Friday, February 17, 2012

Safari's anti-tracking default does have a loophole

The Wall Street Journal reported Friday (Feb. 17) that Google used a “back door” to get around Safari’s anti-tracking feature (by default) in some situations. WSJ offers a video, and Wired offers a technical explanation here, using a fun metaphor of the "hand in the cookie jar".

Much of this has to do with the fact that Safari is the only major browser to block third-party cookies by default.  But Safari has a “loophole” that allows third party cookies if it thinks the user is filling out an e-form (as to send email).  Safari is dominant in the mobile world but has only 6% of the desktop market.

Is this of practical importance?  Probably not to most users, but any security hole could be exploited against a party that someone wants to target.  So to a small minority of users the loophole on desktops might be significant.

Some media reports say that the problem has affected only iPhone users, but they also point out that there is still no comprehensive federal Internet privacy law. 

I had some trouble with Safari recently on my MacBook because of a bad gadget in one blog (which would cause Safari to freeze and have to be stopped, with dump).  An upgrade to a new release fixed it (just resetting Safari didn’t).  The problem did not occur on Windows, but Kaspersky had given a warning about the gadget (McAfee and Webroot had not).

I also have Safari on one Windows machine, and it is faster than Firefox or IE, about like Chrome. 

(Pictures: had an upload problem today, now seems fixed.  I also had a problem when a cleaning service cleaned the stove.  It didn't work.  I had to read the manual and figure it out.  Took 20 minutes.)

Don't be evil!

No comments: