Jump to content

Search the Community

Showing results for tags 'safari'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 15 results

  1. How to Get Safari's New Privacy Features in Chrome and Firefox Apple's browser is getting serious about security protections. If you can't or won't switch, don't worry: You don't have to fall behind. You don't have to wait for macOS Big Sur to drop to get a lot of these upcoming features though—both Mozilla Firefox and Google Chrome have similar features.Photograph: Apple Apple just unveiled a raft of changes coming with the new macOS Big Sur later this year. Along with the visual redesign, the introduction of Control Center, and upgrades to Messages, the built-in Safari browser is getting new-and-improved privacy features to keep your data locked away. You don't have to wait for macOS Big Sur to drop to get a lot of these upcoming features though—both Mozilla Firefox and Google Chrome have similar features, or they can with the help of a third-party extension. Here's how you can get Firefox or Chrome up to par with Safari in macOS Big Sur today. The Changes Coming to Safari When macOS Big Sur arrives, Safari is going to look somewhat different. Courtesy of Apple Privacy and data protection are already big priorities for Safari, but the version coming with macOS Big Sur is going to go even further to protect you from being tracked on the web. Some of the existing features are becoming more visible, while Safari is also embracing more extensions, with as much care for user safety as possible. The browser already warns you against using passwords that are easily guessed or that you've used before (assuming they're saved in Safari's password locker), but the next version will also warn you if your email address, username, or password have been exposed in a data breach online—which would mean the need to take action and change your password would be even more urgent. A new Privacy Report button is getting added to the toolbar—you can click on this to see exactly which trackers Safari is blocking in its ongoing attempts to stop advertisers and companies from following you around the web. Safari is particularly good at stopping "fingerprinting," where various characteristics of your device (like screen resolution and operating system) are used to figure out who you are. This same Privacy Report is going to be displayed on your browser start page, which should give you a better idea of which sites are most aggressively trying to track you, as well as showing off the work that Safari is busy doing in the background. Safari in macOS Big Sur is also boosting support for extensions. (Safari already has extensions, but there aren't many of them.) New developer tools will make it easier for add-ons to be ported from Chrome and Firefox, and Safari is going to give users a suite of controls to limit the browsing data and other information that extensions are able to get access to. Adding Features to Chrome uBlock Origin is one Chrome extension that can block trackers. Screenshot: David Nield via Google Google already checks the passwords that it saves for you against a database of leaked credentials (besides warning about duplicates and passwords that could be easily guessed)—this is actually a Google account feature as well as a Chrome one. From the Chrome Settings panel, click Passwords then Check passwords to run an audit. You can already get some tracking data about a site by clicking the icon to the left of a URL in the address bar in Chrome (the icon will be either a padlock or an info bubble). To get even more tracking data, and to selectively block it, Safari-style, you can use an extension like uBlock Origin: One click shows you how many trackers are active on a page and which have been stopped by uBlock Origin. As well as stopping tracking across multiple sites, uBlock Origin also suppresses aggressive ads and protects against sites embedded with malware. A similar tool for Chrome that you can try is Disconnect—again, a single click blocks out tracking technologies, unwanted advertising, and social plug-ins (used by the likes of Facebook to see what you're up to when you're out and about across the web). Individual trackers and sites as a whole can be granted permission to operate outside of the restrictions put in place by uBlock Origin and Disconnect, which can be used for sites with responsible advertising that you want to support. As an added bonus, all of this tracking and blocking should mean a faster browsing experience too. Policing extension permissions isn't quite as easy in Chrome as it sounds like it will be in the next Safari upgrade, but you do have options: Choose More Tools then Extensions from the Chrome menu, then click Details next to any extension. The next page shows you the permissions the add-on has and lets you set when and how the utility can read your browsing data—on all sites (everywhere you go, without question), on specific sites (only on sites you specifically list), or on click (so you'll be asked for permission whenever access is required). Adding Features to Firefox Firefox comes with a host of privacy protections built in. Screenshot: David Nield via Firefox Firefox already packs plenty of user privacy and anti-tracking technology into its interface, so you don't need to do too much in the way of tweaking to get it up to par with the improvements that Apple just announced for Safari. It blocks more than 2,000 web trackers by default, for example, and warns you if your details are included in a data breach as part of its Firefox Monitor and Firefox Lockwise tools. Click the little purple shield icon to the left of the address bar on any site to see what Firefox has blocked, including advertising trackers, social media plug-ins, attempts to fingerprint your device, and more. Firefox will intelligently allow some plug-ins to run if blocking them would seriously compromise the functionality of the site—it's then your choice to continue using the site or find an alternative. To open a report on how these various measures are working over time, open the main Firefox menu and choose Privacy Protections. If you open up Preferences then Privacy & Security from the Firefox menu, you can choose how these