Earlier today we published the details of a set of vulnerabilities in Safari's Intelligent Tracking Prevention privacy mechanism: https://arxiv.org/abs/2001.07421 . They are... interesting. [1/9]
@kkotowicz @empijei @we1x
Prikaži ovu nit
-
What you end up with is a personalized anti-tracking model baked into your browser. That model is not only a unique identifier, but also reveals information about sites you visited since last clearing browsing state. That's not great. [5/9]
Prikaži ovu nit
As far as mitigations go, there are definitely useful things the browser can do to address such leaks (and Safari has done them: https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/ …). But completely fixing this is hard. [6/9]
-
-
There is an important and somewhat unexpected lesson in all of this. It's that if you alter browser behavior based on locally gathered data, then if your changes have web-observable consequences, you're going to have a bad time. [7/9]
Prikaži ovu nit -
This is a concern not just for Safari and ITP, but for all other anti-tracking proposals. For example, Chrome's Privacy Budget idea will have to grapple with the same kinds of issues as it develops. [8/9]
Prikaži ovu nit -
One last thing: it's clear that Apple is trying to do the right thing and the WebKit folks we've interacted with care deeply about privacy. We hope that these results will help Safari & guide other browser vendors in the long run. [fin]
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
Interesting research. Does Safari 13.0.4 and iOS 13.3, released in December 2019, address the problems you uncovered and is more work on mitigations needed?
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.