MacInTouch Amazon link...

Safari, Firefox & other web browsers

Channels
Security, Troubleshooting, Products
I'm always a little concerned about security issues with low-level software originating from Russia, and AdGuard was blocked at one point by Apple for using a VPN mechanism that could potentially provide unchecked access to very sensitive information. Other companies were also affected, and Russia doesn't have any monopoly on malware or spyware, so these may not be concerns for other people, but I thought I'd mention them as background for anyone who might be interested.
I think that might apply to the full standalone app, rather than the browser extension. The standalone app allows use of a built in VPN, but the extension doesn't.
 


I'm running AdBlock Plus with Firefox, and every new version of Firefox "forgets" the exceptions I have set. In a sense, that's useful, because each new version defaults back to no exceptions, but there are a few sites I am willing to allow to show ads for various reasons.
 


This independently dawned on me after I posted: you probably have to disable System Integrity Protection (SIP), restore Safari, then re-enable SIP. From the Terminal:
csrutil status
It should reply,
System Integrity Protection status: enabled.
(If it's disabled, something else is going on; I don't know what.)

Boot to Recovery OS: Startup or restart and hold down Command-R.
In Recovery, Utilities menu > Terminal
In Terminal,
csrutil disable

Restart normally.
Do the Time Machine restore.
Then re-enable SIP:

Restart with Command-R
Utilities > Terminal
csrutil enable
Restart

Gory details about SIP at Apple Developer:

Again, good luck. Apple assures us these apparent shenanigans are For Our Own Good.
Good suggestion but... changing the SIP doesn't allow me to restore Safari from Time Machine. Using Pacifist and the High Sierra installer, "Install to default location" for Safari is greyed out.

I could reinstall High Sierra (10.13.1) but two problems:
Would I be able to get Safari updated to 12.1.2 and not 13 (I'm guessing not)?​
And, more importantly, since it's a "new computer", I'd run into the Dropbox three-device limit. Dropbox is where I keep my 1Password database (so I can share it with my wife's devices).​

So, if I want the 1Password browser extension, I will have to upgrade to v7 and pay $5/month for the family plan.

I really wish Apple had warned me about the change in Extensions before I upgraded Safari.
 


Ric Ford

MacInTouch
Here's some more background on Apple's changing policies vs. ad blockers:
Here's some additional information about Safari 13 changes and recommendations:
Ellis Tsung/uBlock-Safari said:
Explanation of the state of uBlock Origin (and other blockers) for Safari
uBO will no longer with Safari, use Firefox or a new "content blocker" app (see below for good replacements).

In the past few months, and especially in the past week, there have been a lot of posts and comments questioning the status of uBlock Origin for Safari. This should answer all questions on the status of uBO for safari.

uBlock Origin was ported for Safari in 2016, and was updated regulary (mostly changes from the main project) until 2018 when development completley stopped. Since then Apple has begun phasing out Safari extensions as extensions, and has instead been implenting a new extensions framework which is extremley limited in adblocking functions, only allowing "content blockers", which are just links bundled as an app which Safari enforces. From Safari 12 / macOS Mojave, old legacy Safari extensions were still allowed, but came with warnings saying that they will slow down your browsing (they infact won't, or at least not noticably). Safari also recently shut their Extension Gallery, instead redirecting it to the mac app store. Though it is still curently possible to install uBlock Origin by downloading the extension from Github (edit: must follow these instructions, it will not be starting from Safari 13 / macOS Catalina, when the legacy entension API will be fully deprecated.

It will not possible for uBlock Origin to work with the upcoming Safari 13 / macOS Catalina release

If you are a current user of uBlock Origin for Safari here are the options to continue blocking ads...
 


Safari 12.1.2 is included in the Mojave 10.14.6 updater, so you should be able to re-run that (maybe go with the Combo Updater to be safe) to reinstall it. I think maybe you'd have to delete Safari 13 from the Applications folder first; otherwise it might not overwrite a newer version.

