Google researchers disclose multiple privacy flaws in Apple’s Intelligent Tracking Prevention Safari Feature

Google researchers have discovered multiple security flaws in Apple’s Safari web browser that let users’ browsing habits be tracked despite Apple’s Intelligent Tracking Prevention feature.

The report from the Financial Times cites a soon-to-be-released paper in which researchers from Google’s cloud team explain the vulnerabilities. According to the report, Google researchers have identified five different attacks that could result from the security flaws in Safari.

Google researchers say that Safari left personal data exposed because the Intelligent Tracking Prevention List “implicitly stores information about the websites visited by the user.” Malicious entities could use these flaws to create a “persistent fingerprint” that would follow a user around the web or see what individual users were searching for on search engine pages.

Intelligent Tracking Prevention, which Apple began implementing in 2017, is a privacy-focused feature meant to make it harder for sites to track users across the web, preventing browsing profiles and histories from being created.

Google made Apple aware of these vulnerabilities in August of last year, and the Financial Times says Apple rolled out a fix to Safari’s Intelligent Tracking Prevention feature in December. Apple referenced the fixes in a blog post in December, thanking Google for the help.