How to Make Safari’s Private Browsing Feature Actually Private

If you’ve been using Safari’s Private Browsing feature to keep your web-tracks hidden, it might come as a surprise to you that you are leaving a very visible record of the sites you’ve been visiting. This tutorial will show you how to remove those records.

Using a Terminal command, anyone with access to your Mac (local or remote) can get a list of the sites that you’ve visited, even with Safari’s Private Browsing feature enabled.

safari's private browsing featureSafari gives you a bit of a ‘warm and fuzzy’ feeling of private browsing with their explanation of the Private Browsing feature.

safari's private browsing feature explanationTry it out for youself. Enable Private Browsing and go to a couple of web sites.

Now open a Terminal by selecting Applications -> Utilities -> Terminal. Enter the command:

dscacheutil -cachedump -entries Host

You’ll be presented with a list of those same sites you just went to.

terminal with a command outputThe good news is that the dscacheutilutility comes with a way for you to clear those entries. Enter the command (in a Terminal):

dscacheutil -flushcache

terminal with dscacheutil flushcache commandThat will clear out the Directory Service cache (the location all of that information was being stored). Now run the dscacheutil -cachedump -entries Host command again. This time you’ll get a blank Directory Service cache.

blank dscacheutil entry

More posts from the Safari Category

Setup Safari 5 to Open Links as New Tabs Instead of New Windows

Site-for-Web-Clip-Widget.png

Create Web Clip Widgets for Dashboard

keychain-access.png

How to Make Safari Remember Passwords

picture-43

How to Integrate del.icio.us with Safari

  1. [...] How to make Safari’s Private Browsing feature actually private My good buddy Ross writes up an article exposing Safari’s private browsing feature as, well, not-so-private after all! He also explains how to cover your tracks. (More on this in the near future here at HTG). [...]

  2. Paul says:

    Thanks for this extra bit.

    You might also want to look in /Users/username/Library/Preferences/Macromedia/Flash Player/#SharedObject

    In there is a folder for every flash enabled site you visited. This information is stored regardless of the private browsing feature being enabled or not.

  3. John says:

    I have a question, after you're done doing all of that, where does that information go?

  4. Daniel Meier says:

    I was doing a yahoo search for some stuff for school and decided to clear out my cache using the "flushcache" command. When looking through the cachedump it listed many websites that I did not even visit…. many of them were sites that merely came up for the search. Why is this?

  5. William says:

    thanks for the tips, and @paul thanks as well !

    i got a mac from my skl and i've tried terminal but since im not the admin, it doenst work for me.

    any tips on how i can clear it without need any administrators priviledges?

    here's what comes up:

    dscacheutil -cachedump -entries Host
    Viewing host entries requires administrator privileges.

  6. Rick says:

    I have cleared the cache using your suggestions, now how do I keep it from getting it filled again? I have hear that this TOR program called Vidalia works well has anyone used it or better yet is anyone using it now?

  7. sam says:

    Hello! Ive been trying to display the list of sites visited, but everytime I type in the command, this is what I get:

    DirectoryService Cache Overview:

    AAAA Queries – Disabled (link-local IPv6 addresses)

    Cache Size – 9

    Entry count by category:

    Group – 2

    Service – 1

    User – 6

    Cache entries (ordered as stored in the cache):

    Category Best Before Last Access Hits Refs TTL Neg DS Node

    ———- ——

    What else do I need to do to make the list visible?

    Thanks!

  8. Travis says:

    Question: Private in Safari, won't help if you're trying to get your views up on Youtube would it? They (Youtube) would still know it's coming from my same computer? Strange question, but it did cross my mind. Thank you!

  9. philipp says:

    Hi,

    i~ve got the same question that Sam posted on 21 October. Could you let me know the answer, please?

    Thanks,

    Philipp

  10. Dean says:

    The system no longer uses Directory Services for DNS caching. It now uses mDNSResponder, so your dscacheutil commands aren't going to work. If you want to look at mDNSResponder's record cache, you'll want to do this…

    sudo killall -INFO mDNSResponder

    Then look in system.log.

  11. Mike says:

    It won't help; Since safari doesn't initiate a "clean cookie", the websites you visit still have your record on everything.

  12. Mudge says:

    For Sam and Philipp, you need to enable the root user. There's a couple of ways to do this: you can go into Directory Utility then Edit -> Enable root user, or you can pull up a terminal window, type "sudo passwd root" (without quotes) using your admin password, supply a strong password for root, and you should be free to carry on.

    HTH.

  13. John says:

    I have the same issue as Sam and Phillip above. All I get when I try the process is the following;

    User-iMac:~ User$ dscacheutil -cachedump -entries Host

    DirectoryService Cache Overview:

    AAAA Queries – Disabled (link-local IPv6 addresses)

    Cache Size – 7

    Entry count by category:

    Group – 1

    Service – 1

    User – 5

    Cache entries (ordered as stored in the cache):

    Category Best Before Last Access Hits Refs TTL Neg DS Node

    ———- —————— —————— ——– —— ——– —– ———

  14. VINCENT Benjamin says:

    Hi,

    I am late but :

    I have the same question that Sam posted on 21 October. Could you let me know the answer, please?

    I will be very grateful.

    Thanks you for your help,

    Ben

  15. It'srubbish says:

    I love Mac haters, I have just carried out the instructions above……. Guess what? No hidden traces found! For information….. nothing is ever truly deleted from any digital media and specialist software will recover it. If what you are doing is illegal and your PC/Mac needs a repair they will probably find it. If all you are doing is hiding your porn surfing from the wife RELAX Private browsing does it… :-)

  16. It'srubbish says:

    PS, Don't forget that your ISP has a record of your browsing as well!