For Sierra and High Sierra, you can download the Safari 12.1.2 installers directly from Apple here (again, you may need to delete Safari 13 from Applications first):
 


Safari 12.1.2 is included in the Mojave 10.14.6 updater, so you should be able to re-run that (maybe go with the Combo Updater to be safe) to reinstall it. I think maybe you'd have to delete Safari 13 from the Applications folder first; otherwise it might not overwrite a newer version.

For Sierra and High Sierra, you can download the Safari 12.1.2 installers directly from Apple here (again, you may need to delete Safari 13 from Applications first):
Thanks, Todd. FYI Safari 13 was only issued for High Sierra and Mojave (and comes with Catalina) - there is no Safari 13 for Sierra (meaning macOS 10.12 Sierra has now dropped off the security updates list).

The link for the High Sierra download does not work though: "not found" :-(
 


Good suggestion but... changing the SIP doesn't allow me to restore Safari from Time Machine. Using Pacifist and the High Sierra installer, "Install to default location" for Safari is greyed out.
I could reinstall High Sierra (10.13.1) but two problems:
Would I be able to get Safari updated to 12.1.2 and not 13 (I'm guessing not)?​
And, more importantly, since it's a "new computer", I'd run into the Dropbox three-device limit. Dropbox is where I keep my 1Password database (so I can share it with my wife's devices).​

So, if I want the 1Password browser extension, I will have to upgrade to v7 and pay $5/month for the family plan.

I really wish Apple had warned me about the change in Extensions before I upgraded Safari.
I followed the directions to disable SIP, reboot, and restore from Time Machine. My system (macOS 10.13.6) wouldn't let the restore complete. And, with SIP turned off, I still couldn't delete Safari.app in the Finder.

I had to go to the Terminal and use sudo rm on Safari.app before doing the restore from Time Machine step. That worked. Of course, I then rebooted, re-enabled SIP, rebooted, and things seem okay.

One weird side-effect was that my SoftRAID volumes wouldn't work after doing the "SIP gymnastics". I tried various utilities, but the only thing that worked was removing all related SoftRAID files and the kernel extension and reinstalling SoftRAID. After reinstalling SoftRAID everything is working as before (the SoftRAID volumes reappeared). I came close to rebuilding a RAID from a backup.
 


Ric Ford

MacInTouch
There are huge potential privacy/security problems with ad blockers... and fake/ripoff software in general, which is widespread in Apple's App Store, as well as Google's Chrome Store and elsewhere. Here's just one example, from this company protecting/promoting its own software, but the problem is a serious one to beware on all platforms.
Sophos said:
Google pulls more fake adblockers from Chrome Web Store
Google has again been reprimanded for not spotting fake extensions impersonating popular brands in its Chrome Web Store.

The victims this time were AdBlock by AdBlock Inc (easily confused with legitimate extension AdBlock by getadblock) and uBlock by Charlie Lee (similar-sounding to uBlock.org’s uBlock or Raymond Hill’s uBlock Origin).

The impersonation was made public in a blog by rival adblocker maker, AdGuard, whose Andrey Meshkov decided to take a closer look at the fake software’s behaviour.

The short and surprising answer – they block ads – perhaps not a huge ask given that both appear to have been based on the same code as the original AdBlock.

However, according to Meshkov, 55 hours after installation, they start doing something called ‘cookie stuffing’, a common ad fraud technique.
 


The only ad blocker I've used in Safari is Adblock from BetaFish. I think they're US-based, and they have generally been good. Their iOS version is unobtrusive, too, but hasn't been updated in a few years. I haven't tried Safari 13 yet, so I assume it has the same compatibility issues.

In Firefox, I only use UBlock Origin and NoScript. I find those extensions to be powerful, and as far as I know they're trustworthy. Firefox Focus on iOS extends its adblocking options to Safari.
 


Safari 12.1.2 is included in the Mojave 10.14.6 updater, so you should be able to re-run that (maybe go with the Combo Updater to be safe) to reinstall it. I think maybe you'd have to delete Safari 13 from the Applications folder first; otherwise it might not overwrite a newer version.

