Years-old Safari private browsing bug saves URL of every page visited, remains unfixed

2

Comments

  • Reply 21 of 46

    ^ This. I think most people would assume Private Browsing does what it says and doesn't leave a near-permanent record on the computer. You certainly wouldn't think Private Browsing requires you to manually clear your history afterwards. If it did, it would be exactly the same as a non-private window, and it would have no reason to exist. Even if you don't think it's a serious issue for your use case, it's a heavily touted feature of Safari that is effectively useless until this bug is fixed.

  • Reply 22 of 46
    customtbcustomtb Posts: 345member
    Privateish Browsing? Wtf?
  • Reply 23 of 46
    tallest skiltallest skil Posts: 43,399member
    Originally Posted by coolfactor View Post

    Are you from the old Apple computer days where the modifier key was called "Open Apple"? Is calling it the "Apple" key a personal preference or just a hard habit to break? From way back to the 80's, it's always been the Command key on the Mac, hasn't it? Sorry to sidetrack the thread, but I was just curious. :P




    Yeah, that’s ingrained. I’ll say Open Apple even to PC users and then correct myself to “Command” and then “Control”. Same with Option. I grew up on Open and Closed Apple, but I didn’t start referring to the latter until it became Option.

  • Reply 24 of 46
    5. Safari’s Bookmarks/History search is fuzzy. This isn’t a complaint about Safari. The entirety of OS X–Spotlight, Open Apple+F in all applications, and in the Finder–DOES NOT HAVE FUZZY SEARCH. If you type “ctivity Monitor”, it will NOT FIND Activity Monitor. Safari’s search does this. It’s inexcusable.
    Safari has a far smaller set of data to search over. Spotlight, Finder search, etc. have to search the entire computer, and they use an index to do so. The standard data structure to use for an index like that is a B-tree. Without going heavily into the gory details of how a B-tree works, finding a leaf node in a B-tree as they are usually implemented requires comparing your search term against keys in the branch nodes to decide which branch below that node to take, which in the case of a textual search is going to be alphabetical order. Without having the first letter of your search term, it's impossible to figure out where it should go in an alphabetical sort. So to do fuzzy search, you'd have to use much more complex structures, which would take up a lot more space on the disk, and would also not perform as well. For something like Spotlight, performance is extremely important. You wouldn't use Spotlight to launch applications like Activity Monitor if it took too long for the search results to come up. So no, Spotlight's lacking fuzzy search is not inexcusable at all, and in fact is quite reasonable, assuming that's what you're complaining about.
    coolfactor wrote: »
    Just use a Private Window. Session data is destroyed when closed. You could even change the keyboard shortcuts so that Cmd-N opens up a Private Window instead of a new window. It would be nice for that to be a permanent setting, which I believe Firefox has?
    The whole point of this article is that in Safari as it currently stands, Private Windows do not destroy all data when closed.
  • Reply 25 of 46
    elrothelroth Posts: 1,201member



    Use the "Get Info" window to change the permissions of the WebpageIcons.db file to "Read Only". You can also lock the file. I did both - my WebpageIcons.db file is empty. I did it because I hate favicons. This doesn't stop them from being shown, but they get reset when you log out (and they don't get saved).

     

    When you update Yosemite, you may have to do it again (I'm not sure). 

  • Reply 26 of 46
    tallest skiltallest skil Posts: 43,399member
    Originally Posted by Durandal1707 View Post

    Safari has a far smaller set of data to search over. Spotlight, Finder search, etc. have to search the entire computer, and they use an index to do so. The standard data structure to use for an index like that is a B-tree. Without going heavily into the gory details of how a B-tree works, finding a leaf node in a B-tree as they are usually implemented requires comparing your search term against keys in the branch nodes to decide which branch below that node to take, which in the case of a textual search is going to be alphabetical order. Without having the first letter of your search term, it's impossible to figure out where it should go in an alphabetical sort. So to do fuzzy search, you'd have to use much more complex structures, which would take up a lot more space on the disk, and would also not perform as well. For something like Spotlight, performance is extremely important. You wouldn't use Spotlight to launch applications like Activity Monitor if it took too long for the search results to come up. So no, Spotlight's lacking fuzzy search is not inexcusable at all, and in fact is quite reasonable, assuming that's what you're complaining about.

