Typing “old” (space) into iOS Safari crashes the app (opens in new tab)

These initialisms, abbreviations and acronyms are getting out of hand.

"CONUS" is short for "CONtinental United States"

CONUS (can't help but giggle) supposedly stands for Continental United States, as I learnt from a sibling comment here. First time I'm hearing that acronym.

Target is a supermarket chain in USA. I assume Bestbuy is also something like that.

In my browser (Firefox on Android) if I type "tar" it auto-suggests completing the url to "target.com". Useless to me because I'm nowhere close to USA and there's no Target in my country.

Speaking of which, maybe they should have a separate list of autocompletable sites based on the user's location. However, I'm not sure of the privacy implications of that.

Continental US, I guess? Not sure why “continental” matters.

Me either, but guessing: Contiguous United States

Most interesting comment on cone snails that I ever heard. Couldn't parse it either. Others said it means continental United States.

Would be quite the story if shitty adware causes crashes.

It’s “Continental United States”.

The reality will be more like Safari suggestions API sending malformed response for some scenarios, crashing the app.

And none of those would explain why Gusto crashes for the person you replied to

They have designers?

Try Narwhal for Reddit on iOS. It’s a very good experience.

Dammit, that's just the old

Interesting, I had never heard of this tip before. How do you do this though? Do you just add it at the end like a flag? (e.g. "sparking water -best" ?) In general, I thought these kinds of search engine commands were being phased out, but it looks to me like it would filter out those garbage articles that would bring up results like "top/best 15 brands of sparkling water" etc.

I often do the opposite: "best [search query, usually a product] in the world".

Not for me, I actually turned that off just now, I didn't know it was "on". Maybe a hacker who resides on my iPhone fixed the bug for me?

Also, I'm on the iPhone 11 or 12 I think? So maybe model has something to do with it?

I'm on 16.1.1 with Safari Suggestions turned on. No crashes here. iPhone 12 Pro.

I like the autocomplete from my bookmarks and history. What's mind boggling is how slow it is (on Firefox on a beefy PC + SSD + Windows)

I can't imagine "Old Navy" customer support is going to have much success telling iOS customers to install another browser (I'm not even sure that solves it).

Is old.reddit.com very unstable for everyone else in safari or just me? On my past 3 iphones through multiple iOS versions I can't browse for more than 10 minutes without eventually hanging/crashing safari. It seems to happen most frequently after browsing posts with images

I wonder if "Safari Suggestions" is crossing a privacy line with its API it shouldn't and iOS nukes the app from orbit.

set up a proxy, install its certificate and mitm it? Might work at least...

Firefox on iOS uses webview for page rendering, but the url suggestions (which seem to be the cause of the crash) are separate and are handled by firefox's code.

> smells strongly of a server-side change

Doesn't need to be. Some software nowadays can toggle feature flags clientside behind your back. I know Firefox does (or did?) this. Creepy as all fuck.

> quick/easy fix

Wait, you don't want them to fix the client crashing on malformed data?

Apple also said:

“We do not provide any government agency with direct access to our servers, and any government agency requesting customer content must get a court order.”

Either Snowden is lying, or Apple is.

There are lots of potential explanations here. It’s possible and even likely that in an org as large as Apple, the people writing press copy simply are not exposed to all of the details of all of the moving parts that enable realtime surveillance of their userbase. They can also use a different definition of “direct access” (while providing realtime unsupervised access via API, but not via physical (“direct”) entry to a datacenter building).

Apple also claims (in HT202303) that iMessage is end to end encrypted, when for the vast majority of the userbase of iMessage, Apple has copies (readable to Apple) of the endpoint private keys and can, if they wish, decrypt and read and store anyone’s iMessages in realtime as if they were not encrypted at all. It’s still “end to end encrypted” if there is a key escrow backdoor in the system that defeats the end to end encryption. It’s like putting a $5 gym lock on a cardboard box. It’s not lying to say that you locked it up.

You can make factually accurate statements about certain specific things that paint a picture or strongly imply a state of affairs that is diametrically opposed to the truth. Apple is, as far as I can tell, the best in the world at this type of misdirection. It even fools professional journalists.

For example: if they log the client IP of all requests to the API, the statement you quoted holds true - and yet it is still trivial to make a single query to a) relate all of your API requests together, and b) relate them to your identity via Apple’s many other APIs. The “rotating” implies that it is unlinked, but does not guarantee that it is unlinkable (eg from having client IP and timestamp columns in the data).

Apple is skilled at lying by saying only very specific, true things, as confusing as that may sound.

It is also a mistake to assume there is no importance because there is no threat model. Even if the data is never linked to you, it is a privacy violation for the keystrokes to leave your device if you don’t want them to. For a contrived example, you don’t need a threat model or ID linkage to not want your neck-down nudes leaked. A non-identifiable privacy violation is still a privacy violation.

> "is associated with a 15-minute random, rotating device-generated identifier"

Can someone clarify why that's done or how it could even be useful? It just seems (to me, naïvely) like if you're going to rotate the identifier every fifteen minutes, why even bother?

> Apple and everyone who works there is lying about it?

Perhaps we should ask people that bought iTruth for $299. But seriously, you are way too trusting of corporations and their public statements.

I try to avoid updating my iPhone for as long as humanly possible. I find updates generally bring bugs, features I don’t want, apps I don’t want, and sometimes taking away things I like.

This is the important point I think. Version of Safari is tied to version of OS.

Which search engine are you using?

I have DDG as my search engine.

Crashes on my phone running 16.1.1.

People are suggesting it might be en-US only.

It’s not enough to do that. There is something more specific required: a specific version of iOS, a specific language, a particular phone, some setting, something in the search/url history etc.

But it clearly doesn’t reproduce across all devices/versions/settings with iOS Safari. Better repro steps needed.

Doesn’t happen for me

They're not trolling. I typed it into the search bar. Safari didn't crash.

Is the person who wrote the tweet trolling? Probably not either.

But what type of iOS device do they have? Which version of iOS are they running? Which language and locale?

Those things matter. Other things that apparently shouldn't matter might matter as well: other apps installed or running, notification configuration, how many tabs they have open, whether they're connected via WiFi or 4G, etc.

We don't know any of that stuff. As GP said: better reproduction steps needed.

As it is this bug report is barely above the kind of "hurr durr it dern't work" support ticket that really pisses off everyone in my team, and indeed every support engineer, and software engineer I've ever worked with.