For Sierra and High Sierra, you can download the Safari 12.1.2 installers directly from Apple here (again, you may need to delete Safari 13 from Applications first):
Thanks for those links. I am at Safari 12.1.1 and was trying to find the *.2 download.

I wonder if updating to 12.1.2 will cause issues with the 1Password 6 extension I'm currently using. Think I'll do a full backup...
 



I followed the directions to disable SIP, reboot, and restore from Time Machine. My system (macOS 10.13.6) wouldn't let the restore complete. And, with SIP turned off, I still couldn't delete Safari.app in the Finder. I had to go to the Terminal and use sudo rm on Safari.app before doing the restore from Time Machine step. That worked. Of course, I then rebooted, re-enabled SIP, rebooted, and things seem okay.
Closer and closer. I successfully removed Safari using Terminal:

cd /Applications/
then
sudo rm -rf Safari.app/

and installed Safari 12.1.2 using the link for High Sierra Safari provided by Todd Bangerter above (thanks). Then I restarted.

Unfortunately, despite the presence of a Safari Extensions folder containing the 1Password browser extension, there wasn't a 1Password icon in Safari. When I double-clicked on the extension, Safari again told me it was no longer supported, and it couldn't be installed.

Somehow, my iMac still thinks I'm using Safari 13, at least in terms of this.
 


Somehow, my iMac still thinks I'm using Safari 13, at least in terms of this
My guess is that other system-private frameworks got replaced at the time of the Safari 13 install, which contain the code that checks for the file extension (and perhaps handle the loading of extensions).

I'm not sure if there's an easy way to detect what the install changed (Time Tracker review of a Time Machine backup?) in order to 'revert' it back.
 


My guess is that other system-private frameworks got replaced at the time of the Safari 13 install, which contain the code that checks for the file extension (and perhaps handle the loading of extensions). I'm not sure if there's an easy way to detect what the install changed (Time Tracker review of a Time Machine backup?) in order to 'revert' it back.
I think this is plausible.

Here are the download links for Safari 13, so you can inspect the packages:
After inspecting both the Safari 12 and 13 packages side-by-side with Suspicious Package, it looks like there are a lot of folders (like CoreServices, Frameworks, StagedFrameworks, PrivateFrameworks, etc.), which may have newer Safari 13 files that may not have been overwritten by the Safari 12 installer.

So, it looks like, besides the Safari.app, you probably have to address all the other stuff installed by Safari 13. Something like UninstallPKG or other suggestions here are probably necessary, and then run the Safari 12 installer.
 


So, it looks like, besides the Safari.app, you probably have to address all the other stuff installed by Safari 13. Something like UninstallPKG or other suggestions here are probably necessary, and then run the Safari 12 installer.
Actually, here's another thought: You may just be able to force install everything in the Safari 12 package using Pacifist, overwriting all the Safari 13 frameworks. You may need SIP disabled, since you'll be overwriting a bunch of system files.
 


Speaking of Safari.... This doesn't have to do with Safari extensions per se but an overall observation of the way Safari handles cookies. I regularly make it a point to either selectively delete certain cookies in Safari - mainly those having anything to do with Google - or delete all of them. However, I have noticed that even if I delete each and every last cookie in Safari, the next time I run it the cookies have all reappeared. Perplexing and extremely agitating. I have to wonder why this is.
 




For me, Safari 13 represents a big step backward in terms of my web browsing experience. I didn't use a lot of extensions, but the ones I did use were important—Ghostery, Translate, etc. Those extensions embodied years of gradually adding sites, making adjustments, etc. to improve my browsing experience, all wiped out with Safari 13.

The only exception was Cookie, which was restored with $19.95 worth of vigorish; no big deal. As I installed Cookie, I realized how hard these developers had to work just to get it to work with silly Safari 13. There were many ancillary files to copy, all managed by an installation script that I hoped wouldn't, itself, break. So far, so good.

