Security News > 2020 > February > Apple's Tracking-Prevention Feature in Safari has a Privacy Bug
Last month, engineers at Google published a very curious privacy bug in Apple's Safari web browser.
Apple's Intelligent Tracking Prevention, a feature designed to reduce user tracking, has vulnerabilities that themselves allow user tracking.
When future third-party requests are made to a domain on the ITP list, Safari will modify them to remove some information it believes may allow tracking the user.
Information leaks: detecting websites visited by the user tracking the user with ITP, making the mechanism function like a cookie fingerprinting the user: in ways similar to the HSTS fingerprint, but perhaps a bit better.
I am sure we all agree that we would not expect a privacy feature meant to protect from tracking to effectively enable tracking, and also accidentally allowing any website out there to steal its visitors' web browsing history.
News URL
https://www.schneier.com/blog/archives/2020/02/apples_tracking.html
Related news
- How to use Apple’s App Privacy Report to monitor data tracking (source)
- Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations (source)
- Apple offers $95 million in Siri privacy violation settlement (source)
- SLAP, Apple, and FLOP: Safari, Chrome at risk of data theft on iPhone, Mac, iPad Silicon (source)