HSTS Super Cookies - reason to dump Safari?

Discussion in 'OS X Yosemite (10.10)' started by You are the One, Jan 9, 2015.

  1. You are the One macrumors 6502a

    You are the One

    Joined:
    Dec 25, 2014
    Location:
    In the present
    #1
    Hi guys,

    just came across this article on The Register: HTTPS bent into the next super-cookies by researcher

    Then went to test my brower (Safari 8.0.3 on 10.10.2, latest) at RadicalResearch

    Seems Safari is vulnerable to this type of tracking, even across devices using the same iCloud account. I didn't test that but I'm now using FireFox until Apple comes up with a fix, or at least allows me to make choice.

    I looked in the forums but didn't find any post about it, hopefully this is the right forum.

    Have a good day :apple:
     
  2. GGJstudios, Jan 9, 2015
    Last edited: Jan 9, 2015

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    I just tested the site by copying the tracking ID on my first visit. Then I reset Safari, clearing my cache and cookies. When I re-visited the site, it did not give me the same tracking ID. Safari 7.1.2 on OS X 10.9.5.

    As the site references iPads, I did the same test with my iPad mini on iOS 7.1.2. Same results. Their tracking cookie was deleted when I cleared Safari cache and cookies.

    Same results on my iPhone running iOS 7.1.2.
     
  3. You are the One thread starter macrumors 6502a

    You are the One

    Joined:
    Dec 25, 2014
    Location:
    In the present
    #3
    So seems 7.1.2. and 8.0.3 handles HSTS differently then. Thank you.
     

Share This Page