back to article Apple iOS 14.5 will hide Safari users' IP addresses from Google's Safe Browsing

Apple's forthcoming iOS 14.5 release, currently in beta, will conceal the IP address of Safari web surfers from Google's Safe Browsing service, integrated into Safari to spot fraudulent websites. On Wednesday, Maciej Stachowiak, head of WebKit engineering at Apple, confirmed the change via Twitter, stating that "in the new iOS …

  1. Anonymous Coward
    Anonymous Coward

    Great, for Apple users, but what about Android users?

    So, those of us, who are not Apple Hipster's and Actually own unlocked Android Phones w/vanilla Android, are just shouting in the wind?

    1. Anonymous Coward
      Anonymous Coward

      Re: Great, for Apple users, but what about Android users?

      Rest assured, the world is listening, or at least collecting.

      1. Hubert Cumberdale Silver badge

        Re: Great, for Apple users, but what about Android users?

        In this case – unless I read it wrong – what's happening now is that Apple gets your data instead of Google.

        1. Snake Silver badge

          Re: Apple getting your data

          This. I read it the same way but apparently it is passing over most people's heads.

          On Wednesday, Maciej Stachowiak, head of WebKit engineering at Apple, confirmed the change via Twitter, stating that "in the new iOS beta, Safari does indeed PROXY the service via Apple servers to limit the risk of information leak." (emphasis mine)

          It didn't say "replace [with pseudo]", it said "proxy the service via Apple servers". It's there in black and white.

          Google doesn't get your info. But Apple sure does. Even whilst not using an Apple browser.

          Read your fine print carefully, boys.

          1. needmorehare

            Apple gets...

            A partial hash match relative to the URL you are accessing by implementing this measure. Considering they have iCloud access to your browsing history anyway, this move doesn’t give them any more access to your private data than they had before but does stop Google getting partial match info based on your IP.

            Honestly, this change doesn’t improve privacy in any massive way but it doesn’t harm it in any way either.

          2. RyokuMas
            Stop

            Re: Apple getting your data

            "Google doesn't get your info. But Apple sure does."

            But - unless they are about to make some radical direction and policy changes - Apple's business model is all about selling the Apple brand. They don't care if you spend half your time looking at lingerie (unless they're planning to release the "iBra" sometime soon) - they just care that you stay within their ecosystem where possible.

            Google, on the other hand...

            Lesser of two evils, I'm afraid. Although I'm still going to continue using Brave on my iPhone.

    2. Khaptain Silver badge

      Re: Great, for Apple users, but what about Android users?

      VPN and The Onion and Using your neighbours Wireless along with a burner phone...

      Life's great when you're wearing a tinfoil hat...

      Just don't forget the Google is not Evil...... Gnargh Gnargh gnargh

      1. Palpy

        Re: Tor, DNSCrypt, etc.

        Yes, Khaptain, but phones. On a PC I can run Linux from a non-persistent thumb drive and set up a signal chain that looks like ISP-->VPN-->Tor-->DNScrypt, then run locked-down Firefox on same. And I do, for casual browsing. But it seems to me that iPhones and manufacturer-standard Android phones are owned by Apple or manufacturer+Google, respectively, and not by the individual who bought the phone -- that is to say, the software on the phone records what its masters tell it to, and the user can't stop it.

        But actually, I am iggnerant about phones. Enlightenment sought. Can a personal phone (not a burner) be made equivalently secure?

        1. Glen 1

          Re: Tor, DNSCrypt, etc.

          There are several open source distros for phones.

          The limiting factors are drivers and getting the phone to boot from a non manufacturer sanctioned image.

          As for stock android, I know there is a VPN API, so it should be possible.

        2. doublelayer Silver badge

          Re: Tor, DNSCrypt, etc.

          "Can a personal phone (not a burner) be made equivalently secure?"

          Yes, if you're willing to go to quite extreme lengths, including buying only a specific subset of available phones, hacking bootloaders to let you in, and the like. Some steps don't require it, but some do. I'll take each in turn:

          "I can run Linux from a non-persistent thumb drive": This one's hard. Even when a phone supports a custom image, it's a persistent one. Very few phones support an easy non-persistent system. A few exist, all designed for Linux mobile distros, but those are a little rough and don't support everything, so unless you want to hack around with them you likely aren't buying them. If you're using a more normal Android device, your best chance is to backup an image, use the current one, then manually erase and reflash the old one back on. That can take half an hour and requires manual intervention.