measures (called Enhanced Tracking Protection) are applied. Three different modes of operation are available—Standard, Strict, and Custom—and it's possible to tailor the level of blocking for specific sites too. Enhanced Tracking Protection can be turned off for sites that you particularly trust, as well. It's fantastic having all of these features built right into Firefox, and it may be where Apple got some of its inspiration from for Safari, but plenty of third-party extensions are also available if you want to go even further. uBlock Origin and Disconnect are both available for Firefox as well as Chrome, for example, and both work in the same way: With one click on the browser toolbar you can see which adverts and trackers are being blocked. To keep watch over which extensions are allowed to what in Firefox, choose Add-ons then Extensions from the program menu. Click the three dots next to any extension to see the data and browser features that it has access to—for the time being you can't change this, though you can block add-ons from running in private browser windows. If an extension is using a permission that you're not happy with, you'll have to uninstall it. How to Get Safari's New Privacy Features in Chrome and Firefox
  2. Spotify web player restores support for Safari after three years of hiatus You might recall that Spotify removed support for Safari back in 2017 out of the blue with no explanation. Users were taken aback when they could no longer play songs using Spotify's web player on Apple's web browser, with some speculating that this might have something to do with Google's Widevine content decryption module that's used by Spotify. The digital rights management technology was supposedly not supported by Apple due to security concerns. Today, it appears that Spotify's web player has restored support for Safari. Some users took to Reddit to share the new development. Although there's no official announcement from either Spotify or Apple, Safari is now back on the list of browsers supported by the music streaming service. That means Safari fans can play their favorite songs using the browser by visiting Spotify's web player. However, if you're still having trouble opening Spotify on Safari, you may perform a number of troubleshooting steps to get it working (via 9to5Mac). One option is to update your browser by checking for the latest version of Safari via its Help section. You can also launch the web player in incognito mode. Source: Spotify web player restores support for Safari after three years of hiatus (Neowin)
  3. Apple updates Safari’s anti-tracking tech with full third-party cookie blocking Beating Google by two years to the privacy feature Illustration by Alex Castro / The Verge Apple on Tuesday released a major update to its Safari Intelligent Tracking Prevention (ITP), the privacy feature that allows the company’s web browser to block cookies and prevent advertisers from snooping on your web habits. According to Apple’s John Wilander, the WebKit engineer behind the feature, Safari now blocks all third-party cookies. That means that, by default, no advertiser or website is able to follow you around the internet using the commonplace tracking technology. It’s a significant milestone for web privacy, and it puts Apple’s browser officially two whole years ahead of Chrome, after Google said in January that it would start phasing out third-party cookies but not fully until some time in 2022. “Cookies for cross-site resources are now blocked by default across the board. This is a significant improvement for privacy since it removes any sense of exceptions or ‘a little bit of cross-site tracking is allowed,’” Wilander notes in the announcement post on the blog for WebKit, which is Apple’s in-house browser engine that powers many of its features under the hood. Wilander notes that users might not notice a big change because ITP has been doing this more or less already. “It might seem like a bigger change than it is. But we’ve added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.” Apple first launched ITP within Safari nearly three years ago, where it immediately set a new bar for web privacy standards on both desktop and mobile by blocking some, but not all, cookies by default. Alongside the substantial privacy work of Mozilla’s Firefox, which also blocks third-party cookies by default as of last summer, Apple has been pioneering a machine learning approach to web tracking prevention that has made Safari one of the most widely used and secure web tools available. In addition to blocking third-party cookies across the board and by default, Wilander says ITP now has safeguards against trackers using the very nature of tracking prevention as a way to keep tabs on users. He adds that the new feature set also ensures that websites and trackers can’t use login IDs to digitally fingerprint users who might otherwise be using tracking prevention or other privacy tools. “Full third-party cookie blocking makes sure there’s no ITP state that can be detected through cookie blocking behavior. We’d like to again thank Google for initiating this analysis through their report,” he writes, referencing Google’s research published earlier this year on ITP that revealed the possibility of using some elements of it as a fingerprint. (Apple had to disable the Do Not Track feature in Safari in 2019 for similar reasons.) Wilander goes on to detail some other, more technical elements of the ITP update. But in general, he says Safari is again setting a new bar for web privacy that he and Apple hope other companies will follow. “Safari continues to pave the way for privacy on the web, this time as the first mainstream browser to fully block third-party cookies by default. As far as we know, only the Tor Browser has featured full third-party cookie blocking by default before Safari, but Brave just has a few exceptions left in its blocking so in practice they are in the same good place. We know Chrome wants this behavior too and they announced that they’ll be shipping it by 2022,” he writes. “We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.” Source: Apple updates Safari’s anti-tracking tech with full third-party cookie blocking (The Verge)
