|Home » Security
Apple's Phony Consumer Protection
Users wide open to privacy attacks.
CUPERTINO (Radsoft) — Apple may boast a lot about their heartfelt concern for user safety, and Tim Cook might like to profile himself in that vein, but when it comes to protecting the safety/integrity of their computer users, the Cupertino company must come up next to last with Microsoft, scandalously far behind their Unix cousins.
The 'hidden' directory .DocumentRevisions-V100, placed at the top of their filesystem hierarchy, is but one example. And there are myriad further examples.
Dealing with a system and way of thinking where openness and impartiality are supreme, Apple established a new norm, with a focus on secrecy and dissembling.
The twists and turns and legerdemain they used to fight off closer inspection of their 'cheat' in supporting Unix hard links is of course legendary today. Their root directory is a small kennel of weird dotted files.
% ls -d1 .*
.HFS+ Private Directory Data?
[That question mark ('?') at the end of the filename '.HFS+ Private Directory Data' above, in case you're wondering, is the unprintable escape character 'carriage return' ('\r') which is deliberately used to thwart inspection by computer science. Apple find it rather embarrassing when outsiders keep coming upon their dirty secrets.]
But what's in .DocumentRevisions-V100? Good question. For it seems to contain a sort of history of everything you've downloaded and processed on your local machine. The reason and rhyme aren't known and aren't even interesting. What is interesting is that they're a tangible privacy threat.
There are many interesting - and potentially compromising - files in the .DocumentRevisions-V100 hive. One such file is a SQLITE file which seems to function a bit as a 'rolling history' of filesystem activity.
This file can grow and grow and grow to extreme proportions. It doesn't seem to ever be pruned. It just keeps on growing.
Here's a bit of a taste. Note that file paths, save their extensions, can be redacted in this representation. They're exposed and preserved in their entirety by Apple.
0000000000000036 h0SQLite format 3
0000000000000730 CREATE TABLE state (v)
Apple consumers concerned about their rights and privacy should inspect .DocumentRevisions-V100 and purge the files therein on a regular basis.