Jump to content
Login new information ×
Login new information

Apple’s Safari browser blocks CNAME cloaking in Big Sur privacy boost

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

Web browser also hampers bounce tracking, among other tweaks, across all latest Apple OS updates

 

rpzrcUU.png

 

Apple has bolstered Safari’s protections against third-party trackers by rolling out new mechanisms for blocking CNAME cloaking and bounce tracking.

 

Safari 14 on Big Sur, the major MacOS update launched yesterday (November 12), can now detect third-party CNAME cloaking requests by capping the expiry of cookies set in third-party, CNAME-cloaked HTTP responses to seven days.

 

Part of a raft of tweaks to WebKit’s Intelligent Tracking Prevention (ITP) feature, the seven-day limit mirrors ITP’s expiry cap on cookies created through JavaScript, which CNAME cloaking can circumvent.

 

The bounce tracking detection feature and other ITP tweaks are also incorporated into Catalina and Mojave, iOS 14, and iPadOS 14, according to a post on the WebKit blog.

 

WebKit engineers have also joined other browsers in their efforts to standardize storage partitioning by allowing partitioned and ephemeral third-party IndexedDB, enabling full third-party cookie blocking by default so that ITP can learn about cross-site trackers during private browsing, and explicitly exempted home screen web applications from the seven-day cap on all script-writeable storage introduced in March.

What Is CNAME cloaking?

‘CNAME cloaking’ disguises third-party trackers as first-party trackers, thereby circumventing ad blockers, by assigning a subdomain for data collection and tracking, linking it to an external server with the CNAME DNS record.

 

Found in the Domain Name System (DNS), a Canonical Name (CNAME) record maps domain name connections so that multiple services, such as an FTP server and web server running on different ports, can run from a single IP address.

 

Wilander illustrated how the technique works in a table:

R16FNTV.png

 

Widespread technique

With the likes of Mozilla now blocking third-party tracking cookies and cryptominers by default, ad tech firms have increasingly encouraged clients to deploy CNAME cloaking.

 

Source

Link to comment
Share on other sites
  • Views 506
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...