          "and set up a signal chain that looks like ISP-->VPN-->Tor-->DNScrypt,": This one's easier. Android supports VPN, and most providers will have a client. OpenVPN is one of them in case you're running your own. If Tor is configured on your VPN endpoint, that will work fine. I think any on-device Tor client that works on all Android traffic would conflict with your VPN configuration, but you do have the Tor Browser available in case you can't make your endpoint run the circuits for you.

          "then run locked-down Firefox on same.": There is Firefox for Android, or the Tor Browser which is based on it, or a few other options. Locking those down is possible.

          The harder part is limiting software placed on the device. With effort, you can find and disable or uninstall some of the stuff, but it's not always possible to determine what everything is or what it's doing. That's why, if you want certainty, you have to get a customized Android or Linux variant. The unfortunate part is that many phones simply will not let you install one, and those which are open enough may not be supported. If you're willing to recompile kernels and the like, then you can get closer to the goal, but that takes time and expertise.

    3. Dinanziame Silver badge
      Paris Hilton

      Re: Great, for Apple users, but what about Android users?

      If you're worried about your activities being visible to Google, you probably aren't using Android... No?

      1. Anonymous Coward
        Anonymous Coward

        Re: Great, for Apple users, but what about Android users?

        Depends. People also use the general term "Android" to refer to devices which are derived from the same code as Android (aosp), but are not offically Android (in the "trademark license from Google" sense) and have no Google services by default - eg. LineageOS.

        1. DS999 Silver badge

          Re: Great, for Apple users, but what about Android users?

          Well then so long as you aren't dumb enough to choose Chrome as your browser in your non-Googly Android install you don't have to worry about Google getting your information (well other than all the trackers and ads Google has on pretty much every website in the world)

        2. Anonymous Coward
          Anonymous Coward

          Re: Great, for Apple users, but what about Android users?

          This is not true.

          There are numerous flaws with LineageOS, such as defaulting to google DNS and sending your location and IP address to google A-GPS (assisted GPS) servers every time you use an app that uses location, including the camera. They get your latitude and longitude every time. There are numerous other google services active on LineageOS.

          LineageOS is not a privacy focused OS for android hardware phones.

  2. Anonymous Coward
    Anonymous Coward

    Transfer of power

    Sooo... instead of Google having the information now Apple gets it?

    And that is ok... because we trust them more?

    1. Rob Daglish

      Re: Transfer of power

      well... not exactly trust as such, but... it seems like Google want to sell information about you to their advertisers so they can target you with ever more specific stuff. Apple are more interested in selling _you_ stuff. Everyone gets a choice over which they prefer, or neither.

    2. Tomato Krill

      Re: Transfer of power

      I think yes

    3. Oh Matron!

      Re: Transfer of power

      You've really not thought this through, have you?

      Any website that you visit gets your IP address. It's just that, with Google's safe browsing, Google gets EVERY website and the originating IP address

      Now, with Apple's change, Google don't get any of this. Apple don't get any of this... And last time I checked, Applewasn't in the business of targetted ads

    4. ThomH

      Re: Transfer of power

      I think it's more: if you buy an Apple phone then you make the choice that you trust Apple.

      Apple is trying to ensure that you don't necessarily also have to trust Google.

      1. DS999 Silver badge

        Re: Transfer of power

        Yes, it comes down to this:

        If you trust Apple, then you aren't worried they will collect and misuse your IP address information from this service.

        If you do not trust Apple, potential abuse of this service doesn't matter because they could collect a LOT more information directly from Safari itself.

  3. Security nerd #21

    Proxying

    Why do they think that proxying a connection is a security improvement ? Just means that they can listen in on any web sessions being carried out (particularly if MITMing the connection) - and that is quite apart from slowing down the user experience as well, whilst you wait for the traffic to go to and from Apple's services ...

    No different to believing that your public service VPN company isn't also tracking and monitoring everything you do. If you aren't in control, it's not "secure" ...

    1. Unoriginal Handle

      Re: Proxying

      Well yes they're MITM. But unless they stick a cert on my device they're not going to see anything useful beyond the first few packets of metadata as it's all pretty much encrypted.

      And even if I was dumb enough to allow Apple to decrypt my data, cert pinning, client certs and the like knock a whole lot of other stuff out for the potential decryptor.

      1. Security nerd #21

        Re: Proxying

        If It's Apple doing the MITM - they own the browser and the device. They can put whatever certificates they like in to the system, suppress warnings on their "special" certificates, and the average user wouldn't notice.

        Thats the truly scary bit. But hey - it's shiny

        If a public VPN provider is MITMing the connection, it's the same scenario as the user has just installed the VPN app, and probably ignored the permissions required (which will include the certs etc). Apart from tin foil hat scenarios, the only real reason to use these is to bypass regional restrictions - laudible in a few situations, but only a few ...

