Serious privacy bug still present in Safari since 2013

Discussion in 'OS X Yosemite (10.10)' started by J. J., Mar 14, 2015.

  1. J. J. macrumors regular

    J. J.

    Joined:
    Oct 15, 2012
    Location:
    Italy
    #1
    As AppleInsider notes, Safari for OS X is affected by a serious privacy bug since 2013.

    Basically, your computer keeps track of the pages you visit in private browsing mode. More specifically, the file ~/Library/Safari/WebpageIcons.db stores data from all the websites visited.

    I think that users should be warned; this could be a very serious privacy issue. It's a shame that Apple hasn't resolved this issue yet.
     
  2. Zerozal macrumors 6502

    Joined:
    Apr 3, 2009
    Location:
    PA
    #2
    Wow, thanks for posting this—I had no idea.

    I just tested and verfiied that yes, this is in fact true—I opened a private window and navigated to a new site, then saw that indeed the site showed up in the db.

    At least the list of URLs isn't in text file. You do need to have a SQL database viewer (and know how to use it) to view the URLs, but SQL db viewers are free and not difficult to figure out.

    Hopefully Apple plugs this privacy hole in a future release.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    Simply resetting Safari clears that data. It's not a big deal. It's no different than Safari keeping your history and cache until you clear them. If you feel that strongly about it, you can simply set that file to read only and it will never record any URL data.
     
  4. J. J. thread starter macrumors regular

    J. J.

    Joined:
    Oct 15, 2012
    Location:
    Italy
    #4
    The problem is that users will think that private prowsing won't leave any track unless they are aware of the bug.
     
  5. aquajet macrumors 68020

    Joined:
    Feb 12, 2005
    Location:
    VA
    #5
    Why on earth would you think this isn't a big deal. Private browsing is supposed to mean something, and in this case it means the exact opposite of what people expect.
     
  6. GGJstudios, Mar 14, 2015
    Last edited: Mar 14, 2015

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    While that's true, I would think that most people using Private Browsing would also be likely to reset Safari after a session, to be sure there's no data stored. Only if you switch from Private Browsing to normal browsing and don't clear data would this be a problem. I set that file to read-only a couple years ago, and haven't had to think about it since.

    You can also delete the file and permanently disable it from being recreated by entering the following in Terminal:

    defaults write com.apple.Safari WebIconDatabaseEnabled -bool NO​
     
  7. SlCKB0Y macrumors 68040

    SlCKB0Y

    Joined:
    Feb 25, 2012
    Location:
    Sydney, Australia
    #7
    Based on what? Why would someone go to the trouble of using Private Browsing and then reset safari as well? :rolleyes:
     
  8. Dolorian macrumors 65816

    Dolorian

    Joined:
    Apr 25, 2007
    #8
    There is no precedent for them to go that extra step. The working assumption of the person using private browsing is that no data is stored; especially given that Safari itself tells you that it "won't remember the pages you visit, your search history, or your AutoFill information". This is a blunder on Apple's part and I really hope they fix it ASAP.
     

Share This Page