Great, for Apple users, but what about Android users?
So, those of us, who are not Apple Hipster's and Actually own unlocked Android Phones w/vanilla Android, are just shouting in the wind?
Apple's forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google's Safe Browsing service, integrated into Safari to spot fraudulent websites. On Wednesday, Maciej Stachowiak, head of WebKit engineering at Apple, confirmed the change via Twitter, stating that "in the new iOS …
This. I read it the same way but apparently it is passing over most people's heads.
On Wednesday, Maciej Stachowiak, head of WebKit engineering at Apple, confirmed the change via Twitter, stating that "in the new iOS beta, Safari does indeed PROXY the service via Apple servers to limit the risk of information leak." (emphasis mine)
It didn't say "replace [with pseudo]", it said "proxy the service via Apple servers". It's there in black and white.
Google doesn't get your info. But Apple sure does. Even whilst not using an Apple browser.
Read your fine print carefully, boys.
A partial hash match relative to the URL you are accessing by implementing this measure. Considering they have iCloud access to your browsing history anyway, this move doesn’t give them any more access to your private data than they had before but does stop Google getting partial match info based on your IP.
Honestly, this change doesn’t improve privacy in any massive way but it doesn’t harm it in any way either.
"Google doesn't get your info. But Apple sure does."
But - unless they are about to make some radical direction and policy changes - Apple's business model is all about selling the Apple brand. They don't care if you spend half your time looking at lingerie (unless they're planning to release the "iBra" sometime soon) - they just care that you stay within their ecosystem where possible.
Google, on the other hand...
Lesser of two evils, I'm afraid. Although I'm still going to continue using Brave on my iPhone.
Yes, Khaptain, but phones. On a PC I can run Linux from a non-persistent thumb drive and set up a signal chain that looks like ISP-->VPN-->Tor-->DNScrypt, then run locked-down Firefox on same. And I do, for casual browsing. But it seems to me that iPhones and manufacturer-standard Android phones are owned by Apple or manufacturer+Google, respectively, and not by the individual who bought the phone -- that is to say, the software on the phone records what its masters tell it to, and the user can't stop it.
But actually, I am iggnerant about phones. Enlightenment sought. Can a personal phone (not a burner) be made equivalently secure?
"Can a personal phone (not a burner) be made equivalently secure?"
Yes, if you're willing to go to quite extreme lengths, including buying only a specific subset of available phones, hacking bootloaders to let you in, and the like. Some steps don't require it, but some do. I'll take each in turn:
"I can run Linux from a non-persistent thumb drive": This one's hard. Even when a phone supports a custom image, it's a persistent one. Very few phones support an easy non-persistent system. A few exist, all designed for Linux mobile distros, but those are a little rough and don't support everything, so unless you want to hack around with them you likely aren't buying them. If you're using a more normal Android device, your best chance is to backup an image, use the current one, then manually erase and reflash the old one back on. That can take half an hour and requires manual intervention.
"and set up a signal chain that looks like ISP-->VPN-->Tor-->DNScrypt,": This one's easier. Android supports VPN, and most providers will have a client. OpenVPN is one of them in case you're running your own. If Tor is configured on your VPN endpoint, that will work fine. I think any on-device Tor client that works on all Android traffic would conflict with your VPN configuration, but you do have the Tor Browser available in case you can't make your endpoint run the circuits for you.
"then run locked-down Firefox on same.": There is Firefox for Android, or the Tor Browser which is based on it, or a few other options. Locking those down is possible.
The harder part is limiting software placed on the device. With effort, you can find and disable or uninstall some of the stuff, but it's not always possible to determine what everything is or what it's doing. That's why, if you want certainty, you have to get a customized Android or Linux variant. The unfortunate part is that many phones simply will not let you install one, and those which are open enough may not be supported. If you're willing to recompile kernels and the like, then you can get closer to the goal, but that takes time and expertise.
Depends. People also use the general term "Android" to refer to devices which are derived from the same code as Android (aosp), but are not offically Android (in the "trademark license from Google" sense) and have no Google services by default - eg. LineageOS.
Well then so long as you aren't dumb enough to choose Chrome as your browser in your non-Googly Android install you don't have to worry about Google getting your information (well other than all the trackers and ads Google has on pretty much every website in the world)
This is not true.
There are numerous flaws with LineageOS, such as defaulting to google DNS and sending your location and IP address to google A-GPS (assisted GPS) servers every time you use an app that uses location, including the camera. They get your latitude and longitude every time. There are numerous other google services active on LineageOS.