      2. Anonymous Coward
        Anonymous Coward

        Re: Proxying

        I'll bet money that Google already has set a unique identifier in the api call to safebrowsing.google.com

      3. doublelayer Silver badge

        Re: Proxying

        "Well yes they're MITM."

        Not really. They only get one set of traffic, which uses the hashed URLs. They don't have access to any other parts of the stream. That doesn't make them perfect, but posts here are talking as if they've started proxying all traffic. They haven't.

    2. Graham Cobb Silver badge

      Re: Proxying

      As I understand it, they are not proxying the web connection, just the Safe Browsing lookup.

      If not, that would certainly be a very serious issue. I do trust Apple much more than Google (they have much more to lose as I pay them real money for things) but not so much I would allow them to proxy my web browsing.

      1. DS999 Silver badge

        Re: Proxying

        I don't think even Apple would have the server capacity to proxy every web access for the billion active iPhone users, plus another few hundred million for iPad & Mac.

    3. Tessier-Ashpool

      Re: Proxying

      That's not the way it works. Apple don't MITM the browser connection to a website for the purpose of checking a website's safety.

      Rather, iDevice will ask Apple to check the safety of the requested website on the user's behalf before a connection to the website is made. Apple will, in turn, make use of Google's API to do that check, without divulging the iDevice IP address to Google.

      The result will be yay or nay, and that happens before a connection is subsequently opened to the requested website.

      Nothing to MITM. They can't listen in on your session data with this mechanism.

      Apple servers would, of course, have the *potential* to correlate an iDevice with websites that the iDevice visits, and log that information for years on end. You know, the kind of thing that Google does.

      Apple has no interest in doing that. It's not their business model. You can bet your bottom dollar that the validation data is hashed, scrambled and disposed of so that it doesn't leak beyond the validation service itself.

      And if your tinfoil hat is flapping in the wind, you can just turn the feature off in settings.

      Personally, I would much rather that Apple perform safety checks on my behalf than have my iDevice ask Google to do it directly.

  4. Charlie Clark Silver badge

    Figleaf

    If they don't trust the API they can just blacklist and provide their own use someone else's they think is better. If they think the service is good then they can contract with Google to formally restrict the use of personally identifiable data or improve the API. And they can also make sure IPv6 privacy extensions are running to limit the usefulness of any harvested data.

  5. Ragarath

    So Apple are proxying instead then?

    So Apple has all the data and not Google, your data is still being collected.

    1. Lord Elpuss Silver badge

      Who says the data is being collected?

      1. Charlie Clark Silver badge

        Who says it isn't?

        Any data centre in the US will be retaining the logs for at least 24 hours, and probably longer. Not that safe-browsing query histories are really that interesing compared with, say, with DNS requests.

        1. DS999 Silver badge

          If you assume Apple is collecting data, why would proxying the safe browsing make any difference? They control the OS and the browser, which has a LOT more data than just IP addresses.

          And exactly what "logs" do you think every data center will be maintaining? If you think there is anyone logging the last 24 hours of every web access that passes through a major internet exchange, you have no idea of the scale of data that would be. Even China isn't going to be able to do that (for internal only data)

  6. s. pam
    Facepalm

    Hmm, so we have to trust Apple not to get pwned?

    not that anyone would ever expect that to happen!

    1. DS999 Silver badge

      Re: Hmm, so we have to trust Apple not to get pwned?

      If this service got pwned, someone would get access to IP addresses of safe browsing queries. Oh noes!

      Who would you rather have get their hands on this data, some hackers who can do nothing with just your IP address and a one way hash of the URL you're visiting, or Google who almost certainly has a massive mountain of data on you from thousands of sources both online and in meatspace they can correlate it against?

      There's also a risk of Google's service getting pwned, and since proxy software is simpler it is probably less likely of the two for that to happen.

  7. Jim Willsher

    Does anyone still use Safari on an i-device? Chrome all the way.

    1. DS999 Silver badge

      What kind of moron would run Chrome on an iPhone? Or on a Windows PC, for that matter.

  8. paddy carroll 1

    tldr

    As an apple user

  9. Pennsyjohn

    OOPS....Apple is running OS 10.4.6

    You guys in Britain are a bit behind the times. Apple released 10.4.6 a bit ago. BUT notice it only works on Safari, and most users have gone to a better browser. Apple should get Safari to work better. Been a long time since Safari worked correctly on some of my banking sites.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like