  17. It'srubbish says:

    PS, Don't forget that your ISP has a record of your browsing as well!

    You might want to look in here though, private browsing does not stop plug-ins from storing historical information. For instance, even with private browsing on, the domain names of visited, Flash-enabled sites will be recorded to ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/.

    The only way to prevent data from being stored by plugins is to turn them off—Safari > Preferences > Security and deselecting "Enable plug-ins."

  18. lovemymac says:

    Hi everyone,

    I think this particular issue is PRE Snow Leopard 10.6. I used terminal and got no results at all.

    But Paul (above) is right about this;

    Finder/Library/Preferences/Macromedia/Flash Player/#SharedObject. then open the next folder and take a look at all the Flash enabled sites visited.

    Go take a look!

  19. Ed says:

    Hi, yeah same question as Sam and Philipp here too. Anyone know the answer?

  20. Jess says:

    Hello,

    I am not sure if this site is still being updated but I have the same question as Sam (Oct 21) and Philipp (Nov 8). Any kind of suggestion would be most appreciated!

    Thanks

  21. Brian says:

    Seemed to only list sites of the current visit – not yesterday or back further. Is it erasing prior visits without this procedure?

  22. New version of Safar says:

    Newer version of Safari may have solved this. Using 505 safari with snow 1067.

  23. Margaret says:

    i have a power book G4. I tried entering "dscacheutil-cachedump-entires Host". The response I received was "Command not found".

  24. brooke says:

    I have the same problem as @sam and @phillipp.

    Also, is the "Empty Cache" option useless, or does it also empty the directory service cache without using the terminal?

    Thanks,

    Brooke

  25. Sam says:

    I have the same question as sam and phillip. I try and pull up the sites visited and it says my AAAA queries are disabled but shows

    AAAA Queries – Disabled (link-local IPv6 addresses)

    Cache Size – 9

    Entry count by category:

    Group – 2

    Service – 1

    User – 6

    Cache entries (ordered as stored in the cache):

    Category Best Before Last Access Hits Refs TTL Neg DS Node

    and doesn't show the sites. how do you make them visible?

    ———- ——

  26. Roberto says:

    Hello. Tried the command and this is what shows on the terminal:

    DirectoryService Cache Overview:

    AAAA Queries – Disabled (link-local IPv6 addresses)

    Cache Size – 24

    Entry count by category:

    Group – 7

    Service – 2

    User – 15

    List is not shown. Any suggestion?

  27. David says:

    Hi, I've tried entering the command * dscacheutil -cachedump -entries Host and it tells me that it is unable to get the details from the cache node. Can anyone help me out?

  28. CW says:

    I'm using 10.5.8 and I did the Applications -> Utilities -> Terminal. Entered the command: 
dscacheutil -cachedump -entries Host. Then finished with the 
dscacheutil -flushcache command and it seemed to most entires, but Not all.
    This is what Terminal STILL showed:
    DirectoryService Cache Overview:
    AAAA Queries – Disabled (link-local IPv6 addresses)
    Buckets Used – 6
    Cache Size – 1
    Entry count by category:
    Host – 1
    Cache entries (ordered as stored in the cache):

    Category Best Before Last Access Hits Refs TTL Neg DS Node
    ———- —————— —————— ——– —— ——– —– ———
    Host 10/19/11 15:05:41 10/19/11 15:05:23 0 7 18
    Key: h_aliases:adserver.teracent.net ipv4:1 ipv6:1
    Key: h_aliases:adserver.teracent.net ipv6:1
    Key: h_aliases:adserver.teracent.net ipv4:1
    Key: h_name:adserver.teracent.net.akadns.net ipv4:1 ipv6:1
    Key: h_name:adserver.teracent.net.akadns.net ipv6:1
    Key: h_name:adserver.teracent.net.akadns.net ipv4:1

    QUESTION: IS THERE ANYWAY TO CLEAR ALL? AND DO I HAVE TO REPEAT THIS COMMAND DAILY???
    THANKS TO ANYONE THAT REPLYS.

  29. Me says:

    I have the same question as Sam, Phillip, and others. Can someone please help?

  30. MenAreWeak says:

    To It'sRubbish: I guess you think all wives are stupid? Women can read and research too. I hope your wife finds you out. She doesn't deserve you. Amazing what men will go through to look at other women naked. Wackos.

    • AnotherWoman says:

      To MenAreWeak: You must be one of those wives whose husband has to hide porn from. If more women would relax and stop being up tight then men wouldn’t feel the need to hide things. Who cares if he watches porn? Hell, why not watch it with him. If you force a man to hide porn from you because you’re so neurotic, eventually it will lead to him hiding another woman from you as well.

  31. Karen H says:

    I did all that and it said command not found – NOW WHAT

  32. StupidComment says:

    To MenAreWeak: There’s no reason to be so defensive. It’sRubbish wasn’t implying women are stupid, I think he’s implying that it is unlikely that a partner would go to excessive lengths to find out what their other half has been viewing online… he was also just making a joke.

    It sounds like you’ve been hurt, you seem a very angry person.

  33. Dallas says:

    every time i enter the command this happens:

    device-b1c289:~ dallas$ dscacheutil -cachedump -entries Host
    Unable to get details from the cache node

    why is this happening?

  34. Girl says:

    I agree. Blokes work it out, I’m a woman and I have researched this. Btw girls, you can also just check the router log. Google instructions.

  35. tom riddle says:

    The mac still keeps logs of your visited sites. All you have to do is to delete these logs. You can delete them manually or make an apple script for this. Secure delete all log files in your library/logs folder and most important the log files stored in the invisible folder /var/log/ (you can use the “go to folder” from the finder menu). Also delete all files in /var/log/asl. I could post a simple script for that if you want.

Leave a Reply