A new report by blogger C. Harwick suggests that the new Safari 4 beta may have some serious issues when it comes to privacy.
In ~/Library/Caches/Metadata/Safari there are two folders: Bookmarks and History. Inside the history folder Harwick found a file for every webpage he'd visited, regardless of the fact that he set Safari to delete history items in his preferences. He noticed that the files did become slightly more sparse as he traveled through time; however, thousands of files were found. Deleting everything past a week old saved him 100MB.
Hardwick also noticed that the new Top Sites feature in Safari makes a little file for every site, every time it checks on them. it creates a nice XML file for every one of your top sites every 30 minutes (1800 seconds). These are located in ~/Library/PubSub/Feeds/ and given arcane hexadecimal names, and contain whatever turned out to be new on the webpage. Harwick located 24,000 XML files. Deleting everything older than a week he regained 93MB.
The most outrageous thing Harwick found was the massive amount of webpage previews that Safari generates for Quicklook. it took drinking from Spotlight’s firehose of filesystem changes with FSEventer to find it. Safari does not delete the webpage previews it generates for Quicklook. Ever. 2.03 GB of webpage previews (2 per website - a full resolution and a thumbnail), all generated since downloading the Safari 4 beta, residing - not in the user library, not even in the root library - in /private/var/folders/et/etuAKaR1GTeV9DVeRGfst++++TI/-Caches-/com.apple.Safari/Webpage Previews/, a hidden folder far away from the mouseclicks of all but the most relentless tinkerers.
According to Harwick the previews are not deleted by clearing the cache and in his case added up to 2GB in only a few months.
These are all serious privacy concerns making it possible for snooping friends, hackers, or law enforcement to piece together every site you have visited using the browser.
Read More [via CultofMac]
In ~/Library/Caches/Metadata/Safari there are two folders: Bookmarks and History. Inside the history folder Harwick found a file for every webpage he'd visited, regardless of the fact that he set Safari to delete history items in his preferences. He noticed that the files did become slightly more sparse as he traveled through time; however, thousands of files were found. Deleting everything past a week old saved him 100MB.
Hardwick also noticed that the new Top Sites feature in Safari makes a little file for every site, every time it checks on them. it creates a nice XML file for every one of your top sites every 30 minutes (1800 seconds). These are located in ~/Library/PubSub/Feeds/ and given arcane hexadecimal names, and contain whatever turned out to be new on the webpage. Harwick located 24,000 XML files. Deleting everything older than a week he regained 93MB.
The most outrageous thing Harwick found was the massive amount of webpage previews that Safari generates for Quicklook. it took drinking from Spotlight’s firehose of filesystem changes with FSEventer to find it. Safari does not delete the webpage previews it generates for Quicklook. Ever. 2.03 GB of webpage previews (2 per website - a full resolution and a thumbnail), all generated since downloading the Safari 4 beta, residing - not in the user library, not even in the root library - in /private/var/folders/et/etuAKaR1GTeV9DVeRGfst++++TI/-Caches-/com.apple.Safari/Webpage Previews/, a hidden folder far away from the mouseclicks of all but the most relentless tinkerers.
According to Harwick the previews are not deleted by clearing the cache and in his case added up to 2GB in only a few months.
These are all serious privacy concerns making it possible for snooping friends, hackers, or law enforcement to piece together every site you have visited using the browser.
Read More [via CultofMac]