News+: How to Stay Safe and Secure Online

· · Link

In the latest issue of Mac Format magazine, Adam Banks writes a guide on how to stay safe online. This is a PDF version and on page 66.

Using a Mac makes you safer than average when going online. That’s partly because of Apple’s efforts to secure the operating system; partly because the Mac App Store gives you somewhere to get most of your third-party software safely. It’s also partly because bad actors – in the security industry sense, not the Hollyoaks sense – tend to be less interested in targeting macOS. But that doesn’t mean either you or your Mac can’t get fooled. Know your way around the common risks and basic protections to keep yourself out of harm’s way.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

AdGuard 3 Brings DNS Privacy, 250,000 Filter Rules, Premium Features

· · Cool Stuff Found

AdGuard is a content blocker for iOS that lets people block trackers and ads in Safari. Its AdGuard Pro app eventually got pulled from the App Store because of new VPN rules. AdGuard 3 brings some of those Pro features to the regular app, and some of them are locked behind a premium subscription. But Pro users can get a free 6-month license key. AdGuard 3 fixes a key issue with Safari. Safari’s maximum limit for content blockers is 50,000 rules. AdGuard now works around this by combining five blocks into one, each separately enabled in Settings and each with 50,000 rules. It also supports DNS-over-TLS and DNS-over-HTTPS. You can read more in the blog post. App Store: Free (Offers In-App Purchases)

AdGuard 3 Brings DNS Privacy, 250,000 Filter Rules, Premium Features

Apple Thwarts Sensor Fingerprinting With iOS 12.2

· · Link

A study called “SensorID: Sensor Calibration Fingerprinting for Smartphones” examined sensor fingerprinting techniques against smartphones. It found that Micro Electro Mechanical Systems (MEMS) are inaccurate in small ways that make them unique. But Apple thwarted this technique in iOS 12.2 and used the researchers’ suggestion to add random noise to the analog-to-digital converter output and removing default access to motion sensors in Safari.

We demonstrate that our approach is very likely to produce globally unique fingerprints for iOS devices, with an estimated 67 bits of entropy in the fingerprint for iPhone 6S devices. In addition, we find that the accelerometer of Google Pixel 2 and Pixel 3 devices can also be fingerprinted by our approach.

Why Does Apple Allow Pervasive App Tracking?

· · Link

In the future, I hope Apple puts restrictions on the kind of app tracking developers use. We already have Safari’s Intelligent Tracking Prevention. I’d like to see that for the App Store.

SDKs present a solution to Apple’s pesky tracking restriction for advertisers. They can connect who you are between apps, provided the developer of each app uses the same SDK and the advertiser is able to use signals to figure out who you are. If we look at the top 200 apps on the iOS App Store, it’s interesting to see how broad the reach of most SDKs actually is.

With Safari 12.1 You Can No Longer Disable Click Tracking

· · Link

Click tracking, a.k.a. hyperlink auditing, is an HTML standard that can be used to track clicks on web sites. Previous versions of Safari used to let you disable this, but Safari 12.1 changes that.

Despite several months notice from me, Apple shipped Safari 12.1 last week to the public with no way to disable hyperlink auditing. I hope to raise awareness about this issue, with the ultimate goal of getting hyperlink auditing disabled by default in Safari. Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists.

Which Browser is the Most Private and Secure?

· · Link

Zubair Khan put together a list of popular web browsers and tested them to figure out which was the most private and secure.

To decide which browser is the best for privacy and security, we will evaluate them using two criteria: Available security features [and ]embedded Privacy Tools. Each browser will be rated out of five and will be ranked accordingly.

The browsers he tested: Chrome, Internet Explorer (Not Edge?), Safari, Firefox, Chromium, Opera, and Tor browser.

Updated Apple Devices Display 'Not Secure' in Safari

· · Link

If you’ve updated to iOS 12.2 and/or macOS 14.4, you’ve probably seen a ‘Not Secure’ message in the Safari address bar. OSXDaily explains.

By seeing the ‘Not Secure” Safari message on an iPhone, iPad, or Mac you are simply being informed by Safari that the website or webpage being visited is using HTTP rather than HTTPS, or perhaps that HTTPS is misconfigured at some technical level.

Ironically, as the article points out OSXDaily is itself not secure.

An HTTPS Site Could Have a Green Padlock and Still be Insecure

· · Link

If a website uses HTTPS, Safari will display a green padlock next to the domain in the address bar. But in some cases it could still be insecure.

In analysis of the web’s top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs (of which there are many) in TLS and its predecessor Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.

Do Not Track Setting Could Return With a Vengeance

· · Link

Apple plans to remove the Do Not Track setting from iOS and macOS because it doesn’t actually do anything. Websites only have to voluntarily obey it, which means that the majority don’t. But a stronger DNT could be coming.

In January 2017 the European Commission announced an initiative to update the ePrivacy Regulation, a proposal that would revisit a 15-year-old directive dealing with privacy protections and how users consent to being tracked by cookies.

YouPorn Web App Launches on iOS

· · Link

Progressive web apps differ from native apps in that they are web-based, offer local storage, and give you push notifications. They also sidestep the App Store, which is famously family friendly. But you can now get a YouPorn web app for your iPhone. Just go to www.youporn.com/app, tap the share button, and tap Add to Home Screen.

Once installed, users will be able to launch the app right from their smartphone or tablet home screen and enjoy all YouPorn’s unique features including industry-leading content filtering tools and “For You Weekly” (NSFW) custom-tailored playlists, with native-app speed and a full-screen experience.

Safari Development: A New Way to Fight Intrusive Browser Ads

· · Link

ZDNet writes: “Engineers working on the WebKit engine, the core of the Safari browser, are looking at putting a limit on the amount of JavaScript a website can load, as a novel and unique approach to fighting websites that load too many or too intrusive ads.” It’s nice to see the more active role WebKit engineers are taking to limit the bad behavior of some websites. However, “…this isn’t a feature users can test right now. Weeks, or even months, of development are still needed.”

iOS 12.2 Will Remove 'Do Not Track' Option

· · Link

In the next update of iOS and macOS Apple will remove the Do Not Track option from Safari. This is okay.

Removed support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable.

Before I see a headline from Forbes titled “iOS 12.2 Has a Nasty Surprise” let me say that removing Do Not Track is good. It never did anything anyway because obeying it was completely voluntary. Which of course means that every website ignored it. And now it can be used to fingerprint your browser. Good riddance.