Apple's Intelligent Tracking Protection can be exploited to track Safari users, says Googl...

Posted:
in macOS edited August 2020
Apple's enhanced privacy tools in Safari to prevent tracking can be used to continue tracking users, Google researchers intend to reveal in a paper, with a total of five different attack vectors identified in Apple's Intelligent Tracking Prevention system.




Intelligent Tracking Protection is designed to minimize the amount of data that is generated by users browsing website, that could be tracked by digital marketers to construct a profile of the user. By cutting down what data is available, Apple intended to make it harder to create the profiles and to track the user's movements.

In a soon-to-be-published research paper, Google has come up with a number of flaws in how ITP functions, that could allow users to continue to be tracked, reports the Financial Times. The five different attack types could allow third parties to acquire "sensitive private information about the user's browsing habits," according to the paper.

"You would not expect privacy-enhancing technologies to introduce privacy risks," security researcher Lukasz Olejnik proposed to the publication. The flaws, if exploited, would "allow unsanctioned and uncontrollable user tracking."

It is claimed the way ITP functions to detect and learn user behavior is why the potential for information leaks and tracking could occur. Google researchers write the data is exposed "because the ITP list implicitly stores information about the websites visited by the user."

Researchers were also able to use a flaw to create a "persistent fingerprint" of a user for easier tracking of online browsing, while another issue was able to determine what users searched for via search engines.

Apple has acknowledged the flaws during a blog post about security updates in December, but did not confirm if the flaws had been patched in Safari. Apple privacy engineer John Wilander publicly thanked the researchers "for sending us a report in which they explore both the ability to detect when web content is treated differently by tracking prevention and the bad things that are possible with such detection."

So far, Intelligent Tracking Prevention and Apple's other similar tools are performing sufficiently enough that it is causing issues for the advertising industry. Ad executives have lauded ITP as being "stunningly effective," with some firms reporting a 60% decrease in pricing for targeted Safari ads.

Comments

  • Reply 1 of 12
    coolfactorcoolfactor Posts: 2,327member

    Apple intended to make it harder to create the profiles and to track the user's movements
    So ITP is successful in "making it harder". The fact that there's more than can be done is why they invented the word "evolution". It would be unreasonable for anyone to expect perfection out of the gate or to last forever in a digital world that is always changing.

    edited January 2020 wonkothesaneStrangeDayselijahgsteven n.tdknoxwatto_cobrajony0
  • Reply 2 of 12
    elijahgelijahg Posts: 2,831member

    Apple intended to make it harder to create the profiles and to track the user's movements
    So ITP is successful in "making it harder". The fact that there's more than can be done is why they invented the word "evolution". It would be unreasonable for anyone to expect perfection out of the gate or to last forever in a digital world that is always changing.

    That and the fact that advertisers know Apple users are a valuable target, so they’re going to be no less unscrupulous and wear their fingers to the bone to try and trick Safari’s ITP into giving up some data. 
    watto_cobra
  • Reply 3 of 12
    Yep, them darn goal posts always be moving...
    watto_cobra
  • Reply 4 of 12
    kevin keekevin kee Posts: 1,289member
    Yeah, well it's working and improving. Apple is still regarded as gold standard when it comes to security and privacy.
    watto_cobra
  • Reply 5 of 12
    digitoldigitol Posts: 276member
    Well gollie-gee-wiz! Will you look at that!? Google, is pointing out a security flaw in the very system that demonetizes Google’s entire platform. Ads. So nice of google to tell us Safari users we are at risk!! Wow. Guess i will start using Google Chrome now. I love CPU intensive, Memory leaking, Ad serving/Tracking software!! /end sarcasm. I’ll stick with Safari thanks. 
    shrave10rotateleftbyteRayz2016tdknoxwatto_cobrajony0badmonk
  • Reply 6 of 12
    MplsPMplsP Posts: 4,006member
    Apple never said they would prevent all tracking, just that they were working on preventing it. It’s becoming the same cat and mouse game that internet security is. Now that people (and browser developers) are wise to cookies, advertisers have been using other technology to create ‘browser fingerprints’ that they use to track people. Next Apple et al will make it more difficult to fingerprint a browser... and so on.
    watto_cobra
  • Reply 7 of 12
  • Reply 8 of 12
    Google is just being Google. i.e. Evil, pure Evil. Their whole business model revolves around knowing as much (if not more than we do) about each and every one of us 24/7/52. It really is that simple.
    They are the enemy within so stop feeding their dragon.

    There are lists of domains that the likes of Google and Facebook and the rest out there. Use them and block them either at your firewall or in your hosts file. keep them updates as they (Google etc) love to add more endpoints for their slurping of our lives.

    It also pays every once in a while and preferably using something like a computer in a public library well away from your home town to search Google for yourself. You would be surprised what is public knowledge about you.
    Don't ever use your real name to post on the internet. That will make their job of tracking you so much easier.

    Well done to Apple for getting this far but we all know that the battle is not over. Like Orwell said, (or something like this) "We have always been at war with ... " Insert Google and that's where we are at.

    We can do so much to help ourselves to stay anonymous. Turning off BT and WiFi on your phone when out and about stops a lot of tracking from other devices dead in the water.
    spice-boywatto_cobra
  • Reply 9 of 12
    gatorguygatorguy Posts: 24,608member
    MplsP said:
    Apple never said they would prevent all tracking, just that they were working on preventing it. It’s becoming the same cat and mouse game that internet security is. Now that people (and browser developers) are wise to cookies, advertisers have been using other technology to create ‘browser fingerprints’ that they use to track people. Next Apple et al will make it more difficult to fingerprint a browser... and so on.
    ..and Google is doing the same thing, making it ever more difficult for 3rd parties to use browsers and cookies for fingerprinting and tracking.
    https://techcrunch.com/2019/08/22/google-proposes-new-privacy-and-anti-fingerprinting-controls-for-the-web/
    https://www.techrepublic.com/article/why-google-plans-to-cut-off-support-for-third-party-cookies-in-chrome/


    edited January 2020
  • Reply 10 of 12
    gatorguygatorguy Posts: 24,608member
    A good reminder too...
    In fairness a lot has changed in 8 years. Google is now at the forefront in offering ways for people to maintain their privacy and security when life requires that they use the internet. You don't have to accept defaults which nearly always lean in favor of the service provider whether it be Apple, Google, or Microsoft. 
  • Reply 11 of 12
    StrangeDaysStrangeDays Posts: 13,068member
    gatorguy said:
    MplsP said:
    Apple never said they would prevent all tracking, just that they were working on preventing it. It’s becoming the same cat and mouse game that internet security is. Now that people (and browser developers) are wise to cookies, advertisers have been using other technology to create ‘browser fingerprints’ that they use to track people. Next Apple et al will make it more difficult to fingerprint a browser... and so on.
    ..and Google is doing the same thing, making it ever more difficult for 3rd parties to use browsers and cookies for fingerprinting and tracking.
    https://techcrunch.com/2019/08/22/google-proposes-new-privacy-and-anti-fingerprinting-controls-for-the-web/
    https://www.techrepublic.com/article/why-google-plans-to-cut-off-support-for-third-party-cookies-in-chrome/


    Third-parties...so in other words, “competitors”.
    watto_cobra
  • Reply 12 of 12
    gatorguygatorguy Posts: 24,608member
    gatorguy said:
    MplsP said:
    Apple never said they would prevent all tracking, just that they were working on preventing it. It’s becoming the same cat and mouse game that internet security is. Now that people (and browser developers) are wise to cookies, advertisers have been using other technology to create ‘browser fingerprints’ that they use to track people. Next Apple et al will make it more difficult to fingerprint a browser... and so on.
    ..and Google is doing the same thing, making it ever more difficult for 3rd parties to use browsers and cookies for fingerprinting and tracking.
    https://techcrunch.com/2019/08/22/google-proposes-new-privacy-and-anti-fingerprinting-controls-for-the-web/
    https://www.techrepublic.com/article/why-google-plans-to-cut-off-support-for-third-party-cookies-in-chrome/


    Third-parties...so in other words, “competitors”.
    Does Safari block Apple's own 1st party cookies? Only competitors cookies* AFAIK unless something recently changed.

    Sidenote FWIW:
    *The reason Apple is able convince Google to pay $B's for the privilege of being the default search provider is because of some fine print that allows Google (and Facebook too but whatever) to remain relatively unaffected by Safari's 3rd party blocking. If Apple actually cut off Google access to Apple Safari users then they would cut themselves out of a huge amount of profit. The big techs are going to protect their revenue streams and not cut off their noses. 
    edited January 2020
Sign In or Register to comment.