Apple Thwarts Sensor Fingerprinting With iOS 12.2

A study called “SensorID: Sensor Calibration Fingerprinting for Smartphones” examined sensor fingerprinting techniques against smartphones. It found that Micro Electro Mechanical Systems (MEMS) are inaccurate in small ways that make them unique. But Apple thwarted this technique in iOS 12.2 and used the researchers’ suggestion to add random noise to the analog-to-digital converter output and removing default access to motion sensors in Safari.

We demonstrate that our approach is very likely to produce globally unique fingerprints for iOS devices, with an estimated 67 bits of entropy in the fingerprint for iPhone 6S devices. In addition, we find that the accelerometer of Google Pixel 2 and Pixel 3 devices can also be fingerprinted by our approach.

Why Does Apple Allow Pervasive App Tracking?

In the future, I hope Apple puts restrictions on the kind of app tracking developers use. We already have Safari’s Intelligent Tracking Prevention. I’d like to see that for the App Store.

SDKs present a solution to Apple’s pesky tracking restriction for advertisers. They can connect who you are between apps, provided the developer of each app uses the same SDK and the advertiser is able to use signals to figure out who you are. If we look at the top 200 apps on the iOS App Store, it’s interesting to see how broad the reach of most SDKs actually is.

With Safari 12.1 You Can No Longer Disable Click Tracking

Click tracking, a.k.a. hyperlink auditing, is an HTML standard that can be used to track clicks on web sites. Previous versions of Safari used to let you disable this, but Safari 12.1 changes that.

Despite several months notice from me, Apple shipped Safari 12.1 last week to the public with no way to disable hyperlink auditing. I hope to raise awareness about this issue, with the ultimate goal of getting hyperlink auditing disabled by default in Safari. Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists.

Which Browser is the Most Private and Secure?

Zubair Khan put together a list of popular web browsers and tested them to figure out which was the most private and secure.

To decide which browser is the best for privacy and security, we will evaluate them using two criteria: Available security features [and ]embedded Privacy Tools. Each browser will be rated out of five and will be ranked accordingly.

The browsers he tested: Chrome, Internet Explorer (Not Edge?), Safari, Firefox, Chromium, Opera, and Tor browser.

Updated Apple Devices Display 'Not Secure' in Safari

If you’ve updated to iOS 12.2 and/or macOS 14.4, you’ve probably seen a ‘Not Secure’ message in the Safari address bar. OSXDaily explains.

By seeing the ‘Not Secure” Safari message on an iPhone, iPad, or Mac you are simply being informed by Safari that the website or webpage being visited is using HTTP rather than HTTPS, or perhaps that HTTPS is misconfigured at some technical level.

Ironically, as the article points out OSXDaily is itself not secure.

An HTTPS Site Could Have a Green Padlock and Still be Insecure

If a website uses HTTPS, Safari will display a green padlock next to the domain in the address bar. But in some cases it could still be insecure.

In analysis of the web’s top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs (of which there are many) in TLS and its predecessor Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.

Do Not Track Setting Could Return With a Vengeance

Apple plans to remove the Do Not Track setting from iOS and macOS because it doesn’t actually do anything. Websites only have to voluntarily obey it, which means that the majority don’t. But a stronger DNT could be coming.

In January 2017 the European Commission announced an initiative to update the ePrivacy Regulation, a proposal that would revisit a 15-year-old directive dealing with privacy protections and how users consent to being tracked by cookies.

Safari Development: A New Way to Fight Intrusive Browser Ads

ZDNet writes: “Engineers working on the WebKit engine, the core of the Safari browser, are looking at putting a limit on the amount of JavaScript a website can load, as a novel and unique approach to fighting websites that load too many or too intrusive ads.” It’s nice to see the more active role WebKit engineers are taking to limit the bad behavior of some websites. However, “…this isn’t a feature users can test right now. Weeks, or even months, of development are still needed.”

iOS 12.2 Will Remove 'Do Not Track' Option

In the next update of iOS and macOS Apple will remove the Do Not Track option from Safari. This is okay.

Removed support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable.

Before I see a headline from Forbes titled “iOS 12.2 Has a Nasty Surprise” let me say that removing Do Not Track is good. It never did anything anyway because obeying it was completely voluntary. Which of course means that every website ignored it. And now it can be used to fingerprint your browser. Good riddance.

Features Coming in iOS 12.2, Like Apple News in Canada

The first iOS 12.2 developer beta was released today, and we got a sneak peak into the features that will be coming.

Apple today released the first beta of iOS 12.2 for developers, and while it doesn’t bring as many new changes as we might have hoped for in a 12.x update, there are still quite a few minor tweaks to be aware of.

Some updates coming include Apple News for Canadian users, HomeKit TV Support, Safari search arrows, and more.

Long Press Shortcuts for iOS Safari

I’ve covered iOS 12 tips and tricks that you might have forgotten. Now I’d like to resurface a tip from 2017 about shortcuts for iOS Safari.

You might not know it, but Safari has some hidden shortcuts tucked behind some of the icons. This will let you perform certain actions a little faster, like quickly access the desktop version of a website, add a bookmark, and even close multiple tabs at once.