  4. Keep your crypto below 398 days after September 1 and you're all good Safari will, later this year, no longer accept new HTTPS certificates that expire more than 13 months from their creation date. That means websites using long-life SSL/TLS certs issued after the cut-off point will throw up privacy errors in Apple's browser. The policy was unveiled by the iGiant at a Certification Authority Browser Forum (CA/Browser) meeting on Wednesday. Specifically, according to those present at the confab, from September 1, any new website cert valid for more than 398 days will not be trusted by the Safari browser and instead rejected. Older certs, issued prior to the deadline, are unaffected by this rule. By implementing the policy in Safari, Apple will, by extension, enforce it on all iOS and macOS devices. This will put pressure on website admins and developers to make sure their certs meet Apple's requirements – or risk breaking pages on a billion-plus devices and computers. Tim Callan, a senior fellow at PKI and SSL management firm Sectigo, who attended this week's meeting in Slovakia, told The Register: "This week Apple announced at the 49th CA/Browser Forum Face-to-Face that it will limit the term of accepted TLS certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with term beyond 398 days will be distrusted in Apple products. "Certificates issued prior to September 1 will have the same acceptable duration as certificates do today, which is 825 days. No action is required for these certificates." Cutting certificate lifetimes has been mulled by Apple, Google, and other members of CA/Browser for months. The policy has its benefits and drawbacks. The aim of the move is to improve website security by making sure devs use certs with the latest cryptographic standards, and to reduce the number of old, neglected certificates that could potentially be stolen and re-used for phishing and drive-by malware attacks. If boffins or miscreants are able to break the cryptography in a SSL/TLS standard, short-lived certificates will ensure people migrate to more secure certs within roughly a year. Shortening the lifespan of certificates does come with some drawbacks. It has been noted that by increasing the frequency of certificate replacements, Apple and others are also making life a little more complicated for site owners and businesses that have to manage the certificates and compliance. "Companies need to look to automation to assist with certificate deployment, renewal, and lifecycle management to reduce human overhead and the risk of error as the frequency of certificate replacement increase," Callan told us. We note Let's Encrypt issues free HTTPS certificates that expire after 90 days, and provides tools to automate renewals, so those will be just fine – and they are used all over the web now. El Reg's cert is a year-long affair so we'll be OK. GitHub.com uses a two-year certificate, which would fall foul of Apple's rules though it was issued before the cut-off deadline. However, it is due to be renewed by June, so there's plenty of opportunity to sort that out. Apple's website has a year-long HTTPS cert that needs renewing in October. Microsoft is an interesting one: its dot-com's cert is a two-year affair, which expires in October. If Redmond renews it for another two years, it'll trip up over Safari's policy. No public announcement has been made by Apple, it seems. Digicert's Dean Coclin has issued a memo about the policy: "Why did Apple unilaterally decide to enforce a shorter certificate lifetime?" Coclin pondered. "Their spokesperson said it was to 'protect users.' We know from prior CA/B Forum discussions that longer certificate lifetimes proved to be challenging in replacing certificates, in the case of a major security incident. Apple clearly wants to avoid an ecosystem that cannot quickly respond to major certificate-related threats. "Short-lived certificates improve security because they reduce the window of exposure if a TLS certificate is compromised. They also help remediate normal operational churn within organizations by ensuring yearly updates to identity such as company names, addresses and active domains. As with any improvement, shortening of lifetimes should be balanced against the hardship required of certificate users to implement these changes." Apple declined to comment. Source
  5. “Completely fake,” an Apple engineer explains After Microsoft, Apple might be the next big name planning to migrate to the Chromium engine for its very own browser. This is what one ridiculous rumor making the rounds today claims, indicating that Apple is ready to abandon WebKit to adopt the same engine that powers Google Chrome and, starting this year, Microsoft’s Edge browser. The information was originally published by Russian blog iPhones.ru and several other English-based websites reposted it, along with what they claimed to be evidence of Safari being rebuilt on Chrome. A screenshot that was included in a bug report showed what the sources described as an early version of Safari running on Chromium, with some claiming that the project is actually in an advanced phase and Apple is truly committed to making the whole thing happen as soon as possible. And while at some level it might actually make sense for Apple to switch to Chromium and follow in Microsoft’s footsteps, the report is completely false and there’s basically no chance to see the Cupertino-based tech giant invest in the engine that Google insists so hard for. In fact, WebKit is here to stay in Safari, there’s no doubt about it, and moving forward Apple has absolutely no reason to invest in Chromium. Fake, fake, fake The evidence that is supposed to confirm Safari is moving to Chromium actually links to an unrelated security issue from 2015. The screenshot claiming to show Safari based on Chromium is completely fake as well, as it shows Intelligent Tracking Prevention in Chromium – ITP is a proprietary Safari feature and Chromium doesn’t include such code. Apple developer Ricky Mondello also confirmed on Twitter this was a false report. “The screenshot of the alleged Chromium bug includes a supposed Apple email address that doesn’t belong to anyone on the Safari or WebKit teams, and Chromium doesn’t have any code to support ITP that could be enabled. This is a complete fabrication,” Mondello explained. Rick Byers, software engineer at Google on Chromium, found more proof this is fake news. “I've confirmed the referenced bug is an unrelated security issue from 2015. Biggest giveaway that this fake is that the bug number is too low to have been created in the past several years. We're now over 1,000,000,000!” he tweeted. Of course, Apple hasn’t commented on the original report, but this time, it’s pretty clear it doesn’t even have to. Source
