Apple is deprecating SHA-1, an old security standard, in iOS 13 and macOS Catalina. This is good news since we now have the more secure SHA-2 and SHA-3.
Safari
Apple Thwarts Sensor Fingerprinting With iOS 12.2
A study called “SensorID: Sensor Calibration Fingerprinting for Smartphones” examined sensor fingerprinting techniques against smartphones. It found that Micro Electro Mechanical Systems (MEMS) are inaccurate in small ways that make them unique. But Apple thwarted this technique in iOS 12.2 and used the researchers’ suggestion to add random noise to the analog-to-digital converter output and removing default access to motion sensors in Safari.
We demonstrate that our approach is very likely to produce globally unique fingerprints for iOS devices, with an estimated 67 bits of entropy in the fingerprint for iPhone 6S devices. In addition, we find that the accelerometer of Google Pixel 2 and Pixel 3 devices can also be fingerprinted by our approach.
Ad Click Attribution, GSuite Data Exposed – TMO Daily Observations 2019-05-22
Charlotte Henry and Andrew Orr join host Kelly Guimont to discuss ad blocking in Safari and the latest report of plaintext password storage.
Apple’s Privacy Preserving Ad Click Attribution in Safari
In a WebKit post today, Apple has an idea to make online ads private. It’s called Privacy Preserving Ad Click Attribution.
Cookies to be Limited by Google in Chrome
Google will launch tools limiting the use of tracking cookies on Chrome, however, it would not be as wide-ranging a restriction as on Safari.
Intelligent Tracking Prevention 2.2 Changes Cookie Storage Duration
Intelligent Tracking Prevention 2.2 is an update that changes the duration of certain cookies created under certain conditions.
Safari Technology Preview 80 Removes Support for Legacy Extensions
Safari Technology Preview 80 is available to download today, and it removes support for legacy Safari extensions.
Why Does Apple Allow Pervasive App Tracking?
In the future, I hope Apple puts restrictions on the kind of app tracking developers use. We already have Safari’s Intelligent Tracking Prevention. I’d like to see that for the App Store.
SDKs present a solution to Apple’s pesky tracking restriction for advertisers. They can connect who you are between apps, provided the developer of each app uses the same SDK and the advertiser is able to use signals to figure out who you are. If we look at the top 200 apps on the iOS App Store, it’s interesting to see how broad the reach of most SDKs actually is.
Safari Click Tracking, Social Media Duty of Care – TMO Daily Observations 2019-04-08
Andrew Orr and Charlotte Henry join host Kelly Guimont to discuss the latest in Safari security, and a proposed UK law addressing online harm.
With Safari 12.1 You Can No Longer Disable Click Tracking
Click tracking, a.k.a. hyperlink auditing, is an HTML standard that can be used to track clicks on web sites. Previous versions of Safari used to let you disable this, but Safari 12.1 changes that.
Despite several months notice from me, Apple shipped Safari 12.1 last week to the public with no way to disable hyperlink auditing. I hope to raise awareness about this issue, with the ultimate goal of getting hyperlink auditing disabled by default in Safari. Apple claims that Safari is supposed to protect your privacy and prevent cross-site tracking, but hyperlink auditing is a wide open door to cross-site tracking that still exists.
Which Browser is the Most Private and Secure?
Zubair Khan put together a list of popular web browsers and tested them to figure out which was the most private and secure.
To decide which browser is the best for privacy and security, we will evaluate them using two criteria: Available security features [and ]embedded Privacy Tools. Each browser will be rated out of five and will be ranked accordingly.
The browsers he tested: Chrome, Internet Explorer (Not Edge?), Safari, Firefox, Chromium, Opera, and Tor browser.
Updated Apple Devices Display 'Not Secure' in Safari
If you’ve updated to iOS 12.2 and/or macOS 14.4, you’ve probably seen a ‘Not Secure’ message in the Safari address bar. OSXDaily explains.
By seeing the ‘Not Secure” Safari message on an iPhone, iPad, or Mac you are simply being informed by Safari that the website or webpage being visited is using HTTP rather than HTTPS, or perhaps that HTTPS is misconfigured at some technical level.
