Even after emptying the Mail application's trash, the message -- and all of its contents -- are still accessible through the phone's Spotlight search feature.
I've tested this on my iPhone, and, although these do show up in Spotlight searches, if you select an email found by Spotlight that's been deleted from the Trash folder, Mail does not display the contents of the email -- i.e., only the Subject and From of the mail are displayed by Spotlight, at least for POP accounts and messages no longer on the POP server. Shutting down and restarting has no effect on this behavior: the messages info continues to be displayed by Spotlight.
might explain why i suddenly have more free space on my laptop
i have an HP laptop with a 150GB hard drive. until last week it had 10GB free and i've had a 32GB iphone since launch day.
on friday i wipe and install Windows 7 from scratch. I had the beta and installed the RTM. restored my itunes and all my other files and i now have around 60GB free space. figure another 20GB that I deleted files that i didn't need anymore and that's 40GB free.
i have my iphone linked to my MS Exchange mailbox and sync several times a day. maybe it was backing up all my supposedly deleted emails as well?
just go to the settings and disable e-mail in spotlight search!!
Ya this doesn't help those that want/need to search email from spotlight
SECONDLY, I don't think this even fixes that. All it means is it wont show up in search the fact it shows up in search after a COMPLETE deletion shows that it's holding onto it somewhere deep in memory. So taking that off doesn't fix that issue either.
If there's no restore function for old files then why didn't they program the phone to actually delete the file? Something's stinky here. Like they made it so if it's needed, the GOVERNMENT could pull up all your activity on the phone and analyze your behavior!
THE GOVERNMENT MAN!
time for your meds man.
it's likely a glitch in the spotlight feature such that it's not redoing the spotlight index when the trash is removed to ignore the old records of those messages. and yes i'm sure Apple is aware and working on it.
First of all this does not pose a major security threat. Most corporations you work for keep copies of every email you receive or send. On Windows machines when you delete a file or message even though you can't see it anymore its still there. I don't hear any of you calling either of these situations a major flaw.
If you have a corporate email account with the company you work all of your emails are subject to inspection, you have no right to privacy from your employer so what difference does this make in the big picture? Apple will issue a fix and then all will be good. However your emails can still be read by your employer even if the company does not pay for your phone.
We use exchange and the email is gone for good if you delete it off the server. I could not replicate this issue on my iPhone with my exchange email address or my .mac account. Maybe this is something that only impacts some people and not others.
Still no one, at least so far has presented a viable case explaining why this is major security flaw. Apple Insider should have questioned why this is a major security flaw.
Still no one, at least so far has presented a viable case explaining why this is major security flaw. Apple Insider should have questioned why this is a major security flaw.
Well, I'm not sure I think it's, "a major security flaw," and I certainly wouldn't classify it as "disastrous", but here's a couple of scenarios where it could lead to unpleasant consequences:
1. You live or are traveling in an area with severe blasphemy laws. You're iPhone is "searched" at, for example, an airport and a message someone (perhaps even a spammer) sent you with a subject line critical of the locally revered deity is found, despite the fact that you deleted the message and emptied your trash. You are hauled away and punished according to the local custom for such things.
2. You live or are traveling in an area where sodomy (a term which can cover a number of different acts engaged in by members of the same or opposite gender) is illegal. Your phone is found to contain a message indicating that you have engaged in an act of sodomy with a local resident. You are both hauled away and punished according to the local custom.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash.
Try changing the setting to "One Day" and search for the deleted email in 25 hours.
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash.
Try changing the setting to "One Day" and search for the deleted email in 25 hours.
I think it's just the new low in reporting... repeating what other people said without actually checking if the problem can be remedied in the "Settings". Actually, it's possible to set it to delete it immediately in the settings... how moronic can they reporters get?
And they say this is a security loophole how? Well, the user can change the settings.. they apparently think that everyone that cares about security leaves it on the default configuration, just like how you would leave a wireless network with the "default" network name and no password and think it's secure..
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash.
Try changing the setting to "One Day" and search for the deleted email in 25 hours.
Quote:
Originally Posted by bartfat
I think it's just the new low in reporting... repeating what other people said without actually checking if the problem can be remedied in the "Settings". Actually, it's possible to set it to delete it immediately in the settings... how moronic can they reporters get?