     

    Thanks for the info; my search algorithm education was a long time ago. Still, a modern processor should be able to handle more advanced searches fairly easily, yeah? Is the difference we’re talking about still measurable in milliseconds, or would the average index size be large enough that it’s appreciably longer? Sure, we have to take into account HDD vs. SSD (and then standard SSD vs. PCIe SSD), but that’s less a limitation of the processing power and more an incalculable hindrance of the platform (depending on how old the hardware is on which OS X’s installed). And how large of an index are we talking? 

     

    Oh, on that point, does it feel to anyone else that–while battery capacity and charge are currently the greatest challenges holding technology back–the next biggest bottleneck for the future will be drive capacity?

     

    I can’t seem to find a date on the first 1 GB drive, but we all know the first 1 TB was in 2007. Since then, we’ve only hit 10 TB. In the lab. Using helium. That’s spinning drives, so of course the technology has a much smaller physical limitation. Solid state drives have gone from 2 gigs to 2 ters (tears?) in the same amount of time. Anyone know the physical limitation of SSDs?

  • Reply 27 of 46
    brlawyerbrlawyer Posts: 828member
    Ooh, this is now a “things we hate about Safari” thread. 

    1. The URL bar’s predictive text is worthless. Bookmarks should be the first thing it pulls up, then history, then web searches. I don’t want to start typing and be autofilled a URL that I visited ONCE instead of the bookmark I use DAILY.
    2. Top Sites is just ‘sites’. All URLs that I visit TWO OR MORE TIMES will appear there, not sites that I actually visit most often.
    3. Cookies should be lockable. I should be able to lock specific cookies to protect if I hit “delete all”. Alternatively, we should be able to whitelist cookies and block all others.
    4. Plugin compartmentalization still reports the existence of the plugin. If I have Flash set to be blocked by default, Safari should report to all websites outside my whitelist that I DO NOT HAVE FLASH INSTALLED AT ALL. Same with any other plugin that people might want to use.
    5. Safari’s Bookmarks/History search is fuzzy. This isn’t a complaint about Safari. The entirety of OS X–Spotlight, Open Apple+F in all applications, and in the Finder–DOES NOT HAVE FUZZY SEARCH. If you type “ctivity Monitor”, it will NOT FIND Activity Monitor. Safari’s search does this. It’s inexcusable.

    In fact, Apple seems to be doing everything wrong these days. As noted above, the ridiculous "erase history" option is practically useless now, as it forces you to remove cookies as well. The outcome? Having to retype your password whenever subscribed/protected sites are visited after that option is used.

    Pathetic.
  • Reply 28 of 46
    dcgoodcgoo Posts: 267member
    Quote:


     

    Tests conducted by AppleInsider on OS X Yosemite 10.10.3 build 14D98g, released to developers earlier this week, confirm that the flaw remains unaddressed. Trashing the WebpageIcons.db file, re-launching Safari, and visiting a web page in private browsing mode logs that visit to the database, and the data persists following a browser reboot.

     


     

    It certainly does not do that for me.  That file is only created or updated on my Yosemite installations,  if I use a regular browser page.  If I use a "Private Window" it is NOT created or updated.

  • Reply 29 of 46
    MacProMacPro Posts: 19,500member
    coolfactor wrote: »
    For years, Apple has promoted Private Browsing as one of Safari's key features. They boasted about Safari being the first mainstream browser to offer such a feature. For this very basic oversight to exist for this many years is inexcusable. The whole point of Private Browsing is that _no_ data remains after the window is closed. That's clearly not the case. The "WebpageIcons.db" file is not encrypted or obfuscated in any way. Any third-party hack can extract the data for nefarious purposes should they gain access to one's computer. I fail to see how this is not a critical problem. I'm not worried, since I only use Private Browsing to simulate "first visits" to sites during their development, but for the porn surfers that you mention, this oversight leaves a trail on any Mac in any environment (home, work, public access, etc.).

