Deleted browsing history on safari may not actually be deleted

Elcomsoft, a Moscow-based firm which creates forensics software said that it was possible [Pdf] to retrieve the deleted browser history beyond a year. The Elcomsoft CEO Vladimir Katalov stumbled upon while he was testing out his latest hacking tool to see his safari history on his iPhone. He found that Apple was storing the consumer data in a secret cloud from iCloud called the “Tombstone.”

When Vladimir his phone breaker software to extract the browser history, he found that deleted data upto a year old is still recorded and available. In an interview with Forbes, Katalov claimed “We have found that they stay in their cloud, probably forever,”  records which are deleted from both iPhone and Mac interestingly were termed as “cleared” but not “deleted” in the Safari. These claims are verified by an IOS expert brought in by the Forbes.

Civil rights groups and the privacy security experts could be in uproar with all these revelations. The policy analyst at the American Civil Liberties Union (ACLU), Jay Stanley stated that to Forbes “Overall, assuming that this was a mistake, it is a reminder that storing of data is as default as a technical matter,” he added saying “Browsing history is a very sensitive collection of data. It reveals to people’s interests, concerns, worries and in many cases their every fleeting thought, as well as health information, information on their sexuality”.

“In this release, we added the ability to pull Safari browsing records going back more than one year, and this includes records that have been deleted a long time ago”, says Vladimir Katalov, ElcomSoft CEO. “The user does not have a chance to see these records anywhere on their device or in the cloud, and may not have a clue they even exist.”

Having data that you wish deleted to be then recorded and kept is a breach of trust, people should be comfortable with the knowledge that their commands are carried out accordingly, companies should always follow best practices and make the instructions of the user; hence we always recommend search tools that do not keep records.

 

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil