Safari 4 beta leaves data, privacy trail in its wake
There are gigabytes of hidden files accumulating on your Mac. In fact, there are individual jpeg and png thumbnails for every Web page you’ve visited since downloading Safari 4 beta, including images of that “transgender swine in heels” (i.e. the other white meat), Web site you seem so fond of.
Thrica Network has an informative yet somewhat disturbing write up on Safari 4 beta, which most everyone seems to like for its speed and interesting new features, such as Top Sites (see also: How to: Edit, manage Safari 4’s Top Sites).
Cache me if you can
First off is a huge and 99 percent useless trove of files that’s been around since Safari 3 located in ~/Library/Caches/Metadata/Safari/History. Inside this folder is a cache of files, one for every Web page you’ve visited, with each being weighing up to 200K. Though individually small, having thousands of these can quickly eat up a lot of disc space.
Further, even if you have configured Safari to automatically clear History (Safari -> Preferences -> General -> Remove History Items), these files still accumulate and, in my case, throwing them away freed up 172MB. So, yes, you should configure Safari to automatically clear the History, but also manually clear this cache of files, as well.
Tip: Securely empty the trash, Finder -> Finder (menubar) -> Securely Empty Trash
Next up is another file cache that Thrica calls “egregiously unhygienic.” Specifically, the little blue star on each Top Site icon is a function (i.e. has the site been updated) that generates an XML file for everyone one of your Top Sites every 30 minutes. These can be found in ~/Library/PubSub/Feeds/ and dumping these, all 42,685 of ‘em, freed up about 170MB of space on my Mac.
So, tens of thousands of performance choking files removed, accounting for over 340MB of disc space—that’s a lot, right? Well, according to Thrica, Safari 4 beta is hiding an even bigger, multi-gigabyte secret in the dark, unseen places in your Mac’s bowels.
It seems that Quicklook—those purdy, clickable thumbnails in bookmarks view (⌘ + ⌥ + B)—needs feeding and Safari obliges by keeping a secret larder in /private/var/folders/et/etuAKaR1GTeV9DVeRGfst++++TI/-Caches-/com.apple.Safari/Webpage Previews/, which is a hidden folder that’s out of sight and inaccessible to those not schooled in the dark arts (ie command line).
Tip: Check out Slashdot’s Show hidden files in Mac OS X Finder tutorial
That said, on my Mac, this hidden cache was located in the “Zt” folder (ie /private/var/folders/Zt/…), which is different than Thrica’s path, meaning that two character subdirectory will be named differently on your Mac, as well. Deleting these files opened up over 4GB of disc space.
Conclusions
I’ve freed up nearly 4.5GB of disc space and gotten rid of a lot of useless and perhaps embarrassing “stuff.” Tens of thousands of potentially comprising files are gone, so do I feel safer? Given that there was this much junk on my Mac that generated by a single program, it stands to reason there’s even more that Thrica and others have yet to discover.
Moreover, although we’re talking about Safari and Apple in particular, I rather doubt Microsoft, Adobe, IBM or Oracle have any better handle on security and privacy.
I don’t look for or espouse conspiracy theories, but I do firmly believe that complexity is an evil that requires constant trimming and management. Obviously, Apple’s lost control of complexity in Safari, and they need to get back on and ride the tiger before we the users get eaten…
What’s your take?
Related Posts:
May 24th, 2009
The only real hog I’ve seen from Microsoft is the winsxs folder. The caches aren’t too too bad besides that, and Ccleaner takes care of them if you’d prefer a clean machine.
May 24th, 2009
Just use Opera. honest and fast
May 24th, 2009
Safari > Reset Safari… Does checking off the boxes clear all cache locations?
And by selecting Safari > Private Browsing… Does that terminate cache files from being stored?
May 24th, 2009
I checked all these folders on my MacBook Pro and found them to be relatively empty. In all, they totaled no more than 5MB, with the PubSub folder being 4.1MB of that. So, I’m not sure what is going on with the system this article was based upon, but I don’t think its typical.
May 24th, 2009
Partners -> No, these folders aren’t covered by the automatic cache clearing in Safari 4 beta
Aaron -> The guy who wrote the article had huge files, most that commented on his piece had huge files, I have huge files.
Are you running Safari 4 beta?
May 24th, 2009
My MacBook (10.5.7) doesn’t have a folder ~/Library/PubSub
Is the trail correct?
May 24th, 2009
I check all mine and found very little and I’ve been using Safari 4 since it came out. Maybe those files were left over from version 3 and version 4 does not clear them out. Who knows. But yours is probably not the norm.
May 24th, 2009
I used it for 3 days. I did a find on only the files modified those 3 days and found that it created 400M.
May 24th, 2009
You can’t rely on that path in the article to find the preview location. Open up terminal and do:
$ find /private/var/folders/ -type d -name ‘Webpage Previews’
Mine is 1.2G. Ridiculous. Not so much because of the space wasted, as that there is a screenshot of every page I’ve visited since I installed Safari 4. This is a *huge* security problem.