  6. If you use Safari you are frustrating advertisers. What you need to know Intelligent Tracking Prevention is impacting advertisers. Marketing executives are saying that the technology is "stunningly effective" at preventing tracking. It is causing Safari users to be devalued in the advertising market. Two years ago, Apple unveiled Intelligent Tracking Prevention for Safari which aimed to protect users of the browsers from unwanted tracking. It was yet another in a long-running move towards more privacy on behalf of the company for its customers, and this technology, in particular, seems to be having a major impact on the advertising industry. In a report by The Information, executives within the online publishing industry have said that the technology has been "stunningly effective" at preventing companies from identifying users' behavior across the web. One executive says that it has led to a devaluing of Safari users. "The allure of a Safari user in an auction has plummeted," said Rubicon Project CEO Michael Barrett. "There's no easy ability to ID a user." On the other hand, it has also created somewhat of a discount market for those who want to save on advertising, as long as buyers are okay with the data being less precise. The Information reports that the cost of reaching a Safari user has dropped as much as 60% while Chrome users continue to get more expensive. The cost of reaching Safari users has fallen over 60% in the past two years, according to data from ad tech firm Rubicon Project. Meanwhile, ad prices on Google's Chrome browser have risen slightly. Apple's Safari privacy features paint a stark contrast in tracking when compared to users who chose to use a different browser like Chrome. According to Nativo, which sells online advertising software, only 9% of Safari users allow tracking whereas 79% of Chrome users do. This is in part because many of Safari's privacy features are turned on by default. Only about 9% of Safari users on an iPhone allow outside companies to track where they go on the web, according to Nativo, which sells software for online ad selling. It's a similar story on desktop, although Safari has only about 13% of the desktop browser market. In comparison, 79% of people who use Google's Chrome browser allow advertisers to track their browsing habits on mobile devices through cookies. Some believe that the devaluing of Safari users is a mistake, based on the demographics of those who tend to own an iPhone, iPad, and Mac. They put the responsibility on marketers to adapt to growing privacy enhancements and uncover new ways to reach the people they want to get in front of. "Apple users are more valuable to advertisers based on demographics, being higher income, et cetera," said Jason Kint, CEO of industry trade group Digital Content Next. He argues that Safari users have been "wrongly devalued" in the short term and says marketers just need to find better ways to reach them online. Source
  7. But no one cared When Google started gutting the effectiveness of ad blockers on its Chrome browser, there was an outcry; but for some reason, no one cared that Apple had done the same thing for a year and a half. Google wanted to limit the maximum rules an extension could pass to Chrome to 30,000, which many Chrome extension developers said was extremely low, and wouldn't even begin to accommodate the likes of ad blockers, parental control or traffic inspection extensions. The company was immediatelly attacked for trying to "kill ad blockers" and after months of criticism, Google eventually backed down on its initial plan and settled on a higher limit ranging from 90,000 to 120,000, a number that many extension developers, and especially those managing ad blockers, still consider insufficient. On the other side, when Apple rolled out the new Content Blocker API, it enforced a maximum limit of 50,000 rules for each new extension that wanted to block content inside Safari. Of course AdBlock was running faster. It had fewer rules to apply than before. Unlike Google, Apple never received any flak, and instead, the Tame Apple Press pushed a sound byte that Apple was caring about users' privacy, rather than attempting to "neuter ad blockers". One of the reasons might be that few people use Apple's Safari, and Apple doesn't rely on ads for its profits, meaning there was no ulterior motive behind its ecosystem changes. Besides Apple fanboys tend to believe what ever their Mighty Overlord tells them. But there is another reason which might not be so nice. Apple is known to have a heavy hand in enforcing rules on its App Store, and that developers who generally speak out are usually kicked out. It's either obey or get out. Unlike in Google's case, where Chrome is based on an open-source browser named Chromium and where everyone gets a voice, everything at Apple is a walled garden, with strict rules. Apple was never criticised for effectively "neutering" or "killing ad blockers" in the same way Google has been all this year because the pressure normally starts with extension developers, but it then extended to the public. In Apple's case, developers will never to complain because it could result in them being kicked out of Apple's store. Source
