Apple's Privacy Software Allowed Users To Be Tracked, Says Google (ft.com) 15
Google researchers have exposed details of multiple security flaws in its rival Apple's Safari web browser that allowed users' browsing behavior to be tracked [Editor's note: the link may be paywalled; alternative source], despite the fact that the affected tool was specifically designed to protect their privacy. From a report: The flaws, which were ironically found in an anti-tracking feature known as Intelligent Tracking Prevention, were first disclosed by Google to Apple in August last year. In a soon-to-be published paper seen by the Financial Times, researchers in Google's cloud team have since identified five different types of potential attack that could have resulted from the vulnerabilities, allowing third parties to obtain "sensitive private information about the user's browsing habits." "You would not expect privacy-enhancing technologies to introduce privacy risks," said Lukasz Olejnik, an independent security researcher who has seen the paper. "If exploited or used, [these vulnerabilities] would allow unsanctioned and uncontrollable user tracking. Apple rolled out Intelligent Tracking Prevention in 2017, with the specific aim of protecting Safari browser users from being tracked around the web by advertisers' and other third-parties' cookies.
WTH? (Score:1)
Ignoring the Biggest Threat (Score:5, Interesting)
"You would not expect privacy-enhancing technologies to introduce privacy risks," said Lukasz Olejnik, an independent security researcher who has seen the paper.
I absolutely would expect that, if the "privacy-enhancing technologies" were developed by Google (or anyone like them).
Re:Ignoring the Biggest Threat (Score:5, Informative)
According to this story, what Google works on is privacy breaking technologies. So it seems Apples is working on enhancing privacy and Google is working harder and harder on breaking privacy, those filthy animals even corrupting medical services and buying people's medical records. Truly sick and disgusting stuff for what is basically an advertising corporation wrapped up in entirely bullshit feel good messaging, the bait to suck in the mug punters. People are really starting to wake up to how evil Google is (to rub it all in, also massive tax cheats).
Re: (Score:2)
Google is developing privacy enhancing technologies.
https://digiday.com/marketing/... [digiday.com]
https://blog.mozilla.org/blog/... [mozilla.org]
Apple is creating similar APIs for advertisers and we will see a battle between Google and Apple over whose becomes the standard. Apple's API isn't meaningfully different or better in terms of privacy protection, by the way, they both work the same way except for minor details.
Google is killing 3rd party cookies in Chrome, one of the major sources of tracking data. Then those APIs, which onl
Re: (Score:1)
Not really a "flaw" (Score:1)
It's just something various governments told Apple to provide, similar to ditching encrypted backups on iCoud.
Apple will only provide the "privacy" they are allowed to. So, really, all bets are off. The safest thing to assume is that you have none.
Re: (Score:2)
Well, ditching encrypted backups is one thing - you don't have to use iCloud after all (you can do the backups yourself on your own computer, and not use clouds or other people's computers at all). So it's less necessary than you think. And some things like mail,
Re: (Score:1)
otherwise they'd have caved to the FBI/China/etc requests to decrypt the phones already.
We don't know they haven't. It's purely a matter of trust, and that's out the window. Mass media is nothing but propaganda
Catlick (Score:2)
The flaws, which were ironically found in an anti-tracking feature known as Intelligent Tracking Prevention...
The first thing that comes to mind is the people using the anti-tracking feature may appear to have more to hide.
Intelligent Tracking Prevention with multiple vulnerabilities... so either Intelligent , or Prevention (or both) is a misnomer in this case.
Past tense (Score:4, Informative)
Google's researchers found flaws, reported them to Apple, and they were fixed. That's how the system is designed to work. From TFA:
"In a blog post in December, an Apple engineer said that the company had fixed flaws disclosed to it by Google researchers. An Apple spokesman on Wednesday confirmed that the flaws found by Google and highlighted in the Financial Times’ story were patched last year."
Re: (Score:3)
The only reason Google researchers reported flaws to apple _this time around_ is because they already got caught using results of similar research earlier to ... wait for it .. track users :/
https://www.ghacks.net/2012/02... [ghacks.net]
"We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information."
and bypassing IE third party cookie protection:
"impractical to comply with Microsoft’s
Shoulda seen it comin' (Score:1)
Considering it's an Apple product, we should have seen this coming. I'd like to think this wasn't deliberate, but it's Apple.
I mean, they talk a good game but Apple allows only as much privacy as their bank account can stand, and that's not very much.
You would not expect... (Score:1)
... yet, I do.
I am shocked if its real (Score:1)