Bug in Safari browser allows all websites visited by a user to access their personal data and information / Digital Information World

A bug in the Safari browser has allowed some websites to siphon users’ personal data whether or not private browsing is used, reports FingerPrintjs.

At a time when the general population is increasingly paranoid about how their data is being used by companies online, and everyone is looking to get VPNs and restrict online access to personal information , Apple decided to really do something different: the exact opposite of what everyone else needs to be doing. The Safari browser has made it easy for websites to access an individual user’s data, whether or not they share third-party cookies. This means that even incognito mode, which automatically blocks cookies, is rendered completely useless. Overall, users should perhaps start considering using other browsers until Apple fixes Safari. How did it all happen? Well, it all starts with a little thing called IndexedDB.

The Indexed Database API, commonly known as IndexedDB, is a database used by many different browsers, providing more storage capacity and caching offline data from all sorts of different websites. Typically, however, browsers create entirely separate instances of IndexedDB for different websites, which are only accessible by the sites they were created for in the first place. Safari, however, accidentally goes one step further: instead of stopping at creating individual indexed databases for different sites, the browser creates other empty ones with the same name and shares them across all sites. Web that a user browses. When an IndexedDB is created, even a completely empty one will contain some information that may prove detrimental to a user. The slightest offense, which is still rather disturbing, is that empty databases still bear the names of the websites they were created for. Therefore, your browser history is an open book that other websites can peruse.

The issues run a little deeper than browser history, as some indexed databases such as those designed for the Google app (YouTube, Gmail) contain more than the name of the website: they include user IDs individual such as user names or passwords. Since users often tend to share it across multiple platforms, this information can prove to be severely debilitating if it falls into the wrong hands.

Apple has always taken a very hands-on approach to user privacy and security, with iOS 14’s tracking/transparency features being a shining example of such behavior. I suspect this Safari bug is nothing more than an oversight; an issue that the company will hopefully fix as soon as possible.

Read next: 95% of cybersecurity breaches are caused by human error, according to the World Economic Forum