Apple iCloud Hoards 'Deleted' Browser History Going Back More Than A Year

[steven36]

If you think clearing your web browsing history on your iPhone or Mac is going to make your online habits permanently disappear, you'd be wrong. Very wrong. According to the CEO of Russian hacking tool creator Elcomsoft, Apple is storing Safari histories in the iCloud going back more than a year, possibly much longer, even where the user has asked for them to be wiped from memory.

 

Customers check out the new Apple iPhone 7 at the Apple Store at the Grove in Los Angeles on Friday, Sept. 16, 2016

 

 

If you think clearing your web browsing history on your iPhone or Mac is going to make your online habits permanently disappear, you'd be wrong. Very wrong. According to the CEO of Russian hacking tool creator Elcomsoft, Apple is storing Safari histories in the iCloud going back more than a year, possibly much longer, even where the user has asked for them to be wiped from memory.

 

 

Elcomsoft chief Vladimir Katalov told FORBES the iPhone maker kept a separate iCloud record, titled "tombstone," in which deleted web visits were stored, ostensibly for syncing across devices. Katalov told me he came across the issue "by accident" when he was looking through the Safari history on his own iPhone. When he took Elcomsoft's Phone Breaker software to extract data from the linked iCloud account, he found "deleted" records going back a year. (Apple calls them "cleared" in Safari, not "deleted").

 

 

"We have found that they stay in the cloud, probably forever," Katalov claimed.

Your reporter tried clearing his Safari (version 10.0.2 on Mac OS X) history and then ran the Phone Breaker tool on his iCloud account. It returned nearly 7,000 "deleted" records going back to 27 November 2015. They were accompanied by a visit count as well as the date and time the history item was deleted. There were also Google searches, the full terms of which were visible in the Elcomsoft control panel. Fresh Safari activity that I hadn't cleared was given the status "actual."

 

 

 

FORBES also had an iOS forensics expert validate Katalov's claims. The expert, who asked to remain anonymous, found the Elcomsoft Phone Breaker tool recovered 125,203 browsing history records going back to the same 2015 date, even though the Safari cache had been cleared. The expert also found Notes they'd supposedly deleted, but the Notes went back only a short period, less than 30 days, indicating Apple was purging them regularly.

 

 

It's unclear just how or why Apple is storing cleared browsing history for such a long period. It would appear to be a design issue rather than anything suspicious, and is likely to do with the syncing mechanism between iOS, Mac OS X and Apple servers. Consumer cloud services like iCloud, by their nature, require records of delete requests to remain accessible for stretches of time, as users may have devices turned off that need to come alive again before they can sync and remove the browsing history. The fact that Apple didn't hide the deleted records indicates it wasn't a purposeful data retention effort, but an oversight, according to the forensics expert. Effective encryption and a different design would help hide the information from both Apple and probing tools like Elcomsoft's Phone Breaker, the source added.

Jay Stanley, senior policy analyst at the American Civil Liberties Union (ACLU), said companies had to be very careful to follow best practice and delete users' data when requested. "Overall, assuming this was a mistake, it's a reminder that storing and retention of data is the default as a technical matter," Stanley said.

 

 

Quote

 

"Browsing history is a very sensitive set of data. It reveals people’s interests, concerns, worries and in many cases their every fleeting thought, as well as health information, information on their sexuality.

"It's vital that people are able to trust that they can be in control of that kind of information. It's one reason we advise using search tools that don’t store your history."

There's no evidence law enforcement has been able to access such data, if the feds even knew they could get it in the first place. And remote attacks by criminals would be difficult: Phone Breaker requires the hacker to have access to a target's iCloud login credentials or an authentication token stored on the victim's device. Katalov's disclosure, ironically, will also lead to the imminent redundancy of the very Phone Breaker feature that came from his discovery, which went live only this morning.

 

 

 

Not that he appears that bothered. "Money is not the main thing we work for," said Katalov, in our email correspondence. "But we are still going good. There are enough features in our products that are quite useful for many customers, from consumers to law enforcement, that do not rely on vulnerabilities. And finally, quite a lot of research is in progress - we will always find something new."