And they say this is a security loophole how? Well, the user can change the settings.. they apparently think that everyone that cares about security leaves it on the default configuration, just like how you would leave a wireless network with the "default" network name and no password and think it's secure..
HAHAHA! Yes, it's so funny, isn't it?!
Oh, but wait, no, it doesn't have anything to do with what you are saying. Have a nice day!
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash. Try changing the setting to "One Day" and search for the deleted email in 25 hours.
Quote:
Originally Posted by bartfat
I think it's just the new low in reporting... repeating what other people said without actually checking if the problem can be remedied in the "Settings". Actually, it's possible to set it to delete it immediately in the settings... how moronic can they reporters get?... And they say this is a security loophole how? Well, the user can change the settings.. they apparently think that everyone that cares about security leaves it on the default configuration, just like how you would leave a wireless network with the "default" network name and no password and think it's secure..
Seriously, if you're gonna comment at all, could you at least read the article and the thread above you before you do?
Still no one, at least so far has presented a viable case explaining why this is major security flaw. Apple Insider should have questioned why this is a major security flaw.
How about confidential company data being distributed by email. It is 'deleted', then the iphone is lost or stolen. Being a mobile device, misplacement of the device is far more likely than the possibility of the same happening to, say, a desktop computer.
We've already seen that the pin protection is useless with the right tools, and you can turn flight mode on trivially so all of a sudden some one could have access to a sandboxed iphone with 'deleted' corporate data.
Many POP email readers on computers work like this by design, Thunderbird for example and several others (not sure about Apple Mail on the Mac). When you "delete" an email from your inbox or wherever it doesn't actually move it to the trash folder (i.e. copy and to the trash and delete it from the inbox) as you might expect, it simply flags it as invisible (to the email app) in the inbox folder and copies it to the trash folder. Even after you empty the trash the original email is left behind in the inbox, but you don't see it because it's flagged as invisible. Every now and then (as determined by preferences settings) the email app either automatically, or by user command, does a compact folders (sometimes called compression) operation - this goes through all your email folders and deletes any old emails that have been marked as invisible. Really deletes them. And gives you back some free disk space in return, hence the name of the command.
They work like this because... well it seems mostly because back in the day the overhead of deleting emails immediately might have impacted response time for the users too much so physical deletion was hived off onto a sort of background task that only ran when really necessary. And well, "it's Unix dude, that's how it's done". I've used this behaviour to recover important emails I mistakenly emptied from the trash several times over the years (you can simply edit the inbox folder and see the supposedly deleted mails there).
I don't know if this is the explanation for the iPhone's failure to really delete POP mail messages, but it wouldn't surprise me (you need a way to invoke the compact folders command either automatically or manually for the scheme to work and I've never seen anything in the iPhone's mail settings like it). It's also something more people should be aware of with their desktop/laptop email programs. You might be surprised how many old emails are kicking around in your POP mailboxes on your hard drive.
How about confidential company data being distributed by email. It is 'deleted', then the iphone is lost or stolen. Being a mobile device, misplacement of the device is far more likely than the possibility of the same happening to, say, a desktop computer.
We've already seen that the pin protection is useless with the right tools, and you can turn flight mode on trivially so all of a sudden some one could have access to a sandboxed iphone with 'deleted' corporate data.
The bug is that the Spotlight database is not informed immediately that an e-mail has been deleted and does not remove the records related to it. It's not a bug in that sense; it's a matter of not considering all the ramifications of Spotlight. Even if the entire email table is securely erased, if another program has copied the data, there's no overall effect.
The fix is that Spotlight must be notified when an email is deleted.
For the advanced readers, this problem also exists in OS X Leopard.
Many POP email readers on computers work like this by design ... It's also something more people should be aware of with their desktop/laptop email programs. You might be surprised how many old emails are kicking around in your POP mailboxes on your hard drive.
I would ask whether an end-user should really be required to know these things. Of course, this is not a slight at Apple or any one who writes a POP client but really, when a user deletes an item, unless it is clear it is being moved to trash then it is reasonable to expect that the messages is actually deleted.
