
iCloud was storing cleared browsing histories - shawndumas
http://www.theverge.com/2017/2/9/14559376/apple-icloud-cleared-browsing-history-stored
======
furyg3
After a crash Safari is nice enough to restore your open windows and tabs...
I've noticed several times that it's also nice enough to re-open your private
browsing windows, too. That throws up some red flags for me.

~~~
abalone
That's a MacOS thing, not just a Safari thing. Windows stay open until you
close them, even across restarts. MacOS, like iOS, has mostly retired the
concept of "quitting an app kills state".

(You can go back to the old behavior via a system setting: "Close windows when
quitting an app")

~~~
saurik
This feature isn't some kind of evil magic... it isn't like it is serializing
the virtual memory state of the entire process to disk in the style of
unexec(): programs have to manually decide what they think matters for their
suspension state; correspondingly, if this happens, Safari would have to be
incorrectly saving information that the user clearly doesn't expect or want.

~~~
abalone
_> Safari would have to be incorrectly saving information that the user
clearly doesn't expect or want._

This is vestigial thinking from the MacOS perspective. The concept of "saving"
is gone. The concept of "memory state" versus "disk" is gone, from the user
perspective. Those are all implementation details now. For the user it's
simply, your windows stay open until you close them. Quitting does not close
windows, so it's not unusual to see them when you return to an app.

By the way, Safari in iOS does exactly the same thing. And given that iOS
kills apps on its own, there would be no question that randomly killing
private sessions would be a bug.

I mean maybe you could distinguish between a force quit and an OS quit, but
why? Just close the windows if you want to clear them. The private window
guarantee is there will be no trace after you close the window. It's just
vestigial thinking that quitting apps also closes windows.

------
neotek
Sounds like a mistake rather than some nefarious data collection strategy.

Apple doesn't rely on advertising revenue like Google or Facebook so in the
past they've been much more likely to _avoid_ collecting data whenever it
could get in the way of their self-professed privacy narrative.

~~~
kartickv
Storing data on Apple's cloud services is a privacy risk given their inability
to keep it secure. We had the celebrity iCloud hack, caused at least in part
by Apple not using 2FA for iCloud logins. And now this privacy failure.

Storing your data on a cloud service that isn't competent is a privacy risk.

And a reliability risk, as I found out last year when my albums on iCloud
Photos disappeared. Not the photos themselves, just the albums in which I
organised them, but organising data can take a lot of time, and any data loss
is unacceptable. They weren't in trash.

Apple's "self-professed privacy narrative" is partly right, but partly
marketing, and partly disingenous, as if collecting data has no other purpose
than advertising: [https://dcurt.is/privacy-vs-user-
experience](https://dcurt.is/privacy-vs-user-experience) To be clear, I'm not
taking a black-and-white view; it's partly right, partly wrong.

BTW, The Verge wasn't clear — was the forensics firm getting data from an
iDevice or Mac's local storage, or across the Internet from iCloud servers?

~~~
izacus
Apples approach to security is nicely summarized by the fact, that you're not
allowed to use 2FA for iCloud at all on a Mac if you don't own an iPhone.

~~~
simonh
Both two step authentication and two factor authentication can be set up to
use text message or phone call verification to an arbitrary phone number.

~~~
izacus
According to this: [https://support.apple.com/en-
us/HT204915](https://support.apple.com/en-us/HT204915)

a "trusted device" is only an Apple device, phone calls are for backup when
you lose them. Even after that it's significant inconvenience in comparison to
any other vendor using a standardized OTP approach working with any
application that implements the standard. It's one of the little ways how
Apple makes not owning an iOS device inconvenient for mac users.

~~~
madeofpalk
It's extremely confusing, but Apple has two types of multple-factor
authentication solutions in use.

The 'legacy' (my phrasing, only because it was the first implemented) MFA is
SMS-based, and thus has not dependency on iPhones.

