Apple tool aimed at strengthening the privacy of private browsing habits of Safari users
Apple’s anti-web tracking tool aimed at reinforcing privacy actually exposed the private browsing habits of Safari users, according to a report
- Measures against web tracking designed for privacy contained several flaws
- Google researchers say they exposed the private web data of Safari users
- Search queries and websites visited by a user were among the vulnerable data
- Google researchers say failures may still be active
Apple’s anti-web tracking features aimed at preventing surveillance sites from monitoring users’ online activity were at the expense of their security, researchers say.
According to a report from a team of Google researchers that was first highlighted by the Financial timesSeveral defects were found in a feature called Intelligent Tracking Prevention implemented in 2017, which aimed to prevent digital advertising companies from exceeding people’s web data.
In total, five different vulnerabilities in the function first discovered in August last year opened users to attacks that expose “confidential private information about user browsing habits.”
Apple’s anti-web tracking tool was exposing users to several attacks according to a report by several Google researchers
Failures allow a hypothetical hacker to obtain various private data, including specific web browsers and the sites he actually visits.
Although the feature was initially promoted as a major improvement for user privacy, given its goal of protecting the web activity of anyone using the Safari browser, its ingenuity also caused some of its problems.
Because an algorithm that feeds the tool runs on the device, allowing it to learn from the user’s behavior and improve it, it also stores the user’s behavior inside the phones, creating a vulnerable treasure of web data.
While Apple says it has tested and verified Google’s findings, it has not yet confirmed whether the defects have been addressed and closed completely.
Google researcher Justin Schuh said on Twitter that, although Apple acknowledged the problems reported in the function in a blog post, none of the changes made by the company actually resolved failures.
“… Apple’s blog post was confusing for the team that provided the report,” Schuh tweeted.
“The publication was made during an extension of disclosure that Apple had requested, but did not reveal the vulnerabilities, and the changes mentioned did not solve the reported problems.”
While at some point failures arise in almost all browsers, Apple has promoted its commitment to a safer experience compared to its counterparts.
Additional protections against third-party data tracking and tools that help users opt for location services are among the initiatives that have forced competitors like Google Chrome to start offering their own protections.