Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

You are the One

macrumors 6502a
Original poster
Dec 25, 2014
633
795
In the present
Hi guys,

just came across this article on The Register: HTTPS bent into the next super-cookies by researcher

Then went to test my brower (Safari 8.0.3 on 10.10.2, latest) at RadicalResearch

Seems Safari is vulnerable to this type of tracking, even across devices using the same iCloud account. I didn't test that but I'm now using FireFox until Apple comes up with a fix, or at least allows me to make choice.

I looked in the forums but didn't find any post about it, hopefully this is the right forum.

Have a good day :apple:
 

GGJstudios

macrumors Westmere
May 16, 2008
44,495
891
just came across this article on The Register: HTTPS bent into the next super-cookies by researcher

Then went to test my brower (Safari 8.0.3 on 10.10.2, latest) at RadicalResearch

Seems Safari is vulnerable to this type of tracking, even across devices using the same iCloud account.
I just tested the site by copying the tracking ID on my first visit. Then I reset Safari, clearing my cache and cookies. When I re-visited the site, it did not give me the same tracking ID. Safari 7.1.2 on OS X 10.9.5.

As the site references iPads, I did the same test with my iPad mini on iOS 7.1.2. Same results. Their tracking cookie was deleted when I cleared Safari cache and cookies.

Same results on my iPhone running iOS 7.1.2.
 
Last edited:

You are the One

macrumors 6502a
Original poster
Dec 25, 2014
633
795
In the present
I just tested the site by copying the tracking ID on my first visit. Then I reset Safari, clearing my cache and cookies. When I re-visited the site, it did not give me the same tracking ID. Safari 7.1.2 on OS X 10.9.5.

So seems 7.1.2. and 8.0.3 handles HSTS differently then. Thank you.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.