Security News > 2020 > February > Apple's Tracking-Prevention Feature in Safari has a Privacy Bug
Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser.
Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.
When future third-party requests are made to a domain on the ITP list, Safari will modify them to remove some information it believes may allow tracking the user.
Information leaks: detecting websites visited by the user tracking the user with ITP, making the mechanism function like a cookie fingerprinting the user: in ways similar to the HSTS fingerprint, but perhaps a bit better.
I am sure we all agree that we would not expect a privacy feature meant to protect from tracking to effectively enable tracking, and also accidentally allowing any website out there to steal its visitors' web browsing history.
News URL
https://www.schneier.com/blog/archives/2020/02/apples_tracking.html