Safari API bug leaks browsing data that can reveal a user's identity
A bug in Safari in how it handles the IndexedDB API is potentially leaking information about a user's browsing habits, an issue that could be used to reveal the user's identity.
Apple has continuously attempted to make Safari privacy-focused, with the introduction of initiatives to prevent cross-site tracking and the Safari Privacy Report meant to help protect users. However, a bug in how Safari functions may have undone all of that work.A blog post by browser fingerprinting service FingerprintJS points out that there's a problem with the way Apple implemented IndexedDB API in Safari 15. According to the researchers, the bug can allow any website to track a browser's internet activity, and potentially determine their identity.
Read more...