Flaws in Apple's Intelligent Tracking Prevention Safari Feature Let People Be Tracked

[PickUrPoison]

Rough week for Apple---

Ah, the good'ol Safari, one of Apple's biggest software troll since Cook.

Seems like Apple has these rough weeks quite often these days. Reality is a bitch when all you've got is marketing.

....about a company who’s entire business spin is about privacy and security

What but i thought..........................

Well it was a pretty long article I guess. For those who didn’t bother reading to the end:

“Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its ‘responsible disclosure practice....’ ”

🙄

 

[69Mustang]

Messenger probably gonna be shot at a lot in this thread.

 

[trainwrecka]

Who would win? One company or the thousands that want to track you.

 

[Mick-Mac]

While I admire Apple's stance on privacy, their software quality control has sunken to all-time lows and that's why they'll continue to have security flaws. The two worst security flaws I've ever seen in the industry came from Apple - remember the one when you just typed a carriage return in response to entering the root user password and you got in, and then there was the one where upon mis-entering your password 3 times it asked you if you wanted your hint and when you said yes it returned your actual password instead...

 

[I7guy]

While I admire Apple's stance on privacy, their software quality control has sunken to all-time lows and that's why they'll continue to have security flaws. The two worst security flaws I've ever seen in the industry came from Apple - remember the one when you just typed a carriage return in response to entering the root user password and you got in, and then there was the one where upon mis-entering your password 3 times it asked you if you wanted your hint and when you said yes it returned your actual password instead...

If the number of security flaws and patch releases is the low bar for determining lack of software quality the MS wins that reward.

 

[FaustsHausUK]

A flawed system is better than no system. Before you throw on the schadenfreude, bear in mind Chrome still does not have anything like this because Google make all their money from the very ads that track you.

Good on Google for sharing these exploits with Apple, and good on Apple for resolving them. No software is perfect, but hopefully this will help Safari's developers avoid future problems with new techniques they implement.

 

[danny842003]

What but i thought..........................

I don’t really understand what point you’re making. You would have to be a fool to believe any company is capable of creating a flawless product.
what Apple do is aim to be as secure as possible, nobody in their right non trolling mind can expect anymore than that.
The reported vulnerabilities were fixed last month anyway.

 

[dwaite]

Oooooooooh the irony.

Which, that the anti-tracking system could be used to track based on which sites it did not allow tracking for?

Or that one of the companies which had the most to gain by defeating anti-tracking was the one which reported the issue?

 

[Rogifan]

....about a company who’s entire business spin is about privacy and security

So that means said company can’t have software bugs?

 

[BWhaler]

Thanks Google. Leadership on Privacy is the future. Of course, they didn’t need to make it public. Just tell Apple.

 

[Timothy Leo Crowley]

Seems like Apple has these rough weeks quite often these days. Reality is a bitch when all you've got is marketing.

And a stock price gone from 153 to 317 in a year due to some of the best products in the world. Most people would kill to have such "rough weeks". but yea "all they have is marketing". nonsense.

 

[nt5672]

And a stock price gone from 153 to 317 in a year due to some of the best products in the world. Most people would kill to have such "rough weeks". but yea "all they have is marketing". nonsense.

No one ever said that Apple's marketing was not good enough to separate fools from their money. Con artists have been doing that for years. But being the best at what Apple does (outside of marketing), is no longer true.

 

[macbequick]

Hoping Apple has already released a patch for this, and if not, I hope they do soon. I'm starting to switch to Firefox anyways though. The level of privacy and extension support is phenomenal.

Did you even read the article?

Apple appears to have addressed these Safari security flaws in a December update, based on a release update that thanked Google for its "responsible disclosure practice," though full security credit has not yet been provided by Apple so there's a chance that there's still some behind-the-scenes fixing to be done.

 

[sshambles]

Okay cool, Google, now do Google.

 

[Moakesy]

I’m just trying to find a way to read the title of this thread without tripping up in my head....

 

[henryhbk]

So per the article apple already patched this, so this is a giant nothing burger if you keep your system updated. And all the people above trolling with "apple having a lot of rough weeks", this is just bad PR since the problem is already fixed. Like Oh we found a bug months ago, it's fixed, but it was really impressive while it was unpatched. Uh OK, but it's fixed right? Yeah, but before that it was a big story. But not anymore, right? Right, but please think what could have happened last summer... (ad nauseum)

 

[Vjosullivan]

In what way?

$320/share.

Because the important thing is how it affects the share price.

 

[Stromos]

So per the article apple already patched this, so this is a giant nothing burger if you keep your system updated. And all the people above trolling with "apple having a lot of rough weeks", this is just bad PR since the problem is already fixed. Like Oh we found a bug months ago, it's fixed, but it was really impressive while it was unpatched. Uh OK, but it's fixed right? Yeah, but before that it was a big story. But not anymore, right? Right, but please think what could have happened last summer... (ad nauseum)

No offense but really? If it was leaking data would it matter if its already patched? Google found it and reported it doesn't mean bad actors were not exploiting it. That's the problem with anything like this.

 

[MikeSmoke]

One has to laugh when Google points a finger at someone violating privacy.

 

[Baymowe335]

Because the important thing is how it affects the share price.

Yes, that is the most important thing in business for publicly traded companies. Point is, Apple is doing great and it wasn't a "bad week" for Apple.

Big picture guys.

 

[Jim Lahey]

I was under the impression that this feature was designed to minimise what’s already going on everywhere else? If this is a reasonable description of its intended purpose then it seems a bit disingenuous to paint any failures as security flaws. Certainly in the typical sense. Happy to be corrected.

 

[69Mustang]

Thanks Google. Leadership on Privacy is the future. Of course, they didn’t need to make it public. Just tell Apple.

That's not how responsible disclosure works.

 

[69Mustang]

I was under the impression that this feature was designed to minimise what’s already going on everywhere else? If this is a reasonable description of its intended purpose then it seems a bit disingenuous to paint any failures as security flaws. Certainly in the typical sense. Happy to be corrected.

I think security flaw was being used to reference the unintended consequences from the way ITP was implemented.
My interpretation: ITP did it's job correctly - prevented browsing profiles and histories from being created. But by doing it correctly, it created exceptions. Trackers could track those exceptions and create profiles and histories anyway.

From a cursory reading of Apple's update note, it seems ITP will now address the exception tracking techniques.

 

[now i see it]

this is very old news / like mentioning Trump won the election. Apple has already publicly spoken about this and the issue was addressed in iOS 13 Safari

 

[Jim Lahey]

I think security flaw was being used to reference the unintended consequences from the way ITP was implemented.
My interpretation: ITP did it's job correctly - prevented browsing profiles and histories from being created. But by doing it correctly, it created exceptions. Trackers could track those exceptions and create profiles and histories anyway.

From a cursory reading of Apple's update note, it seems ITP will now address the exception tracking techniques.

Ok, cool. Thanks for that. I figured there was probably more to it than my feeble mind had been able to glean so far