The Safari browser has security flaws that allow hackers to snoop on your browsing history. How come the technology designed to protect your privacy actually does the opposite?

What is Intelligent Tracking Prevention?

Back in 2017, Apple introduced the Intelligent Tracking Prevention (ITP) feature. The ITP feature is supposed to protect you from 3rd-party tracking cookies on Safari. However, a team of Google engineers discovered multiple security flaws that allowed cybercriminals to view your browsing history. The same flaws may have also let websites track your online actions. Does this accident show that Apple’s privacy-oriented approach is only a marketing move?

How does the ITP tool work?

ITP was made to protect Safari users from 3rd-party tracking cookies: the system would log their use, stop websites from deploying them. Since those websites were kept in a list, it created a way for hackers to get a detailed perspective of the user’s entire browsing history. Eventually, these vulnerabilities could have led to large information compromises. Lukas Olejnik, a security researcher said, the accident “could allow unsanctioned and uncontrollable user tracking”. Google plans to share more information on security vulnerabilities soon.

These security flaws were first discovered earlier in 2019. Apple claims the flaws Google discovered last year were fixed and addressed in their release notes. Apple thanked Google for its “responsible disclosure practice” but declined to explain further.

Oops, they did it again?

L. Olejnik said such privacy flaws are rare as privacy-oriented tools are “highly counter-intuitive”. Yet, past events show different. Back in 2019, Safari deleted the “Do Not Track” feature. Do Not Track allowed websites to track users by inserting a “fingerprint” onto their browser settings.

So, should you start doubting Apple’s privacy-oriented practices? Let’s wait until Google releases the full report. In the meantime, you can improve your online life by using a VPN app. Atlas VPN will mask your IP address and encrypt your online actions so that no-one can see what you do online. Best of all, Atlas VPN guarantees a no-log policy and does it all for free.