Twitter | Pretraživanje | |
Justin Schuh 🤬 22. sij
This is a bigger problem than Safari's ITP introducing far more serious privacy vulnerabilities than the kinds of tracking that it's supposed to mitigate. The cross-site search and related side-channels it exposes are also abusable security vulnerabilities.
Prikaži podatke · Reply Retweet Označi sa "sviđa mi se"
Justin Schuh 🤬 22. sij
Odgovor korisniku/ci @justinschuh
To add some context, Chrome's XSS Auditor was found to introduce exactly the same class of side-channel vulnerabilities. After several back and forths with the team that discovered the issue, we determined that it was inherent to the design and had to remove the code.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Justin Schuh 🤬 22. sij
Odgovor korisniku/ci @justinschuh
I have no idea what Apple plans to do about this, because it's been a defining theme in their anti-tracking approach (and one of our major concerns). They attempt to mitigate tracking by adding state mechanisms, but adding state often introduces worse privacy/security issues.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Jamie Bishop 22. sij
Odgovor korisniku/ci @justinschuh
They already fixed it apparently
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"
Justin Schuh 🤬
No, I can assure you that they still haven't fixed these issues, which is what made that blog post last year so weird. Apple didn't disclose the vulnerabilities or appropriately credit the researchers, but put out a post implying they fixed "something".
09:12 - 22. sij 2020.
Reply Retweet Označi sa "sviđa mi se" More
Paresh Dave 23. sij
Odgovor korisniku/ci @justinschuh @jamiebishop123
Hi Justin, I've asked Google PR to elaborate on your comments and they've declined, so curious if you directly want to provide any documentation on why the fixes described in the blog are insufficient.
Prikaz razgovora · Reply Retweet Označi sa "sviđa mi se"