Years-old Safari private browsing bug saves URL of every page visited, remains unfixed

Posted:
in macOS edited May 2015
A long-known flaw in Safari's implementation of private browsing that saves the address of each and every website users visit to a file on their local drive, even after closing private browsing windows and quitting Safari, is still present in the latest pre-release versions of OS X Yosemite.




The bug manifests itself as part of Safari's cache mechanism for favicons, the small pictures that appear beside web addresses in the URL bar, bookmarks, and the favorites view. The favicon and accompanying web address for every visited site --?including those opened in a private browsing window --?are stored in an SQLite database within the user's home folder.

This database, located at ~/Library/Safari/WebpageIcons.db, is not encrypted or obfuscated in any manner.

Issues with improper data retention in Safari's favicon database have been known for years, but were pointed out again by AppleInsider reader @tylerc on Friday. A 2013 article on forensic browser analysis published in the EURASIP Journal on Information Security found that "the easiest way to view the browsing history for Safari private browsing sessions was to locate the 'WebpageIcons' database under Safari artifacts."

"This database provided a good log of every visited URL along with other pertinent information," authors Donny J Ohana and Narasimha Shashidhar concluded.





Tests conducted by AppleInsider on OS X Yosemite 10.10.3 build 14D98g, released to developers earlier this week, confirm that the flaw remains unaddressed. Trashing the WebpageIcons.db file, re-launching Safari, and visiting a web page in private browsing mode logs that visit to the database, and the data persists following a browser reboot.

The relatively easy accessibility of this information could pose problems not just for users whose computers have been compromised by malware or other targeted attacks, but even for those who share their computer with friends or significant others. By reading the database, an operation trivially performed with any of a variety of easy-to-obtain tools, information that users thought was safe could be extracted and used against them.

Until the problem is addressed, users can clear the data held in WebpageIcons.db manually by using the "Clear History and Website Data..." dialog found in the Safari menu, or by dragging the ~/Library/Safari/WebpageIcons.db file to the trash, forcing Safari to recreate it.
«13

Comments

  • Reply 1 of 46
    Ouch!

    Apple should really not be falling prey to this sort of mis-step.
  • Reply 2 of 46
    tallest skiltallest skil Posts: 43,399member

    Oh. Yeah, I knew that. I ran into it when restoring 10.10.1 to my laptop to see if that would fix the Wi-Fi problem that popped up for four days and went away immediately after (it didn’t fix it; it went away on its own).

     

    I figured it was iCloud saving every single URL, given that it has to sync it all between all your devices. But it’s local? Okay. Of course iCloud DOES save all your URLs, but to know it’s local is… I dunno, what? It’s annoying if you ever have to restore, but beyond that what’s there to say?

  • Reply 3 of 46

    iCloud shouldn't be syncing tabs from private browsing windows anyway. And iCloud enabled or not, Safari shouldn't leave any permanent traces on the disk from private windows. The whole point of private browsing is to prevent the history from being saved. But Safari is saving all of the history from them, indefinitely, in an easily-read file. This bug is pretty egregious.

  • Reply 4 of 46
    dasanman69dasanman69 Posts: 12,980member
    There's a typo in the heading. It should read Chrome not Safari. ;)
  • Reply 5 of 46
    gnnonignnoni Posts: 24member
    Drag and drop text over safari's icon, gets a crash
    unless the text is editable a url or a text snipet.

    It is a very long time bug in safari or in texts...
  • Reply 6 of 46
    tallest skiltallest skil Posts: 43,399member
    Originally Posted by gnnoni View Post

    Drag and drop text over safari's icon, gets a crash

     

    Huh. Didn’t happen for me. What do you distinguish as a ‘text snippet’?

  • Reply 7 of 46
    pfisherpfisher Posts: 758member

    How convenient.

  • Reply 8 of 46
    boredumbboredumb Posts: 1,415member

    A little strange that Apple campaigns so stalwartly for our privacy generally,

    then leaves us all relatively exposed in this way...

  • Reply 9 of 46
    newbeenewbee Posts: 2,055member
    Quote:

    Originally Posted by Tallest Skil View Post

     

    Oh. Yeah, I knew that. I ran into it when restoring 10.10.1 to my laptop to see if that would fix the Wi-Fi problem that popped up for four days and went away immediately after (it didn’t fix it; it went away on its own).

     

    I figured it was iCloud saving every single URL, given that it has to sync it all between all your devices. But it’s local? Okay. Of course iCloud DOES save all your URLs, but to know it’s local is… I dunno, what? It’s annoying if you ever have to restore, but beyond that what’s there to say?


    Am I the only one who uses the "clear  history and website data" button after almost every session ?  To me, that's just using the tools they supply to "keep safe". What's the big deal over this anyway?

  • Reply 10 of 46
    Quote:
    Originally Posted by newbee View Post

     

    Am I the only one who uses the "clear  history and website data" button after almost every session ?  To me, that's just using the tools they supply to "keep safe". What's the big deal over this anyway?


    If the goal was for everyone to use "Clear History and Website Data" after every session regardless, the "Private Window" option wouldn't exist.  When you open a private window, it claims, "Safari will keep your browsing history private for all tabs in this window."  We now know that's not true-- it does in fact save a record of all the history to disk.  So they should either fix the bug or do away with the so-called "Private Window" feature.

  • Reply 11 of 46
    MacProMacPro Posts: 18,215member
    So ... just to be clear, "Clear History and Website Data..." clears it ...

    As in ...


