Yesterday Russian computer forensic firm Elcomsoft rang the alarm, warning that it was possible to extract users’ Safari browsing history over a year after the user believed that they had deleted their browsing history.
“We discovered that deleting a browsing history record makes that record disappear from synced devices; however, the record still remains available (but invisible) in iCloud. We kept researching, and discovered that such deleted records can be kept in iCloud for more than a year.”
Forbes reporter Thomas Fox-Brewster confirmed the behaviour, discovering almost 7000 “deleted” records from his browsing history dating back to November 2015. Each entry was accompanied by a counter for how many times the webpage had been visited, and the time and date that the history item had been “deleted”.
Obviously this is a concern. A user’s browsing history can be highly sensitive, and Safari users would have an expectation that if they had deleted entries from their browser history it should have been… you know… properly deleted rather than simply hidden out of a regular user’s sight.
As more than one wag has pointed out, when Apple’s privacy statement declares:
“Apple does not retain deleted content once it is cleared from Apple’s servers.”
that’s rather different from saying:
“Apple does not retain deleted content once it is deleted by the user.”
So, what’s going on here? Well, it appears that the problem was associated with Apple users’ ability to sync their Safari browsing history to iCloud accounts, letting them easily access previously visited sites from other linked devices using the same Apple ID.
If you had not chosen to sync Safari with iCloud it looks like you weren’t at risk. Similarly the history of anywhere you visited during a Private Browsing session had also not been collected – which I’m sure will be a huge relief to many.
The hullabaloo about deleted histories being not really deleted seems to have stirred Apple into taking action, with Elcomsoft reporting that Safari browser data stored in iCloud now seeming to be properly wiped if it is more than two weeks old.
Of course it would be great if Apple would be a little more transparent and explain what has happened, and what steps it has taken to reassure customers – but maybe that’s just expecting too much…