Google Exposes Apple's Privacy Blunder, Finds Safari Tracked Users With 'Do Not Track' Enabled
In a paper published yesterday on Arxiv.org, a group of security engineers at Google have come across a bunch of flaws in Apple¡¯s proprietary browser Safari that let potential hackers look into people¡¯s history and let websites track you all over the internet.
Apple has done a pretty good job of portraying itself as a privacy-first brand and it has created some tools of its own to make sure the privacy of its users remains intact.
However, what if these safety locks were the very medium that would hamper user privacy? Google of all people found this blunder.
In a paper published yesterday on Arxiv.org, a group of security engineers at Google have come across a bunch of flaws in Apple¡¯s proprietary browser Safari that let potential hackers look into people¡¯s history and let websites track you all over the internet.
The problems lied in Safari¡¯s Intelligent Tracking Prevention feature (also known as the ITP feature) that was first unveiled in 2017. This tool actually was designed to keep Safari users safe from cookies that track users.
ITP would log their use and block sites from doing any activity. ITP would term the sites as ¡®prevalent domains¡¯ when it noticed that they were sending data, and would then add them to an ITP list.
Now, this logging process actually paved a way for potential attackers to get access to a person¡¯s web history -- in detail. A website could have easily checked the ITP status of specific domains with the ability to manipulate the list -- that posed a security threat. Apple has said that it has fixed these flaws.
This wasn¡¯t the first time Google caught Apple¡¯s tongue with respect to security online. In 2019, Apple¡¯s Do Not Track feature was ironically helping websites to track better, as it created a digital fingerprint of sorts, but it backfired miserably.
Apple acknowledged these flaws and revealed that the bugs have already been fixed in December in an official statement.
John Wilander, Apple¡¯s WebKit engineer behind ITP said in the statement, "We'd like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection."