We know that Google tracks a user’s online search habits, and which websites they browse to and fro, but just how deep does that tracking go? For example, in Safari or Chrome, if I type in a URL to a sign-in website, does Google now know that URL because it’s the default search engine? Or, does it Remember the URL I put into Chrome?
I don’t have an answer but I have a growing concern that whatever we type into an app that goes online goes somewhere else. Can you say, ‘Browser History?’ Yes, the browser history is on my Mac, iPhone, and iPad, but does that history go somewhere else only to be downloaded and viewed by hackers, or government spooks?
So says a Russian forensics firm which says they extracted years of web browsing records from iCloud, Apple’s online cloud storage system. Russell Brandon has some of the scurrilous details, but the basic gist is this:
- Apple has been storing browser history on iCloud
- Apple now deletes browser history beyond two weeks
- Apple has not explained exactly what happened
Did you know your browser history from your Mac gets synced to your iPhone? I didn’t, either, but that’s more because I put in a few safety valves and purposely delete my Safari and Chrome browser histories, automatically, or manually.
Or, at least I thought they were deleted.
A couple of years ago I wrote about a utility I use to manage cookies and– so I thought– delete browser history. It’s a great app called Cookie which runs all the time on my Mac and deletes the Safari and Chrome browser history– and any cookies every x-number of minutes. Try it. You’ll like it.
Apple might think that synchronizing the browser history between Safari on the Mac and Safari on iPhone or iPad is a good thing, and I can see where it would be convenient, but it’s not something I want to do, and I suspect many of Apple’s customers feel the same way.
Supposedly, when you clear a browser history on, say, Safari on the Mac, it gets cleared for iPhone and iPad, too. A certain aforementioned Russian forensics firm might say otherwise. They found plenty of records which said browser history was deleted but the data remained and was clearly visible– and dated back to late 2015.
All of this begs the question, “How secure is iCloud?”
We know text messages in Messages are encrypted end-to-end but law enforcement agencies who capture one of the ends captures the other end, too. We know there isn’t really a safe and secure email system usable by mere mortals. But what about all the other files we save in our Mac’s Documents folder that gets synced to iCloud Drive? Where’s the security? True, all you need is an Apple ID and the right password and you’re in, but the Russian forensics experts didn’t have either and they found plenty of data including site names, URL’s, visit dates and times, and more.
Late last year I took some heat from readers about recommending an online backup system instead of Apple’s own Time Machine. The app is called Arq and it encrypts files and stores them to online cloud services, Amazon’s inexpensive S3 service among many. That means they’re encrypted so you’re the only one who can open the file, and it’s moved off premise to the cloud. Isn’t that supposed to be one of the benefits of iCloud and iCloud Drive?
I want to trust my online storage vendors, but more and more they need to prove they have earned my trust. Apple is on the bubble.