KEY POINTS

  • Google researchers found serious flaws in Safari's Intelligent Tracking Protection feature
  • The flaws allow people with malicious intent to construct user profiles and track their movements
  • Apple acknowledged the flaws, but didn't say if it has already addressed them

Safari's Intelligent Tracking Protection (ITP) is designed to keep a user's browsing habits as private as can be, safely kept from internet marketing companies. It works by reducing the amount of data that is generated whenever a person browses the internet using Safari. The fewer the data, the less chances of that person being tracked by digital marketing companies.

By reducing the amount of data, digital marketers won't be able to track users and construct user profiles that they will use for ads, among other uses. With the ITP, Apple is making it hard for such companies to track users, while making it easier for users to enjoy browsing without worrying about being tracked.

Google's researchers, however, found a number of flaws in the ITP, Apple Insider reported. The researchers said they found five attack types that could reveal “sensitive private information about the user's browsing habits.” The Financial Times was able to acquire a preview of the research paper. Google said it will publish the entire paper soon.

Irony

The researchers discovered what could simply be a huge irony. ITP, which was supposed to provide users with much-needed privacy, has flaws that betray user privacy. “You would not expect privacy-enhancing technologies to introduce privacy risks,” Lukasz Olejnik, Google security researcher, said.

The researchers explained that the flaws were found in the way ITP works. They wrote in the paper that user data is compromised because the feature stores information relating to the websites that users visit when they browse.

By exploiting one of the flaws, the researchers were able to create a “persistent fingerprint” of a user. Another flaw allowed the researchers to gather information about what users were searching for on the internet. The flaws, if exploited, will allow “unsanctioned and uncontrollable user tracking,” the researchers said.

Google discovered the flaws in August last year and informed Apple of the problem. The Cupertino tech giant, in a blog entry in December, thanked the Android-maker for disclosing the information to it, and acknowledged the flaws. It did not, however, say if it has addressed all the flaws in a Safari update.

Safari Logo Safari logo. Photo: Oorehov/Wikimedia Commons