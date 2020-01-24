Certification: Public Sector CC0

Did the headlines at many tech tracking sites this week amount to a big whaaat? An anti-tracking feature in Apple’s Safari browser was to expose private browsing habits, according to researchers outside Apple. This was related to Intelligent Tracking Prevention (ITP) implemented by Apple’s Safari browser.

The Intelligent Tracking Tool became available in 2017.

Ivan Mehta at TNW extension: “In 2017, Apple introduced ITP technology, one of the most sought after personal data protection devices on the web. The system normally clears first-party cookies and disables third-party cookies by default, making it difficult for advertisers to monitor users. “

The scratching of the head became more intense. A team of researchers from Google told Apple about the problem with some flaws in August 2019 and in December a post on Apple’s blog reported that browser issues had been addressed.

An Apple engineer told the WebKit blog in December that the issue had been addressed – the news was encouraging to anyone concerned about tracking the crash. Apple had produced a solution and said thank you to Google.

However, Google researchers still raised issues.

Financial Times had a long story to tell and other news experts also talked about a paper published by Google researchers who found problems and the paper was published on January 21st. “Information Leaks Through Safari Intelligent Tracking Prevention” is the title of the Google report. the authors were Artur Janc, Krzysztof Kotowicz, Lukas Weichselbaum and Roberto Clapis. Focusing on them is still the tool Apple has offered to tackle web tracking.

In fact, according to a Google team report on this, the Google Information Security Engineer team only learned about the defects for the first time during a “routine security review”. Then they found security and privacy issues in Safari’s Intelligent Tracking Prevention plan.

In a Google report, they wrote: “The authors of this report believe that they will improve the Internet’s attitude to privacy and welcome the ongoing efforts of Safari developers in this area. At the same time, we would like to note that all changes to the web platform that affects fundamental security properties (such as modifying resource violations behavior between sites) at risk of endangering user privacy and / or security, unless taken pecial care for the understanding of their impact on the platform. Apple for future safety and security improvements of privacy on the web. “

End of story; After all, Reuters reported on January 22 that “An Apple spokesman on Wednesday confirmed that the defects found by Google and highlighted in the Financial Times story” had been corrected last year “.

In a December 10 posting, John Wilander said: “We have designed three ITP enhancements that not only combat the detection of different treatments but also improve the prevention of surveillance in general.”

Cookies were one of the issues discussed. Mr Wilander said: “ITP will exclude all third-party requests from viewing their cookies, regardless of the status of the third-party domain registration, unless the first-party site has already received user interaction.”

Another improvement was the degradation of the reference headers.

“ITP now downgrades all site referral headers only to the source of the page. Previously, this was only for site requests in classified domains.

Wilander set an example for readers. A request for images.example that previously contains the “https: //store.example/baby/strollers/deluxe-stroller-navy-blue.html” header will now be reduced to “https: //store.example / “.

Wilander’s blog posting in December had just as good things going for Google. “Thanks To Google” was the headline of a paragraph in the WebKit blog post.

“We would like to thank Google for sending a report exploring both the crawl potential when Internet content is treated differently by tracking the prevention as well as the bad things that are possible with this crawl. Our responsible disclosure practice has allowed us to plan and test the changes mentioned above. Full credit will be given to the forthcoming security release notes. “

So can we all go home now? Wait a minute. Alfred Ng’s CNET report spoke to a tweet from Google Chrome engineering director Justin Schuh that Apple has not fixed some Safari prevention problems.

Schuh tweeted: “I haven’t explained elsewhere that the publication of the Apple blog was confusing to the team that provided the report.” The post was made during a disclosure extension requested by Apple, but did not disclose the vulnerabilities and the changes reported do not correct the issues reported. “

Rami Tabari, Laptop Magsaid, “Some of the issues discussed in this document were addressed in Safari 13.0.4 and iOS 13.3, which was released in December 2019.” Yet Laptop Mag ‘s subhead: “Apple has put it up, but there is still a threat.”

At the time of this writing, Silicon.co.uk reported that Apple had identified Safari’s shortcomings, but a Google engineer disagreed. Tom Jowitt explained that it seems that the Google engineer did not believe that Apple broke the problem.

Also, at the time of writing, Bloomberg had the following message: “Wednesday’s ceremony concluded that the problems outweighed the issues that Apple faced. Instead of making a long list of cookies to block, Apple’s ITP constantly learns which websites are visited by users what kinds of cookies they are trying to post a walk in. Over time, this creates unique cookie blocking algorithms for any online surfer who can used to identify and monitor them, in accordance with the article.

Bloomberg Technology’s report by Gerrit De Vynck, without giving a harsh response, was particularly insightful. It took its readers to the largest field of the dynamic Apple-Google browser market.

Google Chrome and Apple’s Safari are two of the most popular web browsers, with Chrome being used by more people, but with the dominance of Safari on iPhones, he wrote. Apple first introduced Intelligent Tracking Prevention in 2017. “

De Vynck knew that privacy advocates welcomed Apple’s approach to surveillance and criticized Google for so long for doing so, but the paper suggests that Apple may have to go back to the plan to find a new way to prevent monitoring. ”

A new battlefield in the web browser is spinning: Personal data protection

More information:

Information Leaks Through Intelligent Safari Tracking Prevention, arXiv: 2001.07421 (cs.CR) arxiv.org/abs/2001.07421