LineageOS is not a privacy focused OS for android hardware phones.
well... not exactly trust as such, but... it seems like Google want to sell information about you to their advertisers so they can target you with ever more specific stuff. Apple are more interested in selling _you_ stuff. Everyone gets a choice over which they prefer, or neither.
You've really not thought this through, have you?
Any website that you visit gets your IP address. It's just that, with Google's safe browsing, Google gets EVERY website and the originating IP address
Now, with Apple's change, Google don't get any of this. Apple don't get any of this... And last time I checked, Applewasn't in the business of targetted ads
Yes, it comes down to this:
If you trust Apple, then you aren't worried they will collect and misuse your IP address information from this service.
If you do not trust Apple, potential abuse of this service doesn't matter because they could collect a LOT more information directly from Safari itself.
Why do they think that proxying a connection is a security improvement ? Just means that they can listen in on any web sessions being carried out (particularly if MITMing the connection) - and that is quite apart from slowing down the user experience as well, whilst you wait for the traffic to go to and from Apple's services ...
No different to believing that your public service VPN company isn't also tracking and monitoring everything you do. If you aren't in control, it's not "secure" ...
Well yes they're MITM. But unless they stick a cert on my device they're not going to see anything useful beyond the first few packets of metadata as it's all pretty much encrypted.
And even if I was dumb enough to allow Apple to decrypt my data, cert pinning, client certs and the like knock a whole lot of other stuff out for the potential decryptor.
If It's Apple doing the MITM - they own the browser and the device. They can put whatever certificates they like in to the system, suppress warnings on their "special" certificates, and the average user wouldn't notice.
Thats the truly scary bit. But hey - it's shiny
If a public VPN provider is MITMing the connection, it's the same scenario as the user has just installed the VPN app, and probably ignored the permissions required (which will include the certs etc). Apart from tin foil hat scenarios, the only real reason to use these is to bypass regional restrictions - laudible in a few situations, but only a few ...
As I understand it, they are not proxying the web connection, just the Safe Browsing lookup.
If not, that would certainly be a very serious issue. I do trust Apple much more than Google (they have much more to lose as I pay them real money for things) but not so much I would allow them to proxy my web browsing.
That's not the way it works. Apple don't MITM the browser connection to a website for the purpose of checking a website's safety.
Rather, iDevice will ask Apple to check the safety of the requested website on the user's behalf before a connection to the website is made. Apple will, in turn, make use of Google's API to do that check, without divulging the iDevice IP address to Google.
The result will be yay or nay, and that happens before a connection is subsequently opened to the requested website.
Nothing to MITM. They can't listen in on your session data with this mechanism.
Apple servers would, of course, have the *potential* to correlate an iDevice with websites that the iDevice visits, and log that information for years on end. You know, the kind of thing that Google does.
Apple has no interest in doing that. It's not their business model. You can bet your bottom dollar that the validation data is hashed, scrambled and disposed of so that it doesn't leak beyond the validation service itself.
And if your tinfoil hat is flapping in the wind, you can just turn the feature off in settings.
Personally, I would much rather that Apple perform safety checks on my behalf than have my iDevice ask Google to do it directly.
If they don't trust the API they can just blacklist and provide their own use someone else's they think is better. If they think the service is good then they can contract with Google to formally restrict the use of personally identifiable data or improve the API. And they can also make sure IPv6 privacy extensions are running to limit the usefulness of any harvested data.
If you assume Apple is collecting data, why would proxying the safe browsing make any difference? They control the OS and the browser, which has a LOT more data than just IP addresses.
And exactly what "logs" do you think every data center will be maintaining? If you think there is anyone logging the last 24 hours of every web access that passes through a major internet exchange, you have no idea of the scale of data that would be. Even China isn't going to be able to do that (for internal only data)
If this service got pwned, someone would get access to IP addresses of safe browsing queries. Oh noes!
Who would you rather have get their hands on this data, some hackers who can do nothing with just your IP address and a one way hash of the URL you're visiting, or Google who almost certainly has a massive mountain of data on you from thousands of sources both online and in meatspace they can correlate it against?
There's also a risk of Google's service getting pwned, and since proxy software is simpler it is probably less likely of the two for that to happen.
You guys in Britain are a bit behind the times. Apple released 10.4.6 a bit ago. BUT notice it only works on Safari, and most users have gone to a better browser. Apple should get Safari to work better. Been a long time since Safari worked correctly on some of my banking sites.
Biting the hand that feeds IT © 1998–2021