    I don't disagree at all that this should be fixed, but the private browsing could be interpreted as in; nothing is there for the casual passer by to click on the history button. Has Apple ever claimed this private browsing is up to defeating computer forensics? That would require far more than deleting the db file.
  • Reply 30 of 46
    MacProMacPro Posts: 19,500member
    brlawyer wrote: »
    In fact, Apple seems to be doing everything wrong these days. As noted above, the ridiculous "erase history" option is practically useless now, as it forces you to remove cookies as well. The outcome? Having to retype your password whenever subscribed/protected sites are visited after that option is used.

    Pathetic.

    I do agree that the clear data has been over simplified. One solution I'd suggest to Apple here would be a user white list ability (implemented like a VIP in Mail) that is not cleared by the current simple approach but can be edited or cleared in an advanced tab. That would solve the issue of losing passwords etc.. That said, don't forget Keychain can still re enter them for you.
  • Reply 31 of 46
    MacProMacPro Posts: 19,500member
    dcgoo wrote: »
    It certainly does not do that for me.  That file is only created or updated on my Yosemite installations,  if I use a regular browser page.  If I use a "Private Window" it is NOT created or updated.

    I hadn't even thought to check. So this entire thread is redundant. Good to know even if you did forget your NDA ... ;)

    I wonder if law enforcement forensics have other methods if required by accessing DNS servers or similar back end approaches based on IP and MAC addresses? Or is this not true?

    I know, I know, I watch too much TV. ;)
  • Reply 32 of 46
    dcgoodcgoo Posts: 267member
    Quote:

    Originally Posted by digitalclips View Post





    I hadn't even thought to check. So this entire thread is redundant. Good to know even if you did forget your NDA ... image



    What NDA is that?  Are we not supposed to discuss something?

  • Reply 33 of 46
    Quote:

    Originally Posted by newbee View Post

     
    Quote:
    Originally Posted by Tallest Skil View Post

     

    Oh. Yeah, I knew that. I ran into it when restoring 10.10.1 to my laptop to see if that would fix the Wi-Fi problem that popped up for four days and went away immediately after (it didn’t fix it; it went away on its own).

     

    I figured it was iCloud saving every single URL, given that it has to sync it all between all your devices. But it’s local? Okay. Of course iCloud DOES save all your URLs, but to know it’s local is… I dunno, what? It’s annoying if you ever have to restore, but beyond that what’s there to say?


    Am I the only one who uses the "clear  history and website data" button after almost every session ?  To me, that's just using the tools they supply to "keep safe". What's the big deal over this anyway?


     

     

    If you do 'clear history and website data', you then have to log into your account in iTunes. iTunes relies on a Safari cookie, which is archaic.

  • Reply 34 of 46
    MacProMacPro Posts: 19,500member
    dcgoo wrote: »

    What NDA is that?  Are we not supposed to discuss something?

    I could be mistaken I thought you were referring to the latest developer release. If it is the public beta then of course it's fine to discuss.
  • Reply 35 of 46
    jpellinojpellino Posts: 673member

    Web page icons are mostly useless decoration.  Only one you need is the reader view indicator.  

     

    Disabled them a long time ago:

     

    Quit Safari.  

    Find and delete WebpageIcons.db

    Open and immediately quit Safari.

    Find and lock (Get Info) WebpageIcons.db

    Done.  
  • Reply 36 of 46
    evokenevoken Posts: 56member
    Quote:

    Originally Posted by brlawyer View Post





    In fact, Apple seems to be doing everything wrong these days. As noted above, the ridiculous "erase history" option is practically useless now, as it forces you to remove cookies as well. The outcome? Having to retype your password whenever subscribed/protected sites are visited after that option is used.



    Pathetic.



    As it seems, it is as if everything that Apple touches which relates to the internet (services being a subset of this) they just can't quite get right. They are untouchable when it comes to hardware but sweet dear Lisa almighty what will it take for this company to finally nail the services part of their offerings?