The act of deleting an e-mail within iPhone OS 3.0 isn't enough to destroy its contents, and Apple is reportedly aware of the flaw and could be working on a fix.
Citing a source within Apple, Gizmodo stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, first discovered by Cult of Mac, happens when a user attempts to delete an e-mail. Even after emptying the Mail application's trash, the message -- and all of its contents -- are still accessible through the phone's Spotlight search feature.
To test the flaw, delete a message within the iPhone's Mail software. Remove it from the trash, and check your mail server to ensure it's erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.
While some reports allege both IMAP and POP accounts are affected, a number of AppleInsider readers have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
The site's internal tipster doesn't give any certainty, though, only saying Apple will "probably" include a fix in the upcoming iPhone OS update.
Matt Janssen created a video to demonstrate the security flaw. In it, he said that he has been able to find e-mails that are "over three or four months old." He shows off the bug on a second-generation iPod touch using software 3.0, and pulls up a message he deleted from June. When opening the mail through Spotlight, Mail crashes at first, but after opening a second time, the message can be opened in the mail inbox as message "1 of 0."
"These messages are still on the iPod somewhere, even after you delete them, but you can't find them without searching for them," Janssen said. "Like I said, this is a security issue, a bug, and hopefully Apple will fix it in some later releases."
Spotlight search is a new feature of the latest iPhone software, released in June. It offers global search capabilities, which enable users to quickly find apps, notes, e-mails, calendar events, contacts, music and other media files.
Saving things in the trash is for sissies that can't make a decision IMO. I empty my trash every single time there is anything in it on the desktop and I'd love to have the option of simply having things delete when I hit the delete key.
dude. some of us just have a problem with commitment, okay?
actually, if you think about it, it's quite appropriate. follow me here.
some people who have affairs, just want to be caught right? they have a problem with commitment and deep down just want to be caught.
these are the people that are afraid to delete things. they let things pile up in their trash bin. just think of where they'd be if there wasn't a trash bin. when they delete something it would actually be deleted. then their partner would never be able to see it and get mad at them.
throws the whole world off balance. all because someone said commitment was nothing to be afraid of.
Comments
Even after emptying the Mail application's trash, the message -- and all of its contents -- are still accessible through the phone's Spotlight search feature.
I've tested this on my iPhone, and, although these do show up in Spotlight searches, if you select an email found by Spotlight that's been deleted from the Trash folder, Mail does not display the contents of the email -- i.e., only the Subject and From of the mail are displayed by Spotlight, at least for POP accounts and messages no longer on the POP server. Shutting down and restarting has no effect on this behavior: the messages info continues to be displayed by Spotlight.
i have an HP laptop with a 150GB hard drive. until last week it had 10GB free and i've had a 32GB iphone since launch day.
on friday i wipe and install Windows 7 from scratch. I had the beta and installed the RTM. restored my itunes and all my other files and i now have around 60GB free space. figure another 20GB that I deleted files that i didn't need anymore and that's 40GB free.
i have my iphone linked to my MS Exchange mailbox and sync several times a day. maybe it was backing up all my supposedly deleted emails as well?
i found a real a fix!!!!
just go to the settings and disable e-mail in spotlight search!!
Ya this doesn't help those that want/need to search email from spotlight
SECONDLY, I don't think this even fixes that. All it means is it wont show up in search the fact it shows up in search after a COMPLETE deletion shows that it's holding onto it somewhere deep in memory. So taking that off doesn't fix that issue either.
http://www.roughlydrafted.com/2009/0...-3-0-mail-bug/
If there's no restore function for old files then why didn't they program the phone to actually delete the file? Something's stinky here. Like they made it so if it's needed, the GOVERNMENT could pull up all your activity on the phone and analyze your behavior!
THE GOVERNMENT MAN!
time for your meds man.
it's likely a glitch in the spotlight feature such that it's not redoing the spotlight index when the trash is removed to ignore the old records of those messages. and yes i'm sure Apple is aware and working on it.
iPhone 3G OS 3.0.1.
If you have a corporate email account with the company you work all of your emails are subject to inspection, you have no right to privacy from your employer so what difference does this make in the big picture? Apple will issue a fix and then all will be good. However your emails can still be read by your employer even if the company does not pay for your phone.
