Linked by Thom Holwerda on Tue 26th May 2009 03:57 UTC
Privacy, Security, Encryption The Safari 4 beta is having a little bit of trouble cleaning up after itself, as has been revealed by C. Harwic on his blog. Safari 4 is still in beta, so it's easy to forgive the browser for this rather sloppy housekeeping, which left gigabytes (!) of browsing data in weird places all over your filesystem, even after cleaning the caches or history. Still, this does raise a few questions.
Order by: Score:
It isn't about pr0n...
by merkoth on Tue 26th May 2009 04:30 UTC
merkoth
Member since:
2006-09-22

It's basic software behaviour: To follow the user's orders. If I say "delete everything" the software must do as I say.

But this is what betas are meant for: Getting the thing on the user's hands so they can let the developers know what they think about the software. Fixing this should be trivial for Apple.

Reply Score: 3

RE: It isn't about pr0n...
by Delgarde on Tue 26th May 2009 04:51 UTC in reply to "It isn't about pr0n..."
Delgarde Member since:
2008-08-19

It's basic software behaviour: To follow the user's orders. If I say "delete everything" the software must do as I say.


At which point it does what you say, and wipes the disk. ;)

Reply Score: 3

RE[2]: It isn't about pr0n...
by Buck on Tue 26th May 2009 06:34 UTC in reply to "RE: It isn't about pr0n..."
Buck Member since:
2005-06-29

Haha, that's a good one!

Reply Score: 2

RE[2]: It isn't about pr0n...
by merkoth on Tue 26th May 2009 10:30 UTC in reply to "RE: It isn't about pr0n..."
merkoth Member since:
2006-09-22

"It's basic software behaviour: To follow the user's orders. If I say "delete everything" the software must do as I say.


At which point it does what you say, and wipes the disk. ;)
"

If it carries the Apple brand, probably not ;)

Reply Score: 1

RE: It isn't about pr0n...
by steogede2 on Tue 26th May 2009 11:05 UTC in reply to "It isn't about pr0n..."
steogede2 Member since:
2007-08-17

>> It's basic software behaviour: To follow the user's orders. If I say "delete everything" the software must do as I say.

Not in the world of Apple - the Apple product I am most familiar with, the iPhone has several caches which can't easily be deleted. Safari will delete most of your private data if you tell it to, but it won't delete your google search terms, unless you switch your default search engine to Yahoo and back. So far as I can tell there is no way to the various bits of history held by the YouTube and Google Maps apps. This isn't because the software is beta, it is because they are morons.

Reply Score: 3

It's a bug
by sakeniwefu on Tue 26th May 2009 05:10 UTC
sakeniwefu
Member since:
2008-02-26

It's nothing more than an annoying bug in beta software, it could have formatted your HD, cheer up.

Privacy is not an issue, because (hopefully) not even other unprivileged users in your machine can access your cache even if it is in their home directory.

If they (or the hackers and malware) can, you should answer this, it is easier for them to infringe on your privacy by analyzing garbage left by Safari, or read the password file from your profile and know all your passwords and urls to your banking accounts?

At least for Firefox, reading the plain-text passwords from the passwords file is trivial and any kid that can move files around could do it(as long as you don't use a master password).

Google, the government, and your employers(the usual suspects for paranoids) do not have access to your HD yet, so no privacy violations from them either.

Reply Score: 2

RE: It's a bug
by Cymro on Thu 28th May 2009 21:35 UTC in reply to "It's a bug"
Cymro Member since:
2005-07-07

Indeed - iTunes 2 deleted your hard disk if the name started with a space!

Reply Score: 1

it's not a bug, it's a feature!
by puenktchen on Tue 26th May 2009 06:47 UTC
puenktchen
Member since:
2007-07-27

and it hasn't been introduced with safari 4 beta, but way back with osx 10.5.2, as safaris caches were moved out of the home directory for braindead performance reasons. the snapshots of websites which safari 4 takes only make it worse.

http://www.sanneblad.se/johan/?p=123

so i don't think apple will change this suddenly after more than a year. they should at least offer an option to move the caches back where they belong if they choose to sacrifize security to performance.

Reply Score: 4

Not here
by sphexx on Tue 26th May 2009 07:06 UTC
sphexx
Member since:
2005-07-06

The folder "/private/var/folders/et/etuAKaR1GTeV9DVeRGfst++++TI/-Caches-/com.app le.Safari/Webpage Previews/" does not exist on my system but I have a similar one but "/ez/ez" etc and it only contains files up to 1 month old.

Latest Leopard & Safari 4 on G5 Powermac.

Reply Score: 1

RE: Not here
by Thom_Holwerda on Tue 26th May 2009 07:44 UTC in reply to "Not here"
Thom_Holwerda Member since:
2005-06-29

The folder is different for everyone, and hidden.

Reply Score: 2

RE[2]: Not here
by sphexx on Tue 26th May 2009 14:42 UTC in reply to "RE: Not here"
sphexx Member since:
2005-07-06

The folder is different for everyone, and hidden.

And your point is ... ?

