Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

How Apple’s Safari Browser Will Try to Thwart Data Tracking

New privacy features in Apple’s Safari browser seek to make it tougher for companies such as Facebook to track you.

Companies have long used cookies to remember your past visits. This can be helpful for saving sign-in details and preferences. But now they’re also being used to profile you in order to fine-tune advertising to your tastes and interests.

New privacy features in Apple’s Safari browser seek to make it tougher for companies such as Facebook to track you.

Companies have long used cookies to remember your past visits. This can be helpful for saving sign-in details and preferences. But now they’re also being used to profile you in order to fine-tune advertising to your tastes and interests.

Cookie use goes beyond visiting a particular website. As other sites embed Facebook “like” and “share” buttons, for instance, Facebook’s servers are being pinged and can access your stored cookies. That means Facebook now knows you frequent celebrity gossip sites or read news with a certain political bent. Ads can be tailored to that.

Here’s how Safari is getting tougher in dealing with that.

NO MORE GRACE PERIOD

Safari used to wait 24 hours from your last visit to a service before blocking that service’s cookies on third-party sites. That effectively exempted Facebook, Google and other services that people visited daily. Now, Safari will either block the cookie automatically or prompt you for permission.

Apple says Safari will still be able to remember sign-in details and other preferences, though some websites have had to adjust their coding.

THWARTING FINGERPRINTING

Advertisement. Scroll to continue reading.

Browsers typically reveal seemingly innocuous information about your device, such as the operating system used and fonts installed. Websites use this to make minor adjustments in formatting so that pages display properly.

Browsers have historically made a lot of information available, largely because it seemed harmless. Now it’s clear that all this data, taken together, can be used to uniquely identify you. Safari will now hide many of those specifics so that you will look no different from the rest.

It’s like a system that digitally blurs someone’s image, said Lance Cottrell, creator of the privacy service Anonymizer. “You can tell it’s a person and not a dog, but you can’t recognize a person’s face,” he said.

For instance, Safari will reveal only the fonts that ship with the machine, not any custom fonts installed.

MASKING WEB ADDRESSES

When visiting a website, the browser usually sends the web address for the page you were just on. This address can be quite detailed and reveal the specific product you were exploring at an e-commerce site, for instance.

Now, Safari will just pass on the main domain name for that site. So it would be just “Amazon.com” rather than the specific product page at Amazon.

CLOSING A LOOPHOLE

Some ad companies have sought to bypass restrictions on third-party cookies — that is, identifiers left by advertisers — by using a trick that routed them through a series of websites. That could make a third-party cookie look like it belonged to a site you’re visiting. Safari will now try to catch that.

The changes come Tuesday as part of the iOS 12 update for iPhones and iPads and a week later in the Mojave update for Mac computers.

Many of the safeguards will be limited to cookies that Apple deems to be trackers. That’s being done to reduce the likelihood of inadvertently blocking legitimate third-party cookies.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Endpoint Security

Gigabyte has announced BIOS updates that remove a recently identified backdoor feature in hundreds of its motherboards.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Endpoint Security

Several major companies have published advisories in response to the Downfall vulnerability affecting Intel CPUs.

Application Security

Microsoft on Tuesday pushed a major Windows update to address a security feature bypass already exploited in global ransomware attacks.The operating system update, released...

Endpoint Security

The Zero Day Dilemma