|Home » Industry Watch
Apple's Phony Consumer Protection
Users wide open to privacy attacks.
CUPERTINO (Radsoft) — Apple may boast a lot about their heartfelt concern for user safety, and Tim Cook might like to profile himself in that vein, but when it comes to protecting the safety/integrity of their computer users, the Cupertino company must come up next to last with Microsoft, scandalously far behind their Unix cousins.
The 'hidden' directory .DocumentRevisions-V100, placed at the top of their filesystem hierarchy, is but one example. And there are myriad further examples.
Dealing with a system and way of thinking where openness and impartiality are supreme, Apple established a new norm, with a focus on secrecy and dissembling.
The twists and turns and legerdemain they used to fight off closer inspection of their 'cheat' in supporting Unix hard links is of course legendary today. Their root directory is a small kennel of weird dotted files.
% ls -d1 .*
.HFS+ Private Directory Data?
[That question mark ('?') at the end of the filename '.HFS+ Private Directory Data' above, in case you're wondering, is the unprintable escape character 'carriage return' ('\r') which is deliberately used to thwart inspection by computer science. Apple find it rather embarrassing when outsiders keep coming upon their dirty secrets.]
But what's in .DocumentRevisions-V100? Good question. For it seems to contain a sort of history of everything you've downloaded and processed on your local machine. The reason and rhyme aren't known and aren't even interesting. What is interesting is that they're a tangible privacy threat.
There are many interesting - and potentially compromising - files in the .DocumentRevisions-V100 hive. One such file is a SQLITE file which seems to function a bit as a 'rolling history' of filesystem activity.
This file can grow and grow and grow to extreme proportions. It doesn't seem to ever be pruned. It just keeps on growing.
Here's a bit of a taste. Note that file paths, save their extensions, can be redacted in this representation. They're exposed and preserved in their entirety by Apple.
0000000000000036 h0SQLite format 3
0000000000000730 CREATE TABLE state (v)
Apple consumers concerned about their rights and privacy should inspect .DocumentRevisions-V100 and purge the files therein on a regular basis.
The Rixstep Take
This is nothing new. Apple bet the farm on coopting independent software distribution and never cared about system or user security.
Conscientious Unix professionals should immediately begin planning their migration away from Apple.
Radsoft Security: Apple's Phony Consumer Protection
Stockholm/London-based Rixstep are a constellation of programmers and support staff from Radsoft Laboratories who tired of Windows vulnerabilities, Linux driver issues, and cursing x86 hardware all day long. Rixstep have many years of experience behind their efforts, with teaching and consulting credentials from the likes of British Aerospace, General Electric, Lockheed Martin, Lloyds TSB, SAAB Defence Systems, British Broadcasting Corporation, Barclays Bank, IBM, Microsoft, and Sony/Ericsson.
Rixstep and Radsoft products are or have been in use by Sweden's Royal Mail, Sony/Ericsson, the US Department of Defense, the offices of the US Supreme Court, the Government of Western Australia, the German Federal Police, Verizon Wireless, Los Alamos National Laboratory, Microsoft Corporation, the New York Times, Apple Inc, Oxford University, and hundreds of research institutes around the globe. See here.
All Content and Software Copyright © Rixstep. All Rights Reserved.