We use exchange and the email is gone for good if you delete it off the server. I could not replicate this issue on my iPhone with my exchange email address or my .mac account. Maybe this is something that only impacts some people and not others.
Still no one, at least so far has presented a viable case explaining why this is major security flaw. Apple Insider should have questioned why this is a major security flaw.
Still no one, at least so far has presented a viable case explaining why this is major security flaw. Apple Insider should have questioned why this is a major security flaw.
Well, I'm not sure I think it's, "a major security flaw," and I certainly wouldn't classify it as "disastrous", but here's a couple of scenarios where it could lead to unpleasant consequences:
1. You live or are traveling in an area with severe blasphemy laws. You're iPhone is "searched" at, for example, an airport and a message someone (perhaps even a spammer) sent you with a subject line critical of the locally revered deity is found, despite the fact that you deleted the message and emptied your trash. You are hauled away and punished according to the local custom for such things.
2. You live or are traveling in an area where sodomy (a term which can cover a number of different acts engaged in by members of the same or opposite gender) is illegal. Your phone is found to contain a message indicating that you have engaged in an act of sodomy with a local resident. You are both hauled away and punished according to the local custom.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
snip
[ View this article at AppleInsider.com ]
always consider the source... could it be more shrill?
Try changing the setting to "One Day" and search for the deleted email in 25 hours.
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash.
Try changing the setting to "One Day" and search for the deleted email in 25 hours.
I think it's just the new low in reporting... repeating what other people said without actually checking if the problem can be remedied in the "Settings". Actually, it's possible to set it to delete it immediately in the settings... how moronic can they reporters get?
And they say this is a security loophole how? Well, the user can change the settings.. they apparently think that everyone that cares about security leaves it on the default configuration, just like how you would leave a wireless network with the "default" network name and no password and think it's secure..
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash.
Try changing the setting to "One Day" and search for the deleted email in 25 hours.
I think it's just the new low in reporting... repeating what other people said without actually checking if the problem can be remedied in the "Settings". Actually, it's possible to set it to delete it immediately in the settings... how moronic can they reporters get?
And they say this is a security loophole how? Well, the user can change the settings.. they apparently think that everyone that cares about security leaves it on the default configuration, just like how you would leave a wireless network with the "default" network name and no password and think it's secure..
HAHAHA! Yes, it's so funny, isn't it?!
Oh, but wait, no, it doesn't have anything to do with what you are saying. Have a nice day!
Is this a bug despite the feature that allows for deleted messages to remain on the device based on your account settings. Settings / Mail, Contacts, Calendars / (Select an Account) / Advanced / Deleted Messages: Remove / Then pick how long deleted messages stay on the device. This setting must apply to messages that have been deleted from the InBox AND the Trash. Try changing the setting to "One Day" and search for the deleted email in 25 hours.
I think it's just the new low in reporting... repeating what other people said without actually checking if the problem can be remedied in the "Settings". Actually, it's possible to set it to delete it immediately in the settings... how moronic can they reporters get?... And they say this is a security loophole how? Well, the user can change the settings.. they apparently think that everyone that cares about security leaves it on the default configuration, just like how you would leave a wireless network with the "default" network name and no password and think it's secure..
Seriously, if you're gonna comment at all, could you at least read the article and the thread above you before you do?
Still no one, at least so far has presented a viable case explaining why this is major security flaw. Apple Insider should have questioned why this is a major security flaw.
How about confidential company data being distributed by email. It is 'deleted', then the iphone is lost or stolen. Being a mobile device, misplacement of the device is far more likely than the possibility of the same happening to, say, a desktop computer.
We've already seen that the pin protection is useless with the right tools, and you can turn flight mode on trivially so all of a sudden some one could have access to a sandboxed iphone with 'deleted' corporate data.
They work like this because... well it seems mostly because back in the day the overhead of deleting emails immediately might have impacted response time for the users too much so physical deletion was hived off onto a sort of background task that only ran when really necessary. And well, "it's Unix dude, that's how it's done". I've used this behaviour to recover important emails I mistakenly emptied from the trash several times over the years (you can simply edit the inbox folder and see the supposedly deleted mails there).