  8. Safari to ape Firefox, go all-in on anti-tracking The WebKit team has unveiled a new Tracking Prevention Policy that could help bolster privacy for users of Apple's Safari browser. ValeryBrozhinsky / Getty The WebKit project - the open-source initiative that generates code for Apple's Safari browser - quietly announced last week that it would follow in Mozilla's footsteps and quash tracking technologies designed to follow users across the web. In a short message on Aug. 14, the WebKit team pointed to its new Tracking Prevention Policy, a document that spells out its plans in detail, including what types of tracking it will create and how it will deal with any side effects. "We have implemented or intend to implement technical protections in WebKit to prevent all tracking practices included in this policy," the document read. "If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques." The policy document ticks off half a dozen types of tracking WebKit will bar or does now, including cross-site tracking and fingerprinting. Safari already blocks some cross-site tracking under its Intelligent Tracking Protection (ITP), which debuted in 2017 and was enhanced last year with the browser bundled with macOS Mojave and iOS 12; it's stingy with the information it offers sites - information that can be abused to identify a user by, for instance, recording the installed fonts and plug-ins. The WebKit team tipped its hat to Mozilla for motivating it to put its plans digital paper. "Our policy was inspired by and derived from Mozilla's anti-tracking policy," the group wrote, linking to the Firefox maker's own guidelines. Firefox has been on a privacy tear of late. And because of its rapid release cadence - Mozilla pushes out a new browser every six weeks or so, while Apple upgrades Safari only once during a year - its new features and functionality have received plenty of press. In June, for example, Mozilla switched on Firefox's Enhanced Tracking Protection (ETP) for new users and let current users enable it themselves. The technology, which had been in development for four years, stymied cookie-based and URL parameter-based cross-site trackers, and optionally also stopped fingerprinting. By mimicking Mozilla, WebKit - and by extension, Apple - may hope to steal some of the anti-tracking, pro-privacy spotlight. It may not be a coincidence that both browsers - Firefox and Safari - have lost user share in the last six months; their makers likely see privacy as an edge over the leader, Google's Chrome, and thus an opportunity to attract more users. How a browser protects users' privacy, in fact, has largely replaced older metrics, such as rendering speed, to define differences between brands. As an example of the trend, Microsoft too has pitched its reborn Edge, that browser relying on the Chromium open-source project's technologies, as a shield between the user and bad behavior on the part of sites and their advertisers. Of the top four browsers, only Chrome has not proclaimed its anti-tracking bonafides. But WebKit didn't simply repeat what Mozilla promised in its anti-tracking screed: The former took a much tougher line on trackers. "We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities," WebKit wrote. "If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention." In other words, WebKit will retaliate against scofflaws, maybe by holding everyone accountable for the actions of miscreants, perhaps by singling out the those who try to go around the tracking prevention. "Equating circumvention of anti-tracking with security exploitation is unprecedented," applauded Lukasz Olejnik, an independent security and privacy researcher and consultant, in one tweet. "Overt treatment of privacy as a first-class citizen (like security) is the only direction (your move Microsoft, Google, all the rest!)," he added in another. The policy document does not specify a timetable for adding new tracking protections or enhancing existing ones in WebKit, much less when they would migrate into Safari. Source: Safari to ape Firefox, go all-in on anti-tracking (Computerworld - Gregg Keizer)
  9. How to configure Safari in iOS - A user-friendly and privacy focused guide Most iPhone and iPad users don't often pay attention to how their default browser works, unless they run into an issue. We have written a user-friendly and privacy focused guide, to teach you how to configure Safari in iOS. This is more like a cheat sheet, we didn't want to bore you with technical jargon. So, we kept it pretty simple and straightforward. How to configure Safari in iOS You can't manage Safari's settings from, well, Safari. iOS is a little bit weird when it comes to that; instead, you need to go to the Settings app to configure the browser. You can find Safari on the side-bar to your left. There are a slew of options that you can modify here. We will mention the most important ones which you may want to tweak. Siri and Search - Do you use Siri? If your answer is no, disable everything under this option. This is a personal choice. If you use Siri, you can choose whether it should display suggestions, learn from how you use Safari, and whether it should display information/suggestions in search results. Default search engine - No prizes for guessing what's default here, Google of course. You do however have 3 other options to choose from Yahoo, Bing and the privacy-centric DuckDuckGo. Search suggestions - You may know this as auto-complete from desktop browsers. It can help you save a few seconds, which would have otherwise been wasted typing the rest of the search phrase. This can get finicky though, as you may get suggestions which may not be entirely relevant to what you are looking for. Safari suggestions - This option is kind of similar to search suggestions, and pulls up information from sources like Wikipedia. The information is displayed inside the address bar, and maybe useful at times. It is powered by Siri, in case you were wondering. Quick Website Search - Want to see a Wikipedia page of a particular topic, but too lazy to type it? Try typing something like "Wiki iOS", and it should load the relevant page. Pre-load Top Hit - This is like a lottery, and depends on what you're searching for. It loads the most popular result for the term you searched for. I recommend disabling it, simply because it can be inaccurate and because it needs to connect to the site in question. AutoFill - You can use Safari to automatically fill in your name, credit card info, to quickly checkout on websites. Frequently visited sites - As the name so obviously suggests, this feature lists your most often accessed websites. It can be useful, if you like to visit the same sites everyday. For e.g. news, weather, sports, etc. You