    [IMG ALT=""]http://forums.appleinsider.com/content/type/61/id/56535/width/500/height/1000[/IMG]


    Wow, that was complicated! Good to know.
  • Reply 12 of 46
    Just so we're clear here, the entire point of a "Private Window" feature is that the history automatically gets erased when the window is closed and that the user doesn't have to manually clear it.
  • Reply 13 of 46
    tallest skiltallest skil Posts: 43,399member
    Originally Posted by newbee View Post

    Am I the only one who uses the "clear  history and website data" button after almost every session ?

     

    Ooh, this is now a “things we hate about Safari” thread. 

     

    1. The URL bar’s predictive text is worthless. Bookmarks should be the first thing it pulls up, then history, then web searches. I don’t want to start typing and be autofilled a URL that I visited ONCE instead of the bookmark I use DAILY.

    2. Top Sites is just ‘sites’. All URLs that I visit TWO OR MORE TIMES will appear there, not sites that I actually visit most often.

    3. Cookies should be lockable. I should be able to lock specific cookies to protect if I hit “delete all”. Alternatively, we should be able to whitelist cookies and block all others.

    4. Plugin compartmentalization still reports the existence of the plugin. If I have Flash set to be blocked by default, Safari should report to all websites outside my whitelist that I DO NOT HAVE FLASH INSTALLED AT ALL. Same with any other plugin that people might want to use.

    5. Safari’s Bookmarks/History search is fuzzy. This isn’t a complaint about Safari. The entirety of OS X–Spotlight, Open Apple+F in all applications, and in the Finder–DOES NOT HAVE FUZZY SEARCH. If you type “ctivity Monitor”, it will NOT FIND Activity Monitor. Safari’s search does this. It’s inexcusable.

  • Reply 14 of 46
    nolamacguynolamacguy Posts: 4,758member
    Quote:

    Originally Posted by Tallest Skil View Post

     

     

    Ooh, this is now a “things we hate about Safari” thread. 

     

    1. The URL bar’s predictive text is worthless. Bookmarks should be the first thing it pulls up, then history, then web searches. I don’t want to start typing and be autofilled a URL that I visited ONCE instead of the bookmark I use DAILY.

    2. Top Sites is just ‘sites’. All URLs that I visit TWO OR MORE TIMES will appear there, not sites that I actually visit most often.

    3. Cookies should be lockable. I should be able to lock specific cookies to protect if I hit “delete all”. Alternatively, we should be able to whitelist cookies and block all others.

    4. Plugin compartmentalization still reports the existence of the plugin. If I have Flash set to be blocked by default, Safari should report to all websites outside my whitelist that I DO NOT HAVE FLASH INSTALLED AT ALL. Same with any other plugin that people might want to use.

    5. Safari’s Bookmarks/History search is fuzzy. This isn’t a complaint about Safari. The entirety of OS X–Spotlight, Open Apple+F in all applications, and in the Finder–DOES NOT HAVE FUZZY SEARCH. If you type “ctivity Monitor”, it will NOT FIND Activity Monitor. Safari’s search does this. It’s inexcusable.


     

    these are great. the predictive text thing always bugged me.

  • Reply 15 of 46
    coolfactorcoolfactor Posts: 1,460member

    This is inexcusable. 

  • Reply 16 of 46
    coolfactorcoolfactor Posts: 1,460member
    Quote:
    Originally Posted by newbee View Post

     

    Am I the only one who uses the "clear  history and website data" button after almost every session ?  To me, that's just using the tools they supply to "keep safe". What's the big deal over this anyway?




    Just use a Private Window. Session data is destroyed when closed. You could even change the keyboard shortcuts so that Cmd-N opens up a Private Window instead of a new window. It would be nice for that to be a permanent setting, which I believe Firefox has?

  • Reply 17 of 46
    coolfactorcoolfactor Posts: 1,460member
    Quote:

    Originally Posted by Tallest Skil View Post

     

    .... The entirety of OS X–Spotlight, Open Apple+F in all applications ....


     

    Are you from the old Apple computer days where the modifier key was called "Open Apple"? Is calling it the "Apple" key a personal preference or just a hard habit to break? From way back to the 80's, it's always been the Command key on the Mac, hasn't it? Sorry to sidetrack the thread, but I was just curious. :P

  • Reply 18 of 46
    gnnonignnoni Posts: 24member

    Snippet is a text that you drag in the desktop. This happens since years, several mayor OSX revisions. Proved in all my friends macs.

  • Reply 19 of 46
    MacProMacPro Posts: 18,215member
    coolfactor wrote: »
    This is inexcusable. 

    LOL, 'Privacy Gate' ... you forgot the /s tag I assume. I bet selecting 'clear history' is something any porn surfer does I am sure, even after 'private browsing'.
  • Reply 20 of 46
    coolfactorcoolfactor Posts: 1,460member
    Quote:
    Originally Posted by digitalclips View Post





    LOL, 'Privacy Gate' ... you forgot the /s tag I assume. I bet selecting 'clear history' is something any porn surfer does I am sure, even after 'private browsing'.

     

    For years, Apple has promoted Private Browsing as one of Safari's key features. They boasted about Safari being the first mainstream browser to offer such a feature. For this very basic oversight to exist for this many years is inexcusable. The whole point of Private Browsing is that _no_ data remains after the window is closed. That's clearly not the case. The "WebpageIcons.db" file is not encrypted or obfuscated in any way. Any third-party hack can extract the data for nefarious purposes should they gain access to one's computer. I fail to see how this is not a critical problem. I'm not worried, since I only use Private Browsing to simulate "first visits" to sites during their development, but for the porn surfers that you mention, this oversight leaves a trail on any Mac in any environment (home, work, public access, etc.).

Sign In or Register to comment.