Google: Flaws in Apple's Private-Browsing Technology Allow for Third-Party Tracking

Yolanda Curtis
January 26, 2020

The Colorful Monitoring Prevention characteristic on Apple's Safari internet browser, which is supposed to block tracking tool damaged-down by digital advertisers, could per chance moreover honest moreover be abused to assemble the staunch reverse, per a paper launched Wednesday by Google researchers.

An Apple spokesman on Wednesday confirmed that the flaws found by Google and highlighted in the Financial Times' story were patched past year.

Google researcher, Justin Schuh said on Twitter that though Apple acknowledged the issues reported in the feature in a blog post, none of the changes made by the company actually addressed flaws. While Apple claims to have fixed the ITP loopholes, a paper by Google reveals that these flaws still have limits.

"As part of a routine security review, the Information Security Engineering team at Google has identified multiple security and privacy issues in Safari's ITP design".

Safari left personal data exposed because the Intelligent Tracking Prevention List "implicitly stores information about the websites visited by the user".

"You would not expect privacy enhancing technologies to introduce privacy risks", said Lukasz Olejnik, an independent security researcher who saw the document. The system clears out first-party cookies regularly and blocks third-party cookies by default, making it hard for advertisers to track users.

Security researchers have uncovered in Apple's Safari browser by Google researchers.

Apple launched ITP back in 2017 as the most advanced anti-tracking system, as it adds a new protection layer against both first-party and third-party cookies, with the latter blocked by default on all devices. The flaws, if exploited, will allow "unsanctioned and uncontrollable user tracking", the researchers said. Another is able to know the research on the internet of an individual. They also created a "persistent fingerprint" to follow them around the web.

Apple, on its part, claimed that the vulnerabilities detailed in the study were fixed in December itself. The patch was released in December 2019, following which a privacy engineer from Apple called John Wilander has thanked Google for reporting the issue.

Other reports by iNewsToday