Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
IOS Privacy Apple Technology

Apple Will Proxy Safe Browsing Traffic on iOS 14.5 To Hide User IPs from Google (zdnet.com) 97

Apple's upcoming iOS 14.5 release will ship with a feature that will re-route all Safari's Safe Browsing traffic through Apple-controlled proxy servers as a workaround to preserve user privacy and prevent Google from learning the IP addresses of iOS users. From a report: The new feature will work only when users activate the "Fraudulent Website Warning" option in the iOS Safari app settings. This enables support for Google's Safe Browsing technology in Safari. The Safe Browsing technology works by taking an URL the user is trying to access, sending the URL in an anonymized state to Google's Safe Browsing servers, where Google accesses the site and scans for threats. If malware, phishing forms, or other threats are found on the site, Google tells the user's Safari browser to block access to the site and show a fullscreen red warning. While years ago, when Google launched the Safe Browsing API, the company knew what sites a user was accessing; in recent years, Google has taken several steps to anonymize data sent from user's devices via the Safe Browsing feature. But while Google has anonymized URL strings, by sending the link in a cropped and hashed state, Google still sees the IP address from where a Safe Browsing check comes through. Apple's new feature basically takes all these Safe Browsing checks and passes them through an Apple-owned proxy server, making all requests appear as coming from the same IP address.
This discussion has been archived. No new comments can be posted.

Apple Will Proxy Safe Browsing Traffic on iOS 14.5 To Hide User IPs from Google

Comments Filter:
  • by Anonymous Coward
    Never use Safari anyway. FireFox all the way.
    • by darkain ( 749283 )

      I guess you dont know how browsers work on iOS then, do ya?

      • by teg ( 97890 )

        I guess you dont know how browsers work on iOS then, do ya?

        That's "only" the web rendering engine - things like this (safe browsing checks), password sync, history (and sync, if the browser supports it), ad blocking, bookmark sync, UI are different between browsers.

        • Re: (Score:1, Offtopic)

          by saloomy ( 2817221 )
          Those APIs they call are baked into the OS. Besides, Firefox blows next to Safari in recent releases. Safari is faster, and its features are fantastic. Reading view is bad ass, and works way better than the reader view in Firefox. Keychain integration (I know, this is an apple-only thing so not really fair), share dialogs, moving tabs between devices intuitively, and pulling pin codes from text messages for auto-filling 2FA checks is just bad ass (I know you have to have Messages / iPhone for this to work).
          • Re:No worries (Score:5, Interesting)

            by martynhare ( 7125343 ) on Friday February 12, 2021 @04:33PM (#61057414)
            A lot of it has to do with iOS API design flaws. iOS doesn't allow seamlessly adding new passwords via third party managers, only retrieving ones which are already there. This means that tools like LastPass and Keepassium are crippled relative to iCloud Keychain. Even if you want to use Apple's solution with Safari, you'll find that iCloud Keychain itself is a broken mess on macOS, not being able to export your passwords back out of it in a seamless fashion (Keychain Access won't export any more), with hacks based on AppleScript needed to do a dump of all passwords via Safari's UI instead.

            Content Filtering API is also crippled in third party browsers, preventing Firefox from utilising the same filters which you can implement for Safari by downloading appropriate apps. This same issue applies to Edge, where its uBlock Origin integration blows as a result of flawed APIs. I'm all in favour of preventing the use of third party rendering engines to keep the OS lean and efficient but these deliberately coded flaws don't make Firefox a worse browser, they just make iOS a worse OS.
            • Would you also be against allowing the user to use different browser engines in PC OS?
              I'm tired of Google and Apple making the smartphone OS less flexible than PC OSs. Want to keep most people secure? Just set the default to the safe option but also users to toggle that. That's what Google does with the option of installing apps from outside Google Play in Android and I think it's a good compromise
              • Here are the number of web browsing engines running on my Windows PC because developers, developers, developers:

                EdgeHTML - powers my Start Menu search facilities, Microsoft Store, OOBE wizards and UWP software
                Trident (IE) - used by Windows Help, PowerShell, Word, MS Outlook and many other apps indirectly
                Blink - used by the new Microsoft Edge as it is a fork of Chromium, tracking Google Chrome
                QtWebEngine - many Qt apps use this to pull website contents. Powers parts of TeamViewer and OneDrive apps
                Webk
          • Don't know about iOS, but Firefox is my daily driver on Android. Among other things, it supports webextensions [mozilla.org]. As a matter of policy, Apple forbids any web browser from doing that, or doing anything else that would make safari look like the new IE6 piece of shit that it really is.

            Although there are extensions out there for password managers, I tend to find that native android password manager apps integrate fine with firefox. Either way, you aren't stuck with any one password manager. Though personally I r

        • The rendering engine is the browser, all the other stuff are minor.
  • by lessSockMorePuppet ( 6778792 ) on Friday February 12, 2021 @03:16PM (#61057098) Homepage

    By telling US everything you do, not that other slob!

    • Hmm....brings to mind.

      What's one of the better VPN's available out there these days?

      How is ExpressVPN in your opinion?

      Looking for advice pro/con on the available ones out there for privacy from, well....everyone.

      • by Luthair ( 847766 )
        I think the trouble is that a VPN doesn't really provide you with much additional privacy, if you log into any website anywhere or use the same browser without a VPN then you're immediately de-anonymized. Plus the VPN provider themselves may be snoops.
      • Try the PirateBay guys' VPN:

        https://njal.la/ [njal.la]

        For them it's not just a business. It's personal!
        I think you'd be hard-pressed to find any VPN that you can be more confident in. :)

        • Upon looking deeper, it seems they are currently transitioning their VPN from old tech to new, better tech, and merging with their DNS tech, as it makes no sense running them separately with so much overlap.

          Also, their old name, ipredator.se, was a fitting inside joke at the time when they were new (see blog), but clearly wasn't the best choice. :D

        • by hawk ( 1151 )

          at least when you're dealing with one of the guys that isn't in jail.

          Or already cooperating.

          Or . . .

      • "How is ExpressVPN in your opinion?"

        I use it on 5 machines and it works flawlessly. I download a couple of hundred gigs of torrents each month, fast as hell.

    • by geekmux ( 1040042 ) on Friday February 12, 2021 @03:55PM (#61057256)

      By telling US everything you do, not that other slob!

      If you wish to trust no one, you know where the power button is.

      Turn it off, to match your trust level.

    • by vux984 ( 928602 )

      Why not ...

      https://gizmodo.com/give-your-... [gizmodo.com]

      What could possibly go wrong?

    • by AmiMoJo ( 196126 )

      You also get to enjoy solving many more captchas, thanks to sharing an IP address with thousands of other people.

      • by beuges ( 613130 )

        That shouldn't be the case. Chrome first ends the url you're trying to visit to its safe browsing API to determine if the site's been reported as unsafe. This request will be proxied via Apple so that Google can't associate all the urls you're trying to visit against your IP. Apple's concern is that every url visited by every Chrome browser can be logged against the user's source IP via the safe browsing api.

        If the site is deemed safe by the API or if you decide to proceed anyways if the site was reported a

        • by AmiMoJo ( 196126 )

          Safe browsing lookups are done locally. Chrome has a local database of known bad URLs, and updates them periodically. Lookups are done entirely locally.

    • They already control the browser, the OS, and have an always-on connection enabled for the delivery of push notifications. They already know your IP, they are already syncing bookmarks (and history?) for most users, and there’s really no need for them to proxy this traffic if what they’re after is that info.

      If you’re already in that ecosystem, a shift like this is actually nothing but good, given that you’re cutting one more company out of that data.

  • Whose privacy? (Score:4, Insightful)

    by gillbates ( 106458 ) on Friday February 12, 2021 @03:16PM (#61057102) Homepage Journal

    Certainly not mine. This just makes Apple that much larger a target, or perhaps, more conveniently, provides a centralized location against which government agencies can direct their effort.

    Must we learn the same lesson again and again, that centralized services provide neither safety nor security?

    • Re: Whose privacy? (Score:5, Insightful)

      by djp2204 ( 713741 ) on Friday February 12, 2021 @03:20PM (#61057126)

      Which centralized service do you prefer - Google which monetizes your activity or Apple which does not? Or do you have some other alternative?

      • by bws111 ( 1216812 )

        Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.

        • Basically this is Apple expecting Google to do all the actual work and not get paid for it, while Apple just reaps the benefits. Hopefully Google will just block Apple from using the service.

          You mean the commercial service Google charges for?

          https://cloud.google.com/web-r... [google.com]

      • Re: Whose privacy? (Score:5, Insightful)

        by Luthair ( 847766 ) on Friday February 12, 2021 @04:09PM (#61057310)
        Not all your traffic is routed through Google. I think a simpler and better solution would be for Apple to simply improve adblocking in Safari on iOS.
      • Who cares? (Score:4, Informative)

        by martynhare ( 7125343 ) on Friday February 12, 2021 @04:13PM (#61057322)
        The Safe Browsing API has the browser send a partial hash which returns a list for full matching in private on the client-side. Google doesn't get any useful info to monetise here. Also, since dynamic IPs are a thing on IPv4 residential lines and IPv6 randomises addresses on a regular basis anyway through Privacy Extensions, home users are fine anyway.

        This looks like a PR move and nothing more. Who wants to bet the Apple-owned proxy server is hosted using Google Cloud?

        I love what Apple is doing to stand up for the rights of ordinary users who know no better but I'm not sure what they gain from this?
        • IP addresses don’t necessarily change as often as you might think. Without even paying for an IP address, I’ve seen my home address retain the same WAN IPv4 address for years at a time.

          Moreover, even if they were changing each night, you can easily link IP address back to device identifiers like cookies or IDFAs, including doing so retroactively, at which point they know who you are. And while you are correct about the final hash resolution being done client-side, if your address isn’t cha

        • So instead of Google monetizing you, you get apl monetizing you. How is this any better? Oh? Did you not expect them to use the advertising id with their advertising service?
        • by Agripa ( 139780 )

          Also, since dynamic IPs are a thing on IPv4 residential lines and IPv6 randomises addresses on a regular basis anyway through Privacy Extensions, home users are fine anyway.

          The IPv6 Privacy Extensions only randomizes the part of the IP address which would otherwise be determined by the Ethernet MAC, so it is no more private than using IPv4 NAT. What this does accomplish is hide which IPv6 addresses on the subnet are populated preventing searches.

      • Instead of "safe browsing", maybe Apple could just harden their browser against security vulnerabilities. It would be a bit less effort than playing whack-a-mole with every possible piece of malware out there. I know, I know, they'd have to disable Flash (the horror!) and JavaScript (which apparently no website can live without these days... but that's a different rant).

        The fact that Apple is doing this is significant: they've effectively given up on the security of their platform, and have outsourced i

        • "They'd have to disable Flash" ?

          Don't know under which rock you've been living for the past 14 years, but iOS has *never* supported Flash, and it's never been available on Safari for iOS since the iPhone introduction.

          That alone makes all you rant completely worthless.

          Oh, by the way, did anyone told you that javascript is enabled by default by *every* single browser out there, on *every* single platform ?
    • his just makes Apple that much larger a target

      Apple wouldn't be storing your requests, just forwarding them on.... Google is.

      How exactly would you "Target Apple' more than you would Google? It doesn't increase targeting ability at all, and in fact reduces the footprint of potential targeting since the data that Google stores about the request, is now unrelated to you and also can't be tied back to you through other browsing.

      • Re: (Score:2, Insightful)

        by gillbates ( 106458 )

        Not relative to Google, per se, but anyone who wants to snoop on any given Apple user can just hack Apple's servers, rather than having to target each Apple user individually. It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity. If it was decentralized, they'd have to get warrants in every single jurisdiction, rather than just one. Worse, Apple could sell the data itself to law enforcement, circumventing the need fo

        • anyone who wants to snoop on any given Apple user can just hack Apple's servers

          They can also "just hack Google's servers" which have approx the same level of security (Apple's probably somewhat better).

          It also means that law enforcement can more easily perform "fishing expeditions" because all Apple user traffic goes through a single entity.

          And the same is true for Google so....

          On the other hand, if local contractors were willing to sell their customer lists,

          No.

  • While I do trust Apple more than Google, it's a problem that switching to Safe Browsing Mode routes all my requests through Apple. What about people using a VPN? There has to be a switch to disable the Apple proxy setting even when using Safe Browsing Mode.

    • by EvilSS ( 557649 )

      What about people using a VPN?

      What about them? You still need to trust the VPN provider, who is handling a lot more of your traffic than what we are talking about here. You could, of course, roll your own VPN, but unless you are a) routing a ton of traffic that isn't yours through it, or b) swapping the outbound interface IP very frequently, you really don't solve the problem.

      • Except the VPN provider doesn't know which device I'm using, doesn't have direct access to device IDs, etc.

        • And you know that because...?

        • by EvilSS ( 557649 )
          You sure about that? Are you using their VPN app on your phone? You know the one that they all have that lets you choose the VPN outbound destination, sets up the tunnel for you with the phone OS, etc? Because if the answer is yes, they they COULD, if they wanted, have exactly that info.
          • You sure about that? Are you using their VPN app on your phone? You know the one that they all have that lets you choose the VPN outbound destination, sets up the tunnel for you with the phone OS, etc? Because if the answer is yes, they they COULD, if they wanted, have exactly that info.

            And this is why you use OpenVPN on your phone, as well.

