Apple Will Proxy Safe Browsing Traffic on iOS 14.5 To Hide User IPs from Google (zdnet.com) 97
Apple's upcoming iOS 14.5 release will ship with a feature that will re-route all Safari's Safe Browsing traffic through Apple-controlled proxy servers as a workaround to preserve user privacy and prevent Google from learning the IP addresses of iOS users. From a report: The new feature will work only when users activate the "Fraudulent Website Warning" option in the iOS Safari app settings. This enables support for Google's Safe Browsing technology in Safari. The Safe Browsing technology works by taking an URL the user is trying to access, sending the URL in an anonymized state to Google's Safe Browsing servers, where Google accesses the site and scans for threats. If malware, phishing forms, or other threats are found on the site, Google tells the user's Safari browser to block access to the site and show a fullscreen red warning. While years ago, when Google launched the Safe Browsing API, the company knew what sites a user was accessing; in recent years, Google has taken several steps to anonymize data sent from user's devices via the Safe Browsing feature. But while Google has anonymized URL strings, by sending the link in a cropped and hashed state, Google still sees the IP address from where a Safe Browsing check comes through. Apple's new feature basically takes all these Safe Browsing checks and passes them through an Apple-owned proxy server, making all requests appear as coming from the same IP address.
No worries (Score:1)
Re: (Score:2)
I guess you dont know how browsers work on iOS then, do ya?
Re: (Score:2)
I guess you dont know how browsers work on iOS then, do ya?
That's "only" the web rendering engine - things like this (safe browsing checks), password sync, history (and sync, if the browser supports it), ad blocking, bookmark sync, UI are different between browsers.
Re: (Score:1, Offtopic)
Re:No worries (Score:5, Interesting)
Content Filtering API is also crippled in third party browsers, preventing Firefox from utilising the same filters which you can implement for Safari by downloading appropriate apps. This same issue applies to Edge, where its uBlock Origin integration blows as a result of flawed APIs. I'm all in favour of preventing the use of third party rendering engines to keep the OS lean and efficient but these deliberately coded flaws don't make Firefox a worse browser, they just make iOS a worse OS.
Re: (Score:2)
I'm tired of Google and Apple making the smartphone OS less flexible than PC OSs. Want to keep most people secure? Just set the default to the safe option but also users to toggle that. That's what Google does with the option of installing apps from outside Google Play in Android and I think it's a good compromise
Re: (Score:2)
EdgeHTML - powers my Start Menu search facilities, Microsoft Store, OOBE wizards and UWP software
Trident (IE) - used by Windows Help, PowerShell, Word, MS Outlook and many other apps indirectly
Blink - used by the new Microsoft Edge as it is a fork of Chromium, tracking Google Chrome
QtWebEngine - many Qt apps use this to pull website contents. Powers parts of TeamViewer and OneDrive apps
Webk
Re: (Score:2)
Don't know about iOS, but Firefox is my daily driver on Android. Among other things, it supports webextensions [mozilla.org]. As a matter of policy, Apple forbids any web browser from doing that, or doing anything else that would make safari look like the new IE6 piece of shit that it really is.
Although there are extensions out there for password managers, I tend to find that native android password manager apps integrate fine with firefox. Either way, you aren't stuck with any one password manager. Though personally I r
Re: (Score:2)
Preserve your privacy! (Score:5, Insightful)
By telling US everything you do, not that other slob!
Re: (Score:2)
What's one of the better VPN's available out there these days?
How is ExpressVPN in your opinion?
Looking for advice pro/con on the available ones out there for privacy from, well....everyone.
Re: (Score:2)
Goodness...what a cool suggestion.
Would you have any links on how to set this all up?
Thank you in advance!!
Re: Preserve your privacy! (Score:2)
https://www.comparitech.com/bl... [comparitech.com]
Re: (Score:2)
Re: Preserve your privacy! (Score:2)
Try the PirateBay guys' VPN:
https://njal.la/ [njal.la]
For them it's not just a business. It's personal! :)
I think you'd be hard-pressed to find any VPN that you can be more confident in.
Re: Preserve your privacy! (Score:1)
Upon looking deeper, it seems they are currently transitioning their VPN from old tech to new, better tech, and merging with their DNS tech, as it makes no sense running them separately with so much overlap.
Also, their old name, ipredator.se, was a fitting inside joke at the time when they were new (see blog), but clearly wasn't the best choice. :D
Re: (Score:2)
at least when you're dealing with one of the guys that isn't in jail.
Or already cooperating.
Or . . .
Re: (Score:2)
"How is ExpressVPN in your opinion?"
I use it on 5 machines and it works flawlessly. I download a couple of hundred gigs of torrents each month, fast as hell.
Re:Preserve your privacy! (Score:5, Insightful)
By telling US everything you do, not that other slob!
If you wish to trust no one, you know where the power button is.
Turn it off, to match your trust level.
Re: (Score:2)
Why not ...
https://gizmodo.com/give-your-... [gizmodo.com]
What could possibly go wrong?
Re: (Score:3)
You also get to enjoy solving many more captchas, thanks to sharing an IP address with thousands of other people.
Re: (Score:2)
That shouldn't be the case. Chrome first ends the url you're trying to visit to its safe browsing API to determine if the site's been reported as unsafe. This request will be proxied via Apple so that Google can't associate all the urls you're trying to visit against your IP. Apple's concern is that every url visited by every Chrome browser can be logged against the user's source IP via the safe browsing api.
If the site is deemed safe by the API or if you decide to proceed anyways if the site was reported a
Re: (Score:2)
Safe browsing lookups are done locally. Chrome has a local database of known bad URLs, and updates them periodically. Lookups are done entirely locally.
Re: (Score:2)
They already control the browser, the OS, and have an always-on connection enabled for the delivery of push notifications. They already know your IP, they are already syncing bookmarks (and history?) for most users, and there’s really no need for them to proxy this traffic if what they’re after is that info.
If you’re already in that ecosystem, a shift like this is actually nothing but good, given that you’re cutting one more company out of that data.
Whose privacy? (Score:4, Insightful)
Certainly not mine. This just makes Apple that much larger a target, or perhaps, more conveniently, provides a centralized location against which government agencies can direct their effort.
Must we learn the same lesson again and again, that centralized services provide neither safety nor security?
Re: Whose privacy? (Score:5, Insightful)
Which centralized service do you prefer - Google which monetizes your activity or Apple which does not? Or do you have some other alternative?
Re: (Score:2)
Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.
Re: (Score:2)
Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.
You mean the commercial service Google charges for?
https://cloud.google.com/web-r... [google.com]
Re: Whose privacy? (Score:5, Insightful)
Who cares? (Score:4, Informative)
This looks like a PR move and nothing more. Who wants to bet the Apple-owned proxy server is hosted using Google Cloud?
I love what Apple is doing to stand up for the rights of ordinary users who know no better but I'm not sure what they gain from this?
Re: (Score:2)
IP addresses don’t necessarily change as often as you might think. Without even paying for an IP address, I’ve seen my home address retain the same WAN IPv4 address for years at a time.
Moreover, even if they were changing each night, you can easily link IP address back to device identifiers like cookies or IDFAs, including doing so retroactively, at which point they know who you are. And while you are correct about the final hash resolution being done client-side, if your address isn’t cha
Re: Who cares? (Score:1)
Re: (Score:2)
Also, since dynamic IPs are a thing on IPv4 residential lines and IPv6 randomises addresses on a regular basis anyway through Privacy Extensions, home users are fine anyway.
The IPv6 Privacy Extensions only randomizes the part of the IP address which would otherwise be determined by the Ethernet MAC, so it is no more private than using IPv4 NAT. What this does accomplish is hide which IPv6 addresses on the subnet are populated preventing searches.
Re: (Score:3)
Instead of "safe browsing", maybe Apple could just harden their browser against security vulnerabilities. It would be a bit less effort than playing whack-a-mole with every possible piece of malware out there. I know, I know, they'd have to disable Flash (the horror!) and JavaScript (which apparently no website can live without these days... but that's a different rant).
The fact that Apple is doing this is significant: they've effectively given up on the security of their platform, and have outsourced i
Re: (Score:1)
Don't know under which rock you've been living for the past 14 years, but iOS has *never* supported Flash, and it's never been available on Safari for iOS since the iPhone introduction.
That alone makes all you rant completely worthless.
Oh, by the way, did anyone told you that javascript is enabled by default by *every* single browser out there, on *every* single platform ?
Re: (Score:2)
Government
How is Apple a target? (Score:2)
his just makes Apple that much larger a target
Apple wouldn't be storing your requests, just forwarding them on.... Google is.
How exactly would you "Target Apple' more than you would Google? It doesn't increase targeting ability at all, and in fact reduces the footprint of potential targeting since the data that Google stores about the request, is now unrelated to you and also can't be tied back to you through other browsing.
Re: (Score:2, Insightful)
Not relative to Google, per se, but anyone who wants to snoop on any given Apple user can just hack Apple's servers, rather than having to target each Apple user individually. It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity. If it was decentralized, they'd have to get warrants in every single jurisdiction, rather than just one. Worse, Apple could sell the data itself to law enforcement, circumventing the need fo
Re: (Score:2)
anyone who wants to snoop on any given Apple user can just hack Apple's servers
They can also "just hack Google's servers" which have approx the same level of security (Apple's probably somewhat better).
It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity.
And the same is true for Google so....
On the other hand, if local contractors were willing to sell their customer lists,
No.
So it has come to this (xkcd 1022) (Score:2)
While I do trust Apple more than Google, it's a problem that switching to Safe Browsing Mode routes all my requests through Apple. What about people using a VPN? There has to be a switch to disable the Apple proxy setting even when using Safe Browsing Mode.
Re: (Score:3)
What about people using a VPN?
What about them? You still need to trust the VPN provider, who is handling a lot more of your traffic than what we are talking about here. You could, of course, roll your own VPN, but unless you are a) routing a ton of traffic that isn't yours through it, or b) swapping the outbound interface IP very frequently, you really don't solve the problem.
Re: (Score:2)
Except the VPN provider doesn't know which device I'm using, doesn't have direct access to device IDs, etc.
Re: (Score:2)
And you know that because...?
Re: (Score:2)
Because OpenVPN is a thing? Wireguard is a thing? Source code is a thing?
Don't use closed, proprietary clients. Use the open source clients. Configure them as needed.
Re: (Score:2)
Re: So it has come to this (xkcd 1022) (Score:1)
Seriouly, what are you doing here if you have never even set up your own VPN?
Re: (Score:2)
Re: (Score:2)
You sure about that? Are you using their VPN app on your phone? You know the one that they all have that lets you choose the VPN outbound destination, sets up the tunnel for you with the phone OS, etc? Because if the answer is yes, they they COULD, if they wanted, have exactly that info.
And this is why you use OpenVPN on your phone, as well.
Re: (Score:2)
It's amazing that they're able to get the packets back to you without knowing anything about you.
Oh wait...
Sounds good but no (Score:2)
Simply not something that the maker of the device should have control of, no matter what the reason. Because it's a walled garden and the owner of the device doesn't have that level of control of their own device it falls on the manufacturer to "protect" the user. If a device is not in control of its OWNER, then device has malware on it.
Re: (Score:3)
So I take it you're using a PinePhone after having audited all the OS sources along with the SIM and LTE modem firmware.
Re: (Score:2)
Almost forgot about auditing the die masks used on all the silicon.
