Security Flaws in Safari’s Intelligent Tracking Prevention Can Expose Your Browsing Habits

safari on iphone

Google researchers have unearthed multiple security flaws in Apple’s Safari’s Intelligent Tracking Prevention feature. Apparently the security flaws will allow users habits to be tracked despite the Intelligent tracking feature being turned on.

Financial Times has accessed the preview and the entire research paper will be published soon. Google researchers claim that Safari’s Intelligent tracking prevention feature can potentially leave user data exposed. In other words, the feature maintains an information log on websites visited by users. However, third parties can potentially create a fingerprint that allows them to follow a user and learn their browsing habit.

The security flaws came to light in August last year and the same was shared with Apple. Researchers say that there are five types of attacks that could potentially allow third parties to glean private information about users’ browsing habits.

Apple seems to have already fixed the issues via an update in December last year. The company credited Google for its responsible disclosure practices. That being said, the security credit report is yet to be released by Apple and perhaps the company is still fixing some flaws.

With iOS 11 and macOS High Sierra, Apple introduced the Intelligent Tracking Prevention feature in Safari which prevents ads from tracking a user’s behavior on the web. Apple was earlier asked to rethink its position about Intelligent Tracking Prevention as it endangers the only source of revenue for internet publishers on which the majority of the world wide web is based on.

Apple defended its stance and expressed concerns over how ad tracking has become so invasive that it is possible for ad agencies to recreate the browsing history. It notes that this is done without the clear consent of the user and is a breach of their privacy.

[via FT]