        • It's amazing that they're able to get the packets back to you without knowing anything about you.

          Oh wait...

  • Simply not something that the maker of the device should have control of, no matter what the reason. Because it's a walled garden and the owner of the device doesn't have that level of control of their own device it falls on the manufacturer to "protect" the user. If a device is not in control of its OWNER, then device has malware on it.

    • So I take it you're using a PinePhone after having audited all the OS sources along with the SIM and LTE modem firmware.

    • This is a feature that users can turn on and off.

    • by darkain ( 749283 )

      I guess you'll be shocked to learn that Android has had similar functionality for years then (not sure which flavors of Android have it enabled though, but its certainly something available on stock Android using a Pixel device). Connecting to an unknown accesspoint will VPN your traffic through Google to "protect" you from the baddies!

      • You mgiht want to search how broken Chrome is via VPN on say some linux distros, like Ubuntu.
        • And you might start to realise: the browser does not know if you are using a VPN or not.
          Does not matter if it is Chrome, IE or what ever ...

          • Perhaps not actively but behavious wise Chrome is very much broken. If you connect to a VPN, all dns from the connection will fail to resolve, because C fails to "reload" the updated dns servers.
  • Surely we should be at a stage of trust no-one, and our computing to be structured in such a way that we don't have to.

    but oh.... surveillance and advertising go hand in hand.

    • Surely we should be at a stage of trust no-one

      The disciples of Fox Mulder have known this for nearly three decades now.

    • by EvilSS ( 557649 )

      Why is the choice to trust apple or trust google?

      Well, it's a Google feature, so you either have to trust Google or trust a third party that is going to proxy the traffic for you if you want to use it, which you are of course not required to do.

    • Because the consumer market decided so. Is there a non android non Apple option for mobile devices? Old blackberries? Old windows phones? There are some Linux distros there but the app support is unknown or nonexistent.

    • Because it's not possible to communicate with trusting no one.

      Things like TLS? Relies on certs issued by trusted companies.
      Roll your own certs or your own keys? Still requires trusting your OS, hardware, and the other device's hardware and OS to set up. As well as the path between them.

      Truly "trust no one" isn't possible if you still want to communicate. Someone will always end up as the root of trust, and unless you have your own chip fab, it isn't you.

  • same as the old boss.
  • big tech is protecting your privacy and your information from? Well Big Tech! OK got it!
  • All your data are belong to us.

  • Opera browser anyone?
  • So giant corporation Apple will get all my info instead of giant corporation Google? Hallelujah!!!
    • So giant corporation Apple (who charges me lots more for their hardware) will get all my info instead of giant corporation Google that relies upon my data for its advertising revenue?

      Pay upfront and go with Apple
      OR
      PAYG and let Google know about that present for your mistress that you browsed for?

      Which is it to be eh?
      Your choice.

      • So you're saying Apl has no advertising revenue? You might want to look at their balance sheet again. Classic case of misdirection which they're a master of. 'Getting rid of iads' simply meant they're getting rid of the name. They're still selling advertising. So unless you think apl is inferior to Google, you can bet they're using your information
        • I've not seen any ads on my iPhone or iPad other than those presented by the likes of YouTube. I block all ads on my MacBook Pro so there, the issue is moot.

          So-called 'targetted Ads' are ATM a total waste of time. I get emails from Amazon with [cough][cough] suggestions for my reading. Currently, they seem to think that I am having a baby or living with someone who is having a baby. My Eldest son is 30 this year and I've never looked for anything related to babies on Amazon yet...
          Oh... and I have not bought

  • Hasnt anybody learnt that Google doesnt care about long term things. A short session is more than enough for them to build a profile (even if its rather poor) to sell ads. Thats why they popularised incognito. Thats their business, nothing is long term its allways short, just like Stadia will die soon.
  • "Is hot bitches 69 a safe site?"

    "Is hot bitches 70 a safe site?"

    "Is hot bitches 71 a safe site?"

    "Hey, you're not telling anyone I'm into hot bitches, are you?"

  • Are you not tired of this BS ? If a user want to hide their IP, they can use a VPN. We do not need to bend over and provide all our personal information and meta data to apple ? What in the actual f... is this ? When will the intrusion of Apple, trying to snatch people's identity and control it like Facebook does will STOP ? They aren't any better than Google or Facebook, they just do the same, the difference people will say is that apple supposedly is not reselling the data ; Of course it isn't, it doesn'
  • Anything that makes it easier for me to have my Netflix account billed at Turkish rates is a step in the right direction as far as I'm concerned.

According to the latest official figures, 43% of all statistics are totally worthless.

Working...