Re: Sounds good but no (Score:2)
This is a feature that users can turn on and off.
Re: (Score:2)
I guess you'll be shocked to learn that Android has had similar functionality for years then (not sure which flavors of Android have it enabled though, but its certainly something available on stock Android using a Pixel device). Connecting to an unknown accesspoint will VPN your traffic through Google to "protect" you from the baddies!
Re: (Score:2)
Re: (Score:2)
And you might start to realise: the browser does not know if you are using a VPN or not. ...
Does not matter if it is Chrome, IE or what ever
Re: (Score:2)
Re: (Score:2)
Could be that Chrome insists to use the google ones. 4.4.4.4 and 8.8.8.8 I think.
Why is the choice to trust apple or trust google? (Score:3)
Surely we should be at a stage of trust no-one, and our computing to be structured in such a way that we don't have to.
but oh.... surveillance and advertising go hand in hand.
Re: (Score:2)
The disciples of Fox Mulder have known this for nearly three decades now.
Re: Why is the choice to trust apple or trust goog (Score:1)
Doesn't that imply that they trust Mulder and thereby break their own rule? :D
Re: (Score:2)
The lone gunmen trusted Mulder only to the extent they'd let Frohike hang around that hot redhead, Scully.
Re: (Score:2)
Why is the choice to trust apple or trust google?
Well, it's a Google feature, so you either have to trust Google or trust a third party that is going to proxy the traffic for you if you want to use it, which you are of course not required to do.
Re: Why is the choice to trust apple or trust goog (Score:2)
Because the consumer market decided so. Is there a non android non Apple option for mobile devices? Old blackberries? Old windows phones? There are some Linux distros there but the app support is unknown or nonexistent.
Re: (Score:2)
Because it's not possible to communicate with trusting no one.
Things like TLS? Relies on certs issued by trusted companies.
Roll your own certs or your own keys? Still requires trusting your OS, hardware, and the other device's hardware and OS to set up. As well as the path between them.
Truly "trust no one" isn't possible if you still want to communicate. Someone will always end up as the root of trust, and unless you have your own chip fab, it isn't you.
meet the new boss (Score:2)
OK so security today is to just trust that (Score:2)
Apple says... (Score:2)
All your data are belong to us.
what is old is new again (Score:2)
Re: Google retaliates 3...2..1 (Score:2)
It's not even necessarily retaliation. One of the few legitimate uses for tracking is to verify users aren't bots. If you disable cookies - for example - you will start seeing "I'm not a robot" forms all over the Internet.
I feel much safer! (Score:2)
Re: (Score:2)
So giant corporation Apple (who charges me lots more for their hardware) will get all my info instead of giant corporation Google that relies upon my data for its advertising revenue?
Pay upfront and go with Apple
OR
PAYG and let Google know about that present for your mistress that you browsed for?
Which is it to be eh?
Your choice.
Re: I feel much safer! (Score:1)
Re: (Score:2)
I've not seen any ads on my iPhone or iPad other than those presented by the likes of YouTube. I block all ads on my MacBook Pro so there, the issue is moot.
So-called 'targetted Ads' are ATM a total waste of time. I get emails from Amazon with [cough][cough] suggestions for my reading. Currently, they seem to think that I am having a baby or living with someone who is having a baby. My Eldest son is 30 this year and I've never looked for anything related to babies on Amazon yet...
Oh... and I have not bought
Irrelevant (Score:2)
Re: (Score:1)
Re: (Score:2)
Think about what we're trying to do (Score:2)
"Is hot bitches 69 a safe site?"
"Is hot bitches 70 a safe site?"
"Is hot bitches 71 a safe site?"
"Hey, you're not telling anyone I'm into hot bitches, are you?"
Another attempt at "deciding" what good. (Score:2)
Re: (Score:2)
Ordinary ppl do not know what a VPN is - hence they can not use one.
I like it. (Score:1)