There's a newer (about a year or two old by this point) solution which has a
'richer user experience' and depends on having other Macs or iPhones to
receive the MFA authentication dialogs.

~~~
glhaynes
The newer solution ("Two-factor authentication") also allows non-Apple phones
to receive a code on their "trusted phone number". From the support page
linked in a nearby comment:

 _What if I don’t have access to a trusted device or didn 't receive a
verification code?

If you're signing in and don’t have a trusted device handy that can display
verification codes, you can have a code sent to your trusted phone number via
text or a phone call instead. Click Didn't Get a Code on the sign in screen
and choose to send a code to your trusted phone number. You can also get a
code directly from Settings on a trusted device._

------
feelix
If you're concerned about artifacts being left around, then you should also
know that there is a log file of every file you've ever downloaded, including
in private browsing mode. You can see it with this:
[https://macdaddy.io/cleandisk/](https://macdaddy.io/cleandisk/)

~~~
skissane
Today I learned that
$HOME/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 is a
sqlite database. The LSQuarantineEvent table contains every file you ever
downloaded, the source URL is in the LSQuarantineDataURLString column.

sqlite3 $HOME/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
'select LSQuarantineDataURLString from LSQuarantineEvent'

sqlite3 $HOME/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2
'delete from LSQuarantineEvent'

~~~
petrikapu
Select gives me 22 rows. I'm pretty sure I've download much more. Maybe per
session?

~~~
skissane
I saw stuff in there I downloaded days or maybe even weeks ago. (Couldn't tell
you exactly when since I've deleted it all now.) I've heard reports of people
seeing downloads from years ago.

Here is a SQL to view timestamps:

SELECT datetime(LSQuarantineTimeStamp + 978307200, "unixepoch", "localtime")
as LSQuarantineTimeStamp from LSQuarantineEvent

(Based on
[http://www.forensicswiki.org/wiki/Mac_OS_X](http://www.forensicswiki.org/wiki/Mac_OS_X)
with modification.)

In my testing, only downloads from Safari are logged here, not those from
Firefox (haven't tested Chrome). If you don't use Safari as your primary
browser, that might explain not seeing many downloads.

------
9gunpi
Apple engineers are not different from the rest of people - deliver first, fix
when fails. Wiping tombstones in constantly-syncing environment is a
cumbersome piece of engineering.

------
r721
That's why I'm wary of browser sync as a concept. Maybe it's not as
convenient, but I would better transfer bookmarks as an export file, and
passwords as a password manager encrypted container. As for browsing history
I'm not even sure it has any long-term importance - useful browsed links can
be bookmarked, saved to delicious/diigo/pinboard, tweeted, upvoted on
reddit/hn, whatever.

~~~
CaptSpify
FF used to have browser-sync that you could send to your own server. Last I
checked they had disabled it, but I wish it could be revitalized.

~~~
pmontra
I didn't try but it doesn't seem to be disabled. They have two guides

Self hosted sync server [https://docs.services.mozilla.com/howtos/run-
sync-1.5.html](https://docs.services.mozilla.com/howtos/run-sync-1.5.html)

Self hosted accounts server [https://docs.services.mozilla.com/howtos/run-
fxa.html#howto-...](https://docs.services.mozilla.com/howtos/run-
fxa.html#howto-run-fxa)

The latter includes instructions about how to add the accounts server url to
about:config

~~~
mziulu
Can confirm, still works fine as it always did.

------
driverdan
Original, non-blogspam article:
[http://www.forbes.com/sites/thomasbrewster/2017/02/09/apple-...](http://www.forbes.com/sites/thomasbrewster/2017/02/09/apple-
safari-web-history-deleted-stored-icloud/)

------
marricks
That's not good, but at least they had this going for them?

> Unlike most iCloud data, the records don’t seem to have been accessible to
> law enforcement requests. Apple declined to comment when reached by The
> Verge.

~~~
yakult
I would like more clarification as to what this means. Does this mean the
histories are purely client-side? If that's not the case, I don't see how they
can make this claim.

~~~
gilgoomesh
That whole sentence seems mistaken since _no_ iCloud data is available to law
enforcement. iCloud is AES encrypted with keys that are held by the user-only
(not Apple).

As people have pointed out, yes, Apple is a trusted part of the system and
could release a new iOS/macOS update that captures these keys but short of
that, neither Apple nor law enforcement have any access to your iCloud data.

~~~
tinus_hn
If that were really the case, how could you restore your data to a new iPhone?
It's probably like the Dropbox encryption: its encrypted but they do have the
key.

~~~
Zr40
The key could be encrypted using the account password.

------
leecarraher
backup system probably supports do not follow links, just need to add safari
cache to the list. seems pretty innocuous. And if you are doing illegal stuff
in your non-private browsing session, on a device that automatically backs up
all of your data to the cloud... pretty sure you've left plenty of paper trail
elsewhere.

------
VeejayRampay
Doesn't matter, it's Apple and not Microsoft or Google, all is forgiven.

