It really surprises me that by now Apple has allowed a privacy and therefore security bug that OS X has been dragging for a long time, this failure is a known defect in the implementation of Safari regarding private browsing where the browser would save by default the address of each and every one of the websites that users visit a file but locallyEven after closing windows and exiting Safari, it is still present in the latest versions of OS X Yosemite.
The error is reproduced as part of the cache usage mechanism that does Safari for favorite icons (favicons), which are neither more nor less than the small images that appear next to web addresses in the URL address bar and favorites bar. The favicon and the web address go together with each visited site (even if it has been opened in a private browsing window) they are also stored in a SQLite database inside the user's home folder.
This database, found in ~ / Library / Safari / WebpageIcons.db, this file is incomprehensibly not even encrypted to prevent possible information theft. The most serious thing is not that the file in question is not encrypted, but rather that it is a failure that has been known for years in a computer analysis report carried out by the newspaper EURASIP (The European Association for Signal Processing) that confirmed that the form easier to see the browsing history even having been "deleted" by the user was to access this database "WebpageIcons". The authors of the report stated:
This database provides an excellent record of each URL visited along with other related information regarding navigation.
Even in the latest beta of OS X Yosemite 10.10.3 build 14D98g, which was released earlier in the week with developers confirming that the issue remains unaddressed. Even if we get to the point of completely restoring the browser, the data will still be valid in WebpageIcons.db.
Let's hope that Apple echoes this failure once and for all, which depending on which business environments it can be a serious privacy problem for the user.