May 24th, 2009
Does turning on Private Browsing cause webpage previews to be generated still in this obscure folder?
May 24th, 2009
Opened Terminal and typed in
$ find /private/var/folders/ -type d -name ‘Webpage Previews’
but nothing happened…
May 24th, 2009
this makes no sense. I have Safari beta 4 on a ppc but there is nothing in ~/Library/Caches/Metadata/Safari/History. The only file is metadata/safari/bookmarks, which is only a list of my current bookmarks.
and no such file as ~/Library/PubSub/Feeds/
I think you have a problem with your analysis.
May 25th, 2009
I checked all of these places out, and had only a small amount of files. I have been using safari 4 beta since the day it came out and upgraded it recently.
I noticed that if you merely clear the history vs reseting safari that there are more files left in the History cache file. However when I reset safari it took care of all of these files.
May 25th, 2009
I checked all of these places out, and had only a small amount of files. I have been using safari 4 beta since the day it came out and upgraded it recently.
I noticed that if you merely clear the history vs reseting safari that there are more files left in the History cache file. However when I reset safari it took care of all of these files.
May 25th, 2009
You can’t copy-paste the command in my previous comment, unfortunately, because the blog replaces single-quotes with some fancy curly quotes. Anyway, here are exact instructions you can follow (including copy/paste) that will open the topsites cache folder in Finder for you:
http://pastebin.com/d4afc00b4
His analysis is not flawed. The way Safari 4 does the top sites preview is by making a screenshot of every page you view (which is stored in the folder referenced above) and saving it as a jpeg.
FYI you can delete these by selecting Safari -> Reset Safari… and unchecking everything but “Reset Top Sites” and “Remove all webpage preview images”. For more advanced users, find the folder it is storing these in, rm -rf it, touch a file by the same name, and make it read only with chmod 0 . This will prevent it from storing the screenshots, at the expense of some syslog spam complaining that it cannot write to the directory.
I agree with the author that this feature is poorly implemented, and hope that there is the ability to disable it when it is out of beta. It should also warn you that a screenshot of every single page you visit on the internet is being saved in an obfuscated directory, as this has serious potential privacy issues. Most people know to clear cache and history, but this is a whole new enchilda.
May 25th, 2009
Oh, an additional complaint about top sites: If the last thing you did on a webpage was a POST (such as making a comment), when it tries to refresh the topsites preview, it will re-issue the POST request, minus the POSTDATA. This usually results in an error message, but could do something bad on less robust sites.
All in all, I feel this feature is both poorly thought-out and implemented, even for beta. I’m not even sure what a webpage thumbnail with unreadable text is supposed to accomplish…
May 25th, 2009
I found all that was listed in the above post and commend the author for bringing it to our attention. I just reclaimed 1.5GB of space.
For those who did not find anything, you looking in the wrong place.
for instance on my system the previews were here
/private/var/folders//wd/wdtD7o+PGXymqyxqCnlGgU+++TI/-Caches-/com.apple.Safari/Webpage Previews/
and
find /private/var/folders/ -type d -name “Webpage Previews”
(just replace the quotes with proper ones as web pasted ones don’t work on the command line)
this command works perfectly
though I had to prefix it with sudo
(which for those who don’t know escalates privileges on the system to root)
There is no problem with this analysis, more likely the technical savvy of some of those commenting.
May 25th, 2009
***
One thing.
You are using BETA software.
Perhaps they are part of the debugging routines.
Hopefully these issues are gone when the final version is done.
May 25th, 2009
I have less than 100 mg of these files.
May 25th, 2009
@Curmudgeon
Private Browsing mode seems to prevent the Webpage Preview images from being made.
May 25th, 2009
I read this article and the Rixstep piece linked on MacSurfers with great interest and a little concern. I then tried OnyX.app’s Cleaning > Internet > Browser Cache + Download Cache + Browser History + Recent Searches and it seems to completely empty all of the offending caches mentioned in the articles.
One non-Safari item of interest was discovered after making the hidden files/folders visible using Cocktail. There were about 10 hidden folders on my desktop with different versions of NetNewsWire mostly betas it seems. Each was about 28mb. I trashed them all.
May 25th, 2009
This entire article is bullshit. I checked each and every one of the supposedly clogged folders and found none of them with any appreciable numbers of files. More over the first folder mentioned (~/Library/Caches/Metadata/Safari/History) was completely emptied by simply clearing the history. No files were left. All of these other caches were cleared by either clearing the history or emptying the cache, two everyday features of Safari, including beta 4.
Again this entire article is total bullshit written by somebody with more time on their hands than knowledge or skills. Yet another scare hit piece by the clueless.
May 26th, 2009
4.8GB in the /private/*/Webpage Previews/
Insane.
Anyone find out how to turn this off? I didn’t try Safari’s self-cleaning features, but this amount of cached data is just idiotic.
