Flaws discovered in Safari’s Intelligent Tracking Prevention let users be tracked

Apple’s privacy focus branches off in a variety of ways, including reducing the way websites can track individuals.

That’s due in part to its Intelligent Tracking Prevention feature baked into its web browser, Safari. However, it’s been discovered by Google researchers that a flaw in ITP made it possible for users’ browsing habits to still be tracked, even with the feature in place.

A preview of the discovery was seen by Financial Times today, and the researchers say they will be publishing their discovery in the near future. According to the report, the Google researchers first discovered the flaws back in the summer of 2019, and officially disclosed to Apple in August. The flaws could allow third-parties access to “sensitive private information about the user’s browsing habits”.

There were five potential threats discovered by the researchers.

The researchers say these flaws are possible in part because Safari’s Intelligent Tracking Prevention feature “implicitly stores information about the websites visited by the user”. Attackers could use this information to create a “persistent fingerprint” that basically follows the user around as they browse the internet.

It’s worth noting here that these flaws have apparently been patched by Apple already. The company issued a software update in December of 2019 for Safari, so it looks like the issues have already been fixed.

Safari’s Intelligent Tracking Prevention started being implemented by Apple in 2017. It’s designed to limit the ability of websites to track a user as they browse the web and use search engines.