can manage your favorites (bookmarked websites) separately, and also the behaviour of tabs. These are pretty basic options that are self-explanatory. Important Safari Settings in iOS that we recommend, and why Apple Safari is quite good in iOS and has some very useful options to keep you safe on the internet. Block Pop-ups - Despite the fact that iOS is generally considered safe(er) from malware, you don't want websites popping-up windows to annoy you, or distract you. Leave this option on, and you won't notice a single pop-up, it's pretty good. Fraudulent Website Warning - This is a crucial feature and is one of the many pre-enabled options in Safari. It helps in preventing known scam/fraud sites from loading in the browser, and thus stops phishing attacks dead in their tracks. Prevent Cross-Site Tracking - This option will prevent websites, you know the pesky ones, from tracking your browsing history on other websites. This is perhaps the most important of all the features. Downloads - If you have a ton of space in your iCloud account, you can let your downloads be saved in the cloud drive, else you may want to save them locally on your iPhone or iPad's storage. Content Blockers - These are your ad blockers, and yes iOS does have a few. I personally use AdGuard, because I use YouTube, Reddit, Facebook, etc from the browser directly instead of their respective apps, and don't need to see or hear the ads/video ads. Camera, Microphone, Location - These are personal choices, and can be set to Deny or Allow for all websites, or set to ask you every time. Ask yourself, do I really want the website to use my camera, hear what I'm saying or know where I'm? If you want to be in control, select Ask Every time. Request Desktop Website (enable for iPads) - This isn't security related, but to enhance your user experience. On iOS 1,3 err, I mean iPadOS, this option is enabled for iPads, because the screen is large and scales down the desktop theme of almost every website to fit the display perfectly. On iPhones, it isn't recommended to enable the option, because the display isn't big enough. Finally, there is the Advanced section, where there are a few options, which we think may be of use to developers, especially the Experimental ones. The rest of the options here, aren't really meant to be fiddled with by normal users. Source: How to configure Safari in iOS - A user-friendly and privacy focused guide (gHacks - Martin Brinkmann)
  10. Apple today released a new update for Safari Technology Preview, the experimental browser Apple first introduced three years ago in March 2016. Apple designed the Safari Technology Preview to test features that may be introduced into future release versions of Safari. Safari Technology Preview release 84 includes new Safari 13 features that will be available in macOS Catalina. These features include a new Favorites page and prompts to change a password when a weak password is detected. Refreshed Favorites Design. The Favorites page has been visually refreshed, and now includes Show More and Show Less actions. Switch to Tab from Smart Search Field. The Smart Search Field now offers switching to an already-open tab when a search query matches the title or URL of an open tab. Warnings for Weak Passwords. When signing into a website with a weak password, Safari will prompt you to visit the website in a new tab to upgrade the password to an Automatic Strong Password. Safari uses the well-known URL for changing passwords (/.well-known/change-password), allowing websites to take users directly to their change password pages. The password list in Safari Preferences has also been updated to flag weak passwords. The new Safari Technology Preview update is available for both macOS High Sierra and macOS Mojave, the newest publicly available version of the Mac operating system that was in September 2018. The Safari Technology Preview update is available through the Software Update mechanism in the Mac App Store to anyone who has downloaded the browser. Full release notes for the update are available on the Safari Technology Preview website. Apple’s aim with Safari Technology Preview is to gather feedback from developers and users on its browser development process. Safari Technology Preview can run side-by-side with the existing Safari browser and while designed for developers, it does not require a developer account to download. Source
  11. Microsoft confirms the latest version of Skype for Web drops support for Safari Microsoft released a new version of its Sky for Web client earlier this week in a bid to make the service easier to access. Now, however, the company has confirmed that Skype for Web is no longer supported in Safari. In a statement to VentureBeat, Microsoft explained that Skype for Web uses a “calling and real-time media” framework that functions differently across the various browsers. Thus, it decided to prioritize Skype for Web support in Microsoft Edge and Google Chrome: A Microsoft spokesperson said the service requires “calling and real-time media” technology that is “implemented differently across various browsers.” So the company “decided to prioritize bringing Skype to [the] web on Microsoft Edge and Google Chrome based on customer value. Skype for Web originally launched to the public in April of 2016 after extensive beta testing. The move to drop support for Safari isn’t necessarily surprising, though. Last month, Microsoft warned Skype for Web users that Safari, Firefox, and Opera support would soon be dropped. The only question was when the switchover would occur. The latest version of Skype for Web includes a handful of improvements over previous versions. The web app includes revamped notifications, HD video calling, built-in call recording, and more. Read the full announcement post here. You can try Skype for Web here, but you’ll have to do so in Chrome or Edge, or another Chromium-base browser such as Brave or Vivaldi. It’s unclear if Safari support could come down the line at some point, but it’s clearly not a priority for Microsoft at this time. Source