May 26th, 2009
Cocktail
cleans a lot of stuff up…
May 26th, 2009
4.7 GB in /private/var/folders/*/Webpage Previews/ which was created on Feb 24, 2009, the day I installed Safari 4 beta for the first time.
May 26th, 2009
To those posters who are saying this article is bullshit, you’re wrong. I would accept that perhaps in your computer, Safari 4 beta is not leaving these trail data behind but on my computer, Safari 4 beta is CERTAINLY (CERTAINLY) leaving this trail data behind. I’ve found them and am currently deleting it.
So, don’t say the article is bullshit. You can say that you computer doesn’t have this trail data problem. Fine. I accept that. But the article is accurate for my computer.
May 26th, 2009
Hmm, posted a somewhat lengthy bit that might have cleared up some possible misunderstandings or problems, but that one got stuck in your blog’s spam filter, as it seems.
May 26th, 2009
It’s a beta.
May 26th, 2009
I believe that the cache files in /private/var/ should be deleted every time you restart your Mac (this includes any from other apps as well). I wonder if the people who are finding huge folders here are just people who rarely restart their Macs and those who aren’t are ones that do? If this isn’t the case, then it sounds like a bug that needs to be squashed, or a routine clearing that needs to be implemented by the Safari developers to prevent it from ballooning.
As for this being a security issue – those files should be inaccessible to anyone other than the user whose account created them and a root user – even an admin should not have access to them (though they would probably be viewable by someone who is able to remove the drive or access it in Target Disk Mode). In other words, this is less severe a security issue that many are making it out to be, but it is still not desirable either both from a privacy and disk usage viewpoint.
May 27th, 2009
Good information is written in this article what an interesting read it is.
May 27th, 2009
so heres a hoot i have safari 3.2.3 and got as far as pulling all the pref out of library and to the desktop (im a new computer owner,1st one at 39 so excuse my lack of terminology)and type ccr and the finder punts out all (and i mean everything,the one armed tranny hookerlol)my history and pics on webcam or my gal my self and the hooker. and i CANNOT erase it. not by putting the pref folder in the trash it doesnt allow access to each file but they stay intact. WTF? help please
May 27th, 2009
and btw ive reset safari everytime ive closed the app.ive had this comp almost 5 months and being my first my gal and i have done everyting a sixteen yr old with a new toy and certainly tested its limits. ive learned about mac g5 the good old fashined way, i crashed 2times and had to rebuild her from that ground up. if i cant delete it i may crash on purpose. is there software to fix this? freeware hopefully,we like freeware thanx,drew
May 27th, 2009
excuse me /com is all it took!!?
May 27th, 2009
Clearing these various locations in my instances cleaned up a couple of GB, but in the scheme of current hard drives sizes, that’s statistically insignificant. Might have been more, but I keep my history set to clear daily.
The author also failed to note that (1) there may be (probably is) more than one instance of a cached Webpage Previews directory under /private/var/folders, and that (2) those -Cache- and -Temp- directories aren’t readable by anyone without a root password. So while clearing them may save space, it isn’t really giving you more than a fractionally improved degree of security.
Plus, as James Katt notes, this is beta software. What it’s leaving behind now isn’t necessarily predictive of what the final version will do.
May 27th, 2009
So whats the consequence of these files being kept on my mac? Does that mean that they’re being sent to Apple or something?
Either way thanks for the info, i tried them all and freed a lot of space.
May 29th, 2009
As Safari is indeed still on Beta I did not really care for the massive file storage. On the other hand, I was quite surprised when I discovered the hidden quicklook folder. Not just that it held 4.5 GB of .PNGs.. I was a bit shocked that you could even simply find PNG shots taken from my online bank account..
June 9th, 2009
Okay, Safari 4 is now released. I just installed it – I have never used 4 betas. So my description below is of an environment where only the Safari 4 release has run.
I have a number of /private/var/folders/*../zzz*/ -Cache- directories, as shown by following the find instruction in this thread. The zzz names vary, and seem to be used for different purposes, containing either -Cache- or -Tmp-.
Those -Cache- and -Tmp- directories are owned by nobody or _underscored_user, chmod 700, so is locked off from casual viewing. And being called -Cache- means that simply cd’ing into it once you’ve sudo chmod 755′d it is quite hard – single or double quotes or escaping the hyphen don’t work, as bash gripes about -C.
So,
sudo chmod 755 -Caches-
tcsh (launches a different shell with arguably better cd name handling)
cd \-Caches\-
ls
will show what’s in the directory. I haven’t found anything yet that matches a PNG screenshot.
fyi.
June 27th, 2009
the final Safari 4.0 release leaves the previews in a different place.
Navigate to ~/Library/Caches/com.apple.safari/Webpage Previews/ Once there, delete all the preview files. Highlight the folder “Webpage Previews” and Get Info on it (command + i). Under “General” information there is a check box to lock the folder. Click it.