I disagree with the idea of reverting to Safari 12 or holding onto any down-rev web browser, due to subsequent lack of security updates for this critical app. However, I detest Safari 13 and what it represents in terms of Apple's disdain for its customers. I am going to strongly consider Firefox, even though the onerous task of re-entering each and every website password has been an utter showstopper in the past and even though it is pig-ugly in my opinion.
 



... I am going to strongly consider Firefox, even though the onerous task of re-entering each and every website password has been an utter showstopper in the past...
Re-entering each and every website password? Not necessary, if you use the 'import from another browser" feature in Firefox. It will import everything, including site passwords. (This assume you have a Firefox Sync account set up.)
 



Ric Ford

MacInTouch
Re-entering each and every website password? Not necessary, if you use the 'import from another browser" feature in Firefox. It will import everything, including site passwords. (This assume you have a Firefox Sync account set up.)
This does not appear to work to migrate Safari passwords, and additional research indicates there’s no easy way to extract passwords from the keychains Safari uses (other than manually, one at a time).
 


However, I have noticed that even if I delete each and every last cookie in Safari, the next time I run it the cookies have all reappeared
Are all cookies restored, or just from sites you've visited since the last deletion?

Sites will (re)create new cookies on the next visit if they need (want) them, so I'd expect to see the ones from sites you've re-visited reappear (and some for related advertising/tracking properties). You'd have to set 'Block all cookies' on in the Privacy prefs of Safari to prevent any cookies from being created (which I guess would be like surfing in privacy mode).

If they're all being restored, even from sites you haven't visited again, then it might be something do to with the file storing them being read-only (or some other similar weirdness).
 


I've used a multi-browser setup ever since storage, RAM, and processors hit levels that made it feasible and relatively painless to do so (I think it was when I got an igloo iMac).

Here's my basic scheme:

Safari: kept essentially unmodified, only used for a very limited number of trusted sites where I need full, unfettered functionality.​
Firefox: used for general surfing, modified with an extensive set of blockers and privacy add-ons.​
Chrome: only used if I need to access something that requires Flash.​

So I've managed to insulate myself from Apple's arbitrary decisions for Safari for the most part. I also play around with Epic and Chromium but could easily drop either at any time.

On iOS/iPadOS, I use Firefox Focus as my main browser. It's pretty locked down on its own, but I run it along with a Symantec ad blocker and the Privacy Pro app.
 


This does not appear to work to migrate Safari passwords, and additional research indicates there’s no easy way to extract passwords from the keychains Safari uses (other than manually, one at a time).
Maybe not easy, but neither impossible?
Stack Overflow said:
Is there a quick and easy way to dump the contents of a MacOS X keychain?
There's a command-line tool called security that does just this (and lots of other actions on keychains).

... Using Keychain scripting, you can access all data fields of all the keys – including the plaintext password! – and it's fairly easy to dump this data into a text file etc. I've tested it and it works well.

However, this solution still involves having to confirm access to each key by clicking OK on a dialog. This is much better than having to type in the keychain's password every time, but it's still irritating. Furthermore, you have to confirm access twice for each key; once for Script Editor (or the script itself if it's running as an app) and once for Keychain Scripting. So, if you're processing a keychain with 100 keys, you have to manually click OK on 200 dialogs.
 


This does not appear to work to migrate Safari passwords, and additional research indicates there’s no easy way to extract passwords from the keychains Safari uses (other than manually, one at a time).
This particular Firefox extension works wonderfully in versions up to 56, but when Firefox 57 was introduced, it was, like so many third-party add-ons, rendered incompatible:

 


For me, Safari 13 represents a big step backward in terms of my web browsing experience. I didn't use a lot of extensions, but the ones I did use were important—Ghostery, Translate, etc. Those extensions embodied years of gradually adding sites, making adjustments, etc. to improve my browsing experience, all wiped out with Safari 13.
Ghostery Lite survived the upgrade to Safari 13.0.1, still free to use. It functions pretty much the same as the older Ghostery, as far as I can tell. I use it to limit tracking, but it appears as an ad blocker on lots of websites.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts