Unless I'm misunderstanding what is happening here, it stores the thumbnail cache in a subdirectory of `$TMPDIR` which at least on my machine is `/var/folders/.......`.
So it would seems this is only a concern if you had a secondary drive that was encrypted but a root volume (or some other volume mounted to `/var/folders`) that was unencrypted.
I don't think this is much of an issue TBH, if you're concerned about data access your root volume should be encrypted already.
> So it would seems this is only a concern if you had a secondary drive that was encrypted but a root volume (or some other volume mounted to `/var/folders`) that was unencrypted.
Not really. It's also a concern if:
* the encryption to your root volume is broken somehow (either through one of the APFS encryption bugs, you've been compelled to hand over the keys, etc.), or
* the secondary drive is not available or was destroyed,
If the first one is a problem, you have much bigger problems. Not sure what the second concern you're describing is. Most of the scenarios I can think of where this is behaviour is bad are not really the sort of thing FDE is supposed to solve. Maybe there are others but I haven't seen them described in this thread.
> If the first one is a problem, you have much bigger problems.
Not necessarily. Your primary drive could have been otherwise clean of things you wanted to hide. If you have data you need to keep safe, full disk encryption isn't a panacea that allows your opsec to get sloppy in other areas.
> Most of the scenarios I can think of where this is behaviour is bad are not really the sort of thing FDE is supposed to solve.
I agree, I was responding to a comment that also said this:
>>> I don't think this is much of an issue TBH, if you're concerned about data access your root volume should be encrypted already.
If the encryption on your root drive is broken or breakable, it's game over for that kind of system. The scenario 'I'm plugging in random encrypted drives into my system which is itself not encrypted' is not a sane one any OS maker is going to spend time mitigating. Your editor could have left stuff in a backup. The file contents might be sitting in swap. You copied the file over and forgot to delete it. Or you deleted it but not securely. Etc, etc, etc.
As I said, I can't think of a non-contrived scenario in which this is an issue and to me, the one you're describing is strictly in the contrived category.
So it would seems this is only a concern if you had a secondary drive that was encrypted but a root volume (or some other volume mounted to `/var/folders`) that was unencrypted.
I don't think this is much of an issue TBH, if you're concerned about data access your root volume should be encrypted already.