  12. A team of Belgian researchers discovered privacy issues in how browsers, ad-blocking, and anti-tracking implementations handle third-party cookie requests. A team of Belgian researchers from KU Leuven analyzed third-party cookie policies of seven major web browsers, 31 ad-blockers and 14 anti-tracking extensions and discovered major and minor issues in all of them. Major issues include Microsoft Edge's unwillingness to honor its own "block only third-party cookies" setting, bypasses for Firefox's Tracking Protection feature, and use of the integrated PDF viewer in Chrome and other Chromium-based browsers for invisible tracking. Cookie requests can be sorted into two main groups: first-party requests that come from the address listed in the address bar of the browser and third-party requests that come from all other sites. Advertisement displayed by websites makes use of cookies usually and some of these cookies are used for tracking purposes. Internet users can configure their browsers to block any third-party cookie requests to limit cookie-based tracking. Some browsers, for instance Opera or Firefox, include ad-blockers or anti-tracking functionality that is used in addition to that. Anti-tracking mechanisms have flaws The research paper, "Who Left Open the Cookie Jar? A Comprehensive Evaluation of Third-Party Cookie Policies", detailed information about each web browser, tests to find out if a browser is vulnerable to exploits, and bug reports are linked on the research project's website. The researchers created a test framework that they used to verify whether "all imposed cookie- and request-policies are correctly applied". They discovered that "most mechanisms could be circumvented"; all ad-blocking and anti-tracking browser extensions had at least one bypass flaw. In this paper, we show that in the current state, built-in anti-tracking protection mechanisms as well as virtually every popular browser extension that relies on blocking third-party requests to either prevent user tracking or disable intrusive advertisements, can be bypassed by at least one technique The researchers evaluated tracking protection functionality and a new cookie feature called same-site cookies that was introduced recently to defend against cross-site attacks. Results for all tested browsers are shown in the table below. The researchers tested the default configuration of Chrome, Opera, Firefox, Safari, Edge, Cliqz, and Tor Browser, and configurations with third-party cookie blocking disabled, and if available, tracking protection functionality enabled. Tor Browser is the only browser on the list that blocks third-party cookies by default. All browsers did not block cookies for certain redirects regardless of whether third-party cookies were blocked or tracking protection was enabled. Chrome, Opera and other Chromium-based browsers that use the built-in PDF viewer have a major issue in regards to cookies. Furthermore, a design flaw in Chromium-based browsers enabled a bypass for both the built-in third party cookie blocking option and tracking protection provided by extensions. Through JavaScript embedded in PDFs, which are rendered by a browser extension, cookie-bearing POST requests can be sent to other domains, regardless of the imposed policies. Browser extensions for ad-blocking or anti-tracking had weaknesses as well according to the researchers. The list of extensions reads like the who is who of the privacy and content blocking world. It includes uMatrix and uBlock Origin, Adblock Plus, Ghostery, Privacy Badger, Disconnect, or AdBlock for Chrome. The researchers discovered ways to circumvent the protections and reported several bugs to the developers. Some, Raymond Hill who is the lead developer of uBlock Origin and uMatrix, fixed the issues quickly. At least one issue reported to browser makers has been fixed already. "Requests to fetch the favicon are not interceptable by Firefox extensions" has been fixed by Mozilla. Other reported issues are still in the process of being fixed, and a third kind won't be fixed at all. You can run individual tests designed for tested web browsers with the exception of Microsoft Edge on the project website to find out if your browser is having the same issues. Closing Words With more and more technologies being added to browsers, it is clear that the complexity has increased significantly. The research should be an eye opener for web browser makers and things will hopefully get better in the near future. One has to ask whether some browser makers test certain features at all; Microsoft Edge not honoring the built-in setting to block third-party cookies is especially embarrassing in this regard. (via Deskmodder) Now You: Do you use extensions or settings to protect your privacy better? Source
  13. geeteam

    [Infographic] Browser Wars

    According to New Relic’s data, which analyzed more than 16.8 million page loads from early October through early November last year, BlackBerry 10 devices loaded web pages in 1.55 seconds on average. The second-fastest web browser, Opera Mini 4.2, wasn’t even close, with page load times that averaged 4.78 seconds. In other words, the BlackBerry 10 browser is more than three times faster than its next-closest competitor. Apple’s Safari browser on the iPad came in at No. 3 with an average page load time of 4.91 seconds, and no other native web browser was even included in New Relic’s top-9 rankings. An infographic showcasing the company’s test results follows below. Source