Ironically, as the article points out OSXDaily is itself not secure.
An HTTPS Site Could Have a Green Padlock and Still be Insecure
If a website uses HTTPS, Safari will display a green padlock next to the domain in the address bar. But in some cases it could still be insecure.
In analysis of the web’s top 10,000 HTTPS sites—as ranked by Amazon-owned analytics company Alexa—the researchers found that 5.5 percent had potentially exploitable TLS vulnerabilities. These flaws were caused by a combination of issues in how sites implemented TLS encryption schemes and failures to patch known bugs (of which there are many) in TLS and its predecessor Secure Sockets Layer. But the worst thing about these flaws is they are subtle enough that the green padlock will still appear.
Do Not Track Setting Could Return With a Vengeance
Apple plans to remove the Do Not Track setting from iOS and macOS because it doesn’t actually do anything. Websites only have to voluntarily obey it, which means that the majority don’t. But a stronger DNT could be coming.
In January 2017 the European Commission announced an initiative to update the ePrivacy Regulation, a proposal that would revisit a 15-year-old directive dealing with privacy protections and how users consent to being tracked by cookies.
macOS Flaw Exposes Safari Browsing History
A flaw in macOS Mojave can expose your Safari browsing history. Developer Jeff Johnson discovered this on February 8.
Safari Development: A New Way to Fight Intrusive Browser Ads
ZDNet writes: “Engineers working on the WebKit engine, the core of the Safari browser, are looking at putting a limit on the amount of JavaScript a website can load, as a novel and unique approach to fighting websites that load too many or too intrusive ads.” It’s nice to see the more active role WebKit engineers are taking to limit the bad behavior of some websites. However, “…this isn’t a feature users can test right now. Weeks, or even months, of development are still needed.”
Screen Recording Your Activity, RIP Do Not Track – TMO Daily Observations 2019-02-07
Dave Hamilton and Andrew Orr discuss iOS apps recording your screen and bid farewell to Safari’s Do Not Track option, with host Kelly Guimont.
iOS 12.2 Will Remove 'Do Not Track' Option
In the next update of iOS and macOS Apple will remove the Do Not Track option from Safari. This is okay.
Removed support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable.
Before I see a headline from Forbes titled “iOS 12.2 Has a Nasty Surprise” let me say that removing Do Not Track is good. It never did anything anyway because obeying it was completely voluntary. Which of course means that every website ignored it. And now it can be used to fingerprint your browser. Good riddance.
macOS 10.14.4 Brings Safari Automatic Dark Mode
macOS 10.14.4 will bring automatic Dark Mode to Safari. This means that if a website offers a dark theme, it will automatically be enabled.
Features Coming in iOS 12.2, Like Apple News in Canada
The first iOS 12.2 developer beta was released today, and we got a sneak peak into the features that will be coming.
Apple today released the first beta of iOS 12.2 for developers, and while it doesn’t bring as many new changes as we might have hoped for in a 12.x update, there are still quite a few minor tweaks to be aware of.
Some updates coming include Apple News for Canadian users, HomeKit TV Support, Safari search arrows, and more.
Long Press Shortcuts for iOS Safari
I’ve covered iOS 12 tips and tricks that you might have forgotten. Now I’d like to resurface a tip from 2017 about shortcuts for iOS Safari.
You might not know it, but Safari has some hidden shortcuts tucked behind some of the icons. This will let you perform certain actions a little faster, like quickly access the desktop version of a website, add a bookmark, and even close multiple tabs at once.
macOS: How to Use Keyboard Shortcuts to Open Bookmarks in Safari
Today’s Quick Tip is about Safari on the Mac and how you can use and adjust keyboard shortcuts to get to the sites you love. So if The Mac Observer is your favorite place (of course it is, right?), you can jump right here!
Experimental Safari Feature Supports USB Security Keys
In the experimental version of Safari Technology Preview, the browser adds support for USB security keys.
The MacBook is dead, Safari's new Do Not Track feature – TMO Daily Observations 2018-11-05
Andrew Orr and John Martellaro join host Kelly Guimont to discuss the future of the MacBook, and who (doesn’t) love Safari’s Do Not Track.