I don't know if this is the explanation for the iPhone's failure to really delete POP mail messages, but it wouldn't surprise me (you need a way to invoke the compact folders command either automatically or manually for the scheme to work and I've never seen anything in the iPhone's mail settings like it). It's also something more people should be aware of with their desktop/laptop email programs. You might be surprised how many old emails are kicking around in your POP mailboxes on your hard drive.
How about confidential company data being distributed by email. It is 'deleted', then the iphone is lost or stolen. Being a mobile device, misplacement of the device is far more likely than the possibility of the same happening to, say, a desktop computer.
We've already seen that the pin protection is useless with the right tools, and you can turn flight mode on trivially so all of a sudden some one could have access to a sandboxed iphone with 'deleted' corporate data.
The bug is that the Spotlight database is not informed immediately that an e-mail has been deleted and does not remove the records related to it. It's not a bug in that sense; it's a matter of not considering all the ramifications of Spotlight. Even if the entire email table is securely erased, if another program has copied the data, there's no overall effect.
The fix is that Spotlight must be notified when an email is deleted.
For the advanced readers, this problem also exists in OS X Leopard.
Many POP email readers on computers work like this by design ... It's also something more people should be aware of with their desktop/laptop email programs. You might be surprised how many old emails are kicking around in your POP mailboxes on your hard drive.
I would ask whether an end-user should really be required to know these things. Of course, this is not a slight at Apple or any one who writes a POP client but really, when a user deletes an item, unless it is clear it is being moved to trash then it is reasonable to expect that the messages is actually deleted.
The act of deleting an e-mail within iPhone OS 3.0 isn't enough to destroy its contents, and Apple is reportedly aware of the flaw and could be working on a fix.
Citing a source within Apple, Gizmodo stated that the fix will likely come in iPhone OS 3.1 for the iPhone and iPod touch. The problem, first discovered by Cult of Mac, happens when a user attempts to delete an e-mail. Even after emptying the Mail application's trash, the message -- and all of its contents -- are still accessible through the phone's Spotlight search feature.
To test the flaw, delete a message within the iPhone's Mail software. Remove it from the trash, and check your mail server to ensure it's erased. Then, search for the subject line of the message in Spotlight, where, in many cases, the entire message can still be read.
While some reports allege both IMAP and POP accounts are affected, a number of AppleInsider readers have commented that IMAP accounts are in fact not vulnerable to the Spotlight bug.
"As far as I can tell, there is no way to completely delete emails from iPhone OS 3.0, which isn't just strange, it's a disastrous security flaw," John Herrman writes for Gizmodo.
The site's internal tipster doesn't give any certainty, though, only saying Apple will "probably" include a fix in the upcoming iPhone OS update.
Matt Janssen created a video to demonstrate the security flaw. In it, he said that he has been able to find e-mails that are "over three or four months old." He shows off the bug on a second-generation iPod touch using software 3.0, and pulls up a message he deleted from June. When opening the mail through Spotlight, Mail crashes at first, but after opening a second time, the message can be opened in the mail inbox as message "1 of 0."
"These messages are still on the iPod somewhere, even after you delete them, but you can't find them without searching for them," Janssen said. "Like I said, this is a security issue, a bug, and hopefully Apple will fix it in some later releases."
Spotlight search is a new feature of the latest iPhone software, released in June. It offers global search capabilities, which enable users to quickly find apps, notes, e-mails, calendar events, contacts, music and other media files.
[ View this article at AppleInsider.com ]
Story about this was first reported by iPhoneinCanada.ca on August 16th, a day before Cult of Mac.
http://www.iphoneincanada.ca/tips-tr...tlight-search/
Saving things in the trash is for sissies that can't make a decision IMO. I empty my trash every single time there is anything in it on the desktop and I'd love to have the option of simply having things delete when I hit the delete key.
dude. some of us just have a problem with commitment, okay?
actually, if you think about it, it's quite appropriate. follow me here.
some people who have affairs, just want to be caught right? they have a problem with commitment and deep down just want to be caught.
these are the people that are afraid to delete things. they let things pile up in their trash bin. just think of where they'd be if there wasn't a trash bin. when they delete something it would actually be deleted. then their partner would never be able to see it and get mad at them.
throws the whole world off balance. all because someone said commitment was nothing to be afraid of.