Google engineers said a tool Apple developed to help users avoid Web tracking is fundamentally flawed and creates more problems than it solves.
The Intelligent Tracking Prevention feature on Apple’s Safari Web browser, which is meant to block tracking software used by digital advertisers, can be abused to do the exact opposite, according to a paper released on Wednesday by Google researchers. Google told Apple about the problem in August, and in December the iPhone maker published a blog post saying it had fixed the issues and thanking Google for its help.
But Wednesday’s paper concluded that the problems go beyond the issues that Apple addressed. Instead of making a big list of cookies to block, Apple’s ITP continuously learns what websites users visit and which kinds of cookies try to hitch a ride. Over time, this creates unique cookie-blocking algorithms for each Web surfer that can be used to identify and track them, according to the paper.
“I can assure you that they still haven’t fixed these issues,” Justin Schuh, engineering director for Google’s Chrome browser, said on Twitter. Apple’s December blog post “didn’t disclose the vulnerabilities or appropriately credit the researchers”, he added. Apple said the bugs mentioned in the report were patched in December, but declined to comment further.
This isn’t the first time the two tech giants have clashed over privacy. Apple CEO Tim Cook has criticised Internet companies for collecting too much personal information, and last year Google researchers reported a two-year-long vulnerability in the iPhone maker’s software.
Google’s Chrome and Apple’s Safari are two of the most popular Web browsers, with Chrome used by more people overall but Safari dominating on iPhones. Apple has been touting Safari privacy features to persuade more consumers to use it. Apple first introduced Intelligent Tracking Prevention in 2017. The tool targets cookies, bits of code that let marketers follow people around the Web and send them targeted ads.
Google refused to block cookies for years, arguing that targeted ads help publishers and keep the Internet free. But last week, the Internet giant said it would eventually phase them out, setting off a race among advertisers to adapt.
Privacy advocates have lauded Apple’s approach to tracking, and criticised Google for taking so long to do the same. But the paper suggests Apple may have to go back to the drawing board to find a new way to block tracking.
“This bug is quite counter-intuitive, but rather very serious,” said Lukasz Olejnik, an independent cybersecurity researcher. — Reported by Gerrit De Vynck, (c) 2020 Bloomberg LP