  • Reply 37 of 46
    brlawyerbrlawyer Posts: 828member
    Quote:

    Originally Posted by digitalclips View Post





    I don't disagree at all that this should be fixed, but the private browsing could be interpreted as in; nothing is there for the casual passer by to click on the history button. Has Apple ever claimed this private browsing is up to defeating computer forensics? That would require far more than deleting the db file.



    This is way less compllicated than you think - it is a clear text file that can be opened with TextEdit, where all your "pron" websites can be seen...no hacking or forensics required.

  • Reply 38 of 46
    brlawyerbrlawyer Posts: 828member
    Quote:

    Originally Posted by Evoken View Post

     



    As it seems, it is as if everything that Apple touches which relates to the internet (services being a subset of this) they just can't quite get right. They are untouchable when it comes to hardware but sweet dear Lisa almighty what will it take for this company to finally nail the services part of their offerings?


     

    Agreed. And don't even get me started with the mess about multi-country iTunes accounts whose apps cannot be updated seamlessly, the horrid confusion about iCloud logins/sync routines, the inability to merge accounts and so on...

  • Reply 39 of 46
    brlawyerbrlawyer Posts: 828member

    And what about the fact that Safari history does NOT observe the "Remove history items" time limit option set by users? This only happens if you quit the app and then open it again.

  • Reply 40 of 46
    Thanks for the info; my search algorithm education was a long time ago. Still, a modern processor should be able to handle more advanced searches fairly easily, yeah? Is the difference we’re talking about still measurable in milliseconds, or would the average index size be large enough that it’s appreciably longer? Sure, we have to take into account HDD vs. SSD (and then standard SSD vs. PCIe SSD), but that’s less a limitation of the processing power and more an incalculable hindrance of the platform (depending on how old the hardware is on which OS X’s installed). And how large of an index are we talking?

    Well, the tree that Spotlight uses is going to look something like this. So, let's suppose the keywords you've found are "ant", "bear", "cat", "dog", "eagle", "fish", "gecko", "iguana", "jellyfish", "koala", "llama", and "monkey." The tree could look something like this:


    ____
    |ant | 
    |bear|
    |cat |
    |dog |
    |____|
        \
         \               ___________
          - - - - - - - -|         |
     ________            |eagle    |
     |eagle | - - - - - -|         |
     |fish  |            |         |
     |gecko |            |jellyfish|
     |iguana|         - -|         |
     ________        /   ___________
                    /
                   /
    ___________- - 
    |jellyfish|
    |koala    |  
    |llama    |
    |monkey   |
    ___________


    As you can see, the strings are compared against the keys in the top node (on the right). If the search term comes before "eagle", it takes the first path, if it comes on or after "eagle" but before "jellyfish" it takes the second path, and if it comes on or after "jellyfish" it takes the third path. In an actual tree, there would be a lot more keywords, and a lot more levels to go through before you got to the bottom, but this allows you to get to get to a keyword in a lot fewer steps than just comparing against all the strings in order (for example, suppose your search term was "koala". You'd have to do three string comparisons: one against "eagle", one against "jellyfish", and one against "koala", and then you'd have found it. Compare with just marching up the list in which case you would have had to do 10 comparisons).

    The trouble with this is that it doesn't work if you don't have the first character, since you can't do alphabetical comparisons. Coming to the first node in the example above with the second through last letters gives the tree no way to know which node it should proceed to, since it can't properly compare the search term against either of the keys in that node. So, you can't do something this simple; you have to use a more complex structure that may take more computation effort to navigate, you have to store a lot more data to accommodate all those partial strings, and since your tree is larger, that will once again make it take longer to navigate. In short, you sacrifice a lot of performance and efficiency, so you need to make sure the benefits are worth it. Are they? Well, I've never tried to launch an application by its second letter. I'm guessing most people don't typically do this, whereas many people have complained about Spotlight's speed, so I'm going to go ahead and say that this wouldn't be worth the tradeoff.
Sign In or Register to comment.