Security News > 2020 > February > Apple's Tracking-Prevention Feature in Safari has a Privacy Bug

Apple's Tracking-Prevention Feature in Safari has a Privacy Bug
2020-02-10 12:06

Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser.

Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.

When future third-party requests are made to a domain on the ITP list, Safari will modify them to remove some information it believes may allow tracking the user.

Information leaks: detecting websites visited by the user tracking the user with ITP, making the mechanism function like a cookie fingerprinting the user: in ways similar to the HSTS fingerprint, but perhaps a bit better.

I am sure we all agree that we would not expect a privacy feature meant to protect from tracking to effectively enable tracking, and also accidentally allowing any website out there to steal its visitors' web browsing history.


News URL

https://www.schneier.com/blog/archives/2020/02/apples_tracking.html