Google says Safari's 'anti-tracking' feature actually allowed tracking
Researchers at Google have flagged multiple security flaws in Apple's Safari web browser. The issues, according to a study published by the internet giant, tied to an anti-tracking feature built into the browser and opened a way to track the browsing habits of its users (look at the irony!). Here's all you need to know about it.
Issues associated with Safari Intelligent Tracking Prevention
The vulnerabilities in question, Google's engineers explained, were found in Intelligent Tracking Prevention (ITP), a tool Apple built into Safari three years ago to protect the privacy of its users. At its core, the feature worked by logging third-party tracking cookies and blocking the websites utilizing them. These sites were then logged as 'prevalent domains' and added into a dedicated 'ITP list'.
This 'ITP list' opened a way to access browsing history
While ITP worked without any hiccups, the list it maintained created the security issue. Essentially, Google said, the list could have allowed a potential hacker to view the browsing and search history of a user. Beyond that, it could have even allowed websites to track the users by checking the domain names added onto the browser list and manipulating it.
Here's what Google said about the issues
"We have long worked with companies across the industry to exchange information about potential vulnerabilities and protect our respective users," Google said in a statement after the paper was published. "Our core security research team has worked closely and collaboratively with Apple on this issue."
Apple claims the issues were resolved last month
Apple, on its part, claimed that the vulnerabilities detailed in the study were fixed in December itself. "We'd like to thank Google for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection," Apple engineer John Wilander had said last month.
Google's study says the fixes have limits
Despite Apple's response, the Google study detailing the bugs notes that the fixes released by the Cupertino giant have their limits. The company didn't specifically say what these limitations were, but we hope Apple would be looking into the matter. Last year, Google had also disclosed critical flaws in the iOS that were used to target Uighur Muslims in China.