Apple's public stance on privacy is all a charade. The "fix" is likely just a new way to hide and obscure the data because they got caught. Likely they have policies and plans for what to do in the event of getting caught.

What a time to be alive!

 

[nt5672]

Anyone ever have a group of deleted photos show up again in the iOS Photos app? Not deleted as in the recently deleted folder, but had been deleted completely for a good amount of time. It's happened to me at least three times. I do use iCloud Photo whatever-the-hell-the-rest-of-the-name-is, but that shouldn't matter.

Apple has had like 5 years to get the cloud right, but management only cares about watch bands, campuses, outdated hardware, and Chinese investments. There is no way I would use Apple's cloud services. Why? Because Apple has proven time after time, that management may just show up one day and cancel the technology, with no regard for users. Apple is so big now, they can't be bothered with a few million users. Sad, because it does not have to be this way, but reality is what it is.

 

[Wowereit]

I can't say that I'm surprised but I am very disappointed. We'll not get any response from apple short of it being a "bug"

Hehe, whoooopsie, hey ehm it's a bug you know. Ya, well, ahm, we're sorry that you found out ehm I mean ehm had to deal with this. Bye.

*running to his car* *starting engine* *spinning wheels*

 

[coolfactor]

I wish they allowed the option to pick and choose what of Safari you want to sync. I don't care about syncing history but want to sync read later and bookmarks across devices.

So use Private Browsing. That should give you the results you're after?

This looks like a handy tip:
http://www.macosxtips.co.uk/index_files/quickly-enable-private-browsing.php

(EDIT - that was for an older version of Safari, the keyboard shortcut exists now)


And this:
https://www.engadget.com/2012/07/30/trigger-private-browsing-in-safari-for-specific-sites/

I just wish Private Browsing could be turned on by default. I think Chrome or Firefox has that feature, or was it Opera?

 

[BeefCake 15]

So use Private Browsing. That should give you the results you're after?

This looks like a handy tip:
http://www.macosxtips.co.uk/index_files/quickly-enable-private-browsing.php

(EDIT - that was for an older version of Safari, the keyboard shortcut exists now)


And this:
https://www.engadget.com/2012/07/30/trigger-private-browsing-in-safari-for-specific-sites/

I just wish Private Browsing could be turned on by default. I think Chrome or Firefox has that feature, or was it Opera?

Thank you for the tip!

Unfortunately that's just a work around but not viable default. The idea is sometimes browsing on devices are targeted differently so it's not useful or of value for Apple to keep syncing it. For example: on my phone I'm reading quick articles on the go, searching for specific places on Google etc. On my Mac, I'm more like to be on Forums, working on a blog etc. The browsing histories are not useful to keep in sync. If I wanted to add pages to read later on my phone, I bookmark or add to reading list.

 

[femike]

The authorities could easily goto the ISP to get the same data and more.

 

[tennisproha]

I just read this on 9to5 Mac and not shocked at all.

You could've just commented this on 9to5 instead of coming here to do it.

 

[hellopupy]

And how do we know its been corrected?/

and how to make the deletion properly?

 

[iShatMyself]

would you say that you..., just..., shatyourself? . I don't use an iPhone, BUT,... i do however own a mbp 15 and so does my wife. here's the funny bit.... whenever i wanted to look up let's say... inappropriate stuff, i'd do it on my mac and not on my gaming box. This is disappointing indeed

Indeed. Shatting myself as I type.

 

[DUIduckSAUCE]

Four pages in and not one "I miss Steve" post. Count me impressed

 

[joy.757]

Oh well. I typically use firefox for anything whose records need to be erased. It's convenient how you can set it to erase everything every time it starts.

 

[sudo1996]

Apple mines data. They straight up tell you that they mine data in the privacy policy. Evidence of data mining can be easily seen by not opting out of targeted advertising. If you don't opt out, your data is used to target ads to you. In my personal opinion, there's nothing wrong with it.

I wasn't explicit, but in that context, we were talking about Apple secretly mining data in ways that contradict their privacy policy. They state that they do not and cannot access your messages on iMessage.

 

[ra535i]

But what this article talks about doesn't really apply if the Safari sync aspect of iCloud isn't enabled, right?

It's on by default. My wife doesn't know that. The point is, if I hand a "normal" a MacBook/pro, their data is instantly stored. This coming from a company that says they don't store your data. What's even more hilarious is they still actively keep two weeks of data even after "fixing" the issue with ZERO explanations as to why it was even up there in the first place.
[doublepost=1486701912][/doublepost]

If you think Apple is not mining our data you're all wrong. It's not as creepy as Google and I trust them more than any other tech company. Mostly for in-house development to improve their services. Unlike Google or Facebook their selling your data to their customers.

You think Google isn't using your data to improve their services? Really...?

 

[JadawinUK]

Man I just love all the nay Sayers and doom and gloomers..

Just as most people love all the Apple fanboys with a distorted reality.

 

[69Mustang]

I wasn't explicit, but in that context, we were talking about Apple secretly mining data in ways that contradict their privacy policy. They state that they do not and cannot access your messages on iMessage.

Apologies. I didn't see anything regarding "secret data" mining in your quote or the quote you were replying to from Joueboy. Maybe it was implied. My mistake.