Reply Score: 1

FUD
by nywles on Tue 26th May 2009 08:25 UTC
nywles
Member since:
2009-01-16

What a load of FUD. When you go to the 'Reset Safari...' option and select 'Reset Top Sites' and 'Remove all webpage preview images', Safari cleans up perfectly. It takes a few minutes so be patient. Besides, both the "-Caches-" directory and the "Webpage Preview" directory are only accessible by the user that's running Safari, not more nor less safe than when it was in your home directory.
Perhaps you should double check emotional articles like this. ("But even this isn't the worst of it. The most outrageous thing I found...", Seriously? "I really like Safari, but I’m going to have to seriously consider using Firefox now (ack)." Ahh, the typical outraged user threat, this should've set off the alarms that this article might not be entirely objective.) Here's a fun one: "I can’t think of a good reason they couldn’t have at least put it in the user library with everything else: hiding it there is nothing short of deceptive." Try this: Performance reasons. When your profile is stored on a server you don't really want Safari to pull all this stuff over the network all the time. Stop implying malicious intent by using words like 'depective' when you admit that you don't know.

Reply Score: 5

RE: FUD
by puenktchen on Tue 26th May 2009 09:14 UTC in reply to "FUD"
puenktchen Member since:
2007-07-27

Besides, both the "-Caches-" directory and the "Webpage Preview" directory are only accessible by the user that's running Safari, not more nor less safe than when it was in your home directory.


but my home directory is encrypted with filevault and this directory definitely isn't. in my book this is a serious breach of privacy. and it seems as if other applications also use a place outside the home directory for temporary user data:

http://lists.apple.com/archives/x11-users/2007/nov/msg00737.html

yes, that's november 2007, so this problem has existed since leopards creation.

btw: du -ch {~/Library/Caches/,`getconf DARWIN_USER_CACHE_DIR`}com.apple.Safari
will show you the caches used by safari and their size. 1.9 gb on my macbook right now.
activity monitor -> safari -> inspect -> open files and ports should also do the trick.

ps: "clean caches only cleans the small cache remaining in the user directory. resetting safari also cleans most of the other caches, but leaves 200 mb ot of 1,8 gb on my computer.

Edited 2009-05-26 09:34 UTC

Reply Score: 5

What's up with the odd locations?
by WereCatf on Tue 26th May 2009 12:30 UTC
WereCatf
Member since:
2006-02-15

A well-designed application saves all of its own data under one location, not spread all over the system, and if there is something that can be shared with other applications then save that data in a well-known shared location. But what's up with Safari4 saving its stuff all over the place and even trying to hide some of it? Such behaviour shows poor planning and choices being made, and trying to hide some stuff could of course be just another mistake, but it could also be something more sinister.

Reply Score: 2

bousozoku Member since:
2006-01-23

A well-designed application saves all of its own data under one location, not spread all over the system, and if there is something that can be shared with other applications then save that data in a well-known shared location. But what's up with Safari4 saving its stuff all over the place and even trying to hide some of it? Such behaviour shows poor planning and choices being made, and trying to hide some stuff could of course be just another mistake, but it could also be something more sinister.


That shouldn't be a big surprise, given the new tab interface. They're probably hellbent on trying things and not worrying too much about space used.

Also, people have to remember that Mac developers aren't necessarily UNIX developers, so putting things where you expect them won't always be the case. On a 1 user system, there are 3 separate Library folders for things like these.

Besides that, as each update requires a system restart, I'm reminded that Safari is not just a browser but that WebKit is used all over the place.

Reply Score: 2

dvhh Member since:
2006-03-20

Besides that, as each update requires a system restart, I'm reminded that Safari is not just a browser but that WebKit is used all over the place.

You mean like Trident ( Internet Explorer ) in Windows (sure Apple dev wouldn't be that stupid, right ?).

Reply Score: 1

bousozoku Member since:
2006-01-23


You mean like Trident ( Internet Explorer ) in Windows (sure Apple dev wouldn't be that stupid, right ?).


Yes, like that. Apple have done a few things that seem more than a bit stupid or shady.

Obviously, Safari isn't any worse than Internet Exploder in that way, but in another example, why should a person have to use Apple's application to change which mail or browser application is the default? In the early releases of Mac OS X, they had an Internet preference pane, similar to the one in Mac OS 8/9.

Reply Score: 2

Delgarde Member since:
2008-08-19

but it could also be something more sinister.


Well, yes - it *could* be something sinister. But if so, it's a pretty incompetent job of it - the files don't seem to have been obfuscated or any attempt made to protect them from prying eyes, they're just not in the obvious place they should be. No conspiracies here.

Reply Score: 1

What about Safari under Windows
by adinas on Tue 26th May 2009 12:36 UTC
adinas
Member since:
2005-08-17

Is it consuming large amounts of my Hard disk without my knowledge?

Reply Score: 2

A standard to keep
by fretinator on Tue 26th May 2009 14:01 UTC
fretinator
Member since:
2005-07-06

People complain about Vista, but most of the UAC dialogs and broken apps were due to applications trying to write outside the users home profile directory - a real "no no", but one that Window's developers have been doing for years (I know I used to!). On Unixish OS's, this has always been the standard - apps write to your home directory. Only servers/services can write elsewhere. Safari is certainly not a server, and has no business writing outside the home directory. End of story.

Reply Score: 4