Elcomsoft is best known not for aiding any law enforcement activity, but for a salacious episode in the history of Apple hacks: reports alleged it was used by snoops who stole celebrities' nude pictures stored in the iCloud. The so-called "Fappening" attacks saw images belonging to the likes of Jennifer Lawrence and Kate Upton leaked online, and the perpetrators sentenced to prison.

 

 

Apple in patch mode... and an easy fix

Apple declined to comment on Elcomsoft's findings.

But a source with knowledge of the matter told me Apple has updated iOS and Safari to make it harder. Starting with Safari 9.1 and iOS 9.3, when users delete browsing history, the URLs are turned into hashes -- that's when plaintext is represented by a collection of digits and letters after being put through an algorithm. That goes some way to stopping any potential snoops looking at the data, though it hasn't prevented Elcomsoft's tool from grabbing the information from the latest versions of Safari.

 

 

Expect Apple to continue plugging holes that Elcomsoft finds, though, as it has done with other recent public disclosures by Katalov. In cases such as this, the user won't need to do a thing, as the fixes will be done on Apple's servers. Nevertheless, as the Cupertino giant recommends, using the most recent software versions will keep customers' safer from privacy invasions.

In the meantime, it's possible to turn Safari syncing off to avoid the problem altogether. Apple has a good guide about how to turn iCloud features on and off here.

 

 

UPDATE Shortly after publication, FORBES was contacted by Katalov and another source, who claimed that their old records were disappearing. It appears, they said, that Apple is purging. There was no update from Apple, however.

 

By Thomas Fox-Brewster

https://www.forbes.com/sites/thomasbrewster/2017/02/09/apple-safari-web-history-deleted-stored-icloud/

[straycat19]

I don't trust Apple, I never have.  They are famous for capturing data without informing users of the fact.  Until Windows 10 came on the scene, and the updates to Windows 7 and 8.1 that increased the data collection appeared, Windows was the safer choice as far as privacy was concerned.  Now the only option for privacy is Linux, where an informed user can control the data on his computer.

[David]

everything need to come to the light of day for the big players do something...

[steven36]

2 hours ago, straycat19 said:

I don't trust Apple, I never have.  They are famous for capturing data without informing users of the fact.  Until Windows 10 came on the scene, and the updates to Windows 7 and 8.1 that increased the data collection appeared, Windows was the safer choice as far as privacy was concerned.  Now the only option for privacy is Linux, where an informed user can control the data on his computer.

Most been living in state of false sense of privacy every since 2011 when Google changed there privacy policy  and i stop using Gmail also i stopped using Yahoo and facebook, Truth is i never trusted Microsoft ether I used XP Antispy  way back when so them spying on you, is nothing new.. if you look up old info ..just like  people say Windows 10 spy on you ..The same thing was said  about every windows since Windows  me   but as far as I know unless you use use a Microsoft browser on Windows they don't keep you're browser data tell this day, at lest you have a choice. but still Google is selling you're data on most other browsers anyway.witch is worse.

 

You remember back in  the early 2000s when everyone use too install  freeware with spyware and stuff millions of people installed programs to download songs and other media  and infected themselves back then there was not even a opt out only way you could get a clean version was get a version were some reverse engineer removed the spyware also PC makers sold cheap pcs full of spyware in the mid 2000s before . not very much different today  just now its the OS vendors do it instead.

 

 

 

 

 2006-07-01  Virus Bulletin :: Malware, the new driver of PC sales

https://www.virusbulletin.com/virusbulletin/2006/07/malware-new-driver-pc-sales/

 

 

P2P Software: Adware Inside

https://www.pcpitstop.com/spycheck/p2p.asp

NSA Built Back Door In All Windows Software by 1999

http://www.washingtonsblog.com/2013/06/microsoft-programmed-in-nsa-backdoor-in-windows-by-1999.html

 

 

[David]

thank you...  will read that