  14. By Casey Johnston - Jan 28 2014, 7:00am AUSEST Updates turned some Chrome add-ons maliciousnot all browsers allow that. Customers complain about activity tracking in CRXMouse on Chrome, a particularly invasive add-on. In a recent revelation by OMG Chrome and the developer of the Chrome extension Add to Feedly, it came to light that Chrome extensions are capable of changing service or ownership under a users nose without much notification. In the case of Add to Feedly, a buyout meant thousands of users were suddenly subjected to injected adware and redirected links. Chromes regulations for existing extensions are set to change in June 2014. The changes should prevent extensions from being anything but simple and single-purpose in nature, with a single visible UI surface in Chrome and a single browser action or page action button, like the extensions made by Pinterest or OneTab. This has always been the policy, per a post to the Chromium blog back in December. But going forward, it will be enforced for all new extensions immediately and for all existing extensions retroactively beginning in June. Given how Chromes system of updates, design restrictions, and ownership seemed to have gotten ahead of itself, we decided to take a look at the policies of other browsers to see if their extensions could be subjected to a similar fate. While Chrome isnt the only browser where an Add To Feedly tale could be spun, it seems to be the most likely place for such an outcome. Firefox Mozillas Firefox differs from Chrome in that it has an involved review system for all extensions that go from developers to the front-end store. Reviewers will reject an extension if it violates any of the rules in Firefoxs extension development documents. One of these rules is no surprisesan add-on cant do anything it doesnt disclose to users, and existing add-ons cant change their functionality without notifying the user and getting their permission. Firefox puts add-ons with unexpected features, like advertising that supports the add-on financially, into a separate category. Users have to explicitly opt-in to these features, says Jonathan Nightingale, vice president of Firefox. This means that in these cases, users will see a screen offering them the additional features, says Nightingale. One example is FastestFox, which pops a tab at first install asking the user to enable ad injection from Superfish. It's how developers implement these opt-in screens that could provide for a possible loophole; the addition of advertising might be obscurable by language, and data tracking could be, too (it's permitted under Firefoxs rules, but it must be disclosed in a privacy policy). Still, the review policy and need for opt-in for these more pernicious features both help prevent users from having new functionality sprung on them. Safari Safari has extensive design documents for its extensions but no central clearinghouse for them like other browsers. Apple keeps a gallery of a chosen few extensions that must meet certain regulations, but these represent a small fraction of the extensions available. Data tracking of an extensions users is possible, per the design docs, as is ad manipulation. Unlike Chrome, but like Firefox, the download and installation of Safari extension updates must be manually approved by the user. There are no regulations for disclosing functionality changes or changes of ownership, however. Internet Explorer Microsofts browser absolves itself of responsibility for add-ons on a support page where it states, "While add-ons can make your browsing experience better by giving you access to great Web content, some add-ons can pose security, privacy, or performance risks. Make sure any add-ons you install are from a trusted source." Add on at your own risk. Like Apple, Microsoft maintains an exclusive gallery of vetted add-ons. The company encourages extension makers to get user consent for unexpected add-on functionality, but it doesnt require it or block extensions that dont do it. Markup-based extensions can only be installed from within the browser, and therefore these must have the users explicit consent according to Microsoft. Other than this infrastructure, nothing prevents IE add-ons from doing things like injecting ads or redirecting a browsing experience (remember, this was the former home of the invasive toolbar add-on). IE10 does have an add-on management window, but some add-ons, like the ad-injecting Buzzdcock, have to be removed as if they are full-fledged applications. Uninstalling a particularly invasive IE add-on. Opera The latest versions of Opera are able to use Chromium extensions, but unlike Chrome ones, they get a review process thats similar to Firefoxs. Most importantly in Opera, there are restrictions on the types of scripts an extension can run and how they handle ads. Andreas Bovens, head of developer relations at Opera Software, told Ars in an e-mail that Opera doesnt allow extensions that include ads or tracking in content scripts, so extensions that, for example, inject ads inside webpages the user visits are not allowed. Extensions can, however, have ads in their options pages or in the pop-up that is triggered by their button in the browsers interface. Every extension gets a review, and the review team takes special care to suss out the nature of any obfuscated JavaScript code. If some of the code is obfuscated, reviewers ask the developers for the unobfuscated code to look at as well as a link to the obfuscation tool. That way we can check that the input and output indeed match, Bovens says. When an extensions ownership is transferred or the extension is updated, its subject to the same rigorous review process as an extension thats being submitted for the first time, according to Bovens. An extension that goes from having no ads to injecting ads, as some Chrome extensions do, simply would not pass [Operas] review process, Bovens says. Retiring to the not-so-Wild West? While Chrome extensions may have a better ideology than those of some other browsers, the breadth and depth of functionality that Chrome extensions can have without any kind of review process means that Chrome users trust can get taken for granted. Its similar to the Google Play app store, in that way: pretty much anything can make it to the market, but enough user complaints can get it taken down, as in the case of Add to Feedly and Tweet This Page. Based on policy and practice, users who heavily rely on extensions or have been made wary of them by developers recent transgressions may be safer on browsers like Firefox and Opera, where regulations are a bit stricter and there are people to police them. But there can be downsides to a vetting process, too, mainly in terms of rate-limiting iteration and improvements, so its a matter of weighing options. Former home? This is the current home for an awful lot of crapware add-ons, like Conduit's search hijacker, or the Ask.com toolbar that still hasn't died a thousand deaths, even though it should. http://arstechnica.com/business/2014/01/seeking-higher-ground-after-chrome-extension-adwaremalware-problems
×
×
  • Create New...