Every time you visit a website or search for something in your Safari browser, it keeps a record of your actions. Apple’s Safari browser saves a copy of your browsing history with website cookies. Tap or click here to lock down Chrome, Firefox, Edge and Safari for maximum security.
It is easy to go back to a specific website that you didn’t bookmark or forgot its URL through the browsing history. Complete browsing history is usually kept until you manually delete it.
For the most part, your browsing history is only available to you, so you are free to search without prying eyes. But read on to see how your data can be exposed to other websites, risking your privacy.
Here’s the backstory
Your browsing history is supposed to remain private to you. But a newly discovered flaw shows that Apple’s Safari browser can leak your data to websites you visit.
Website cookies store essential data about you. This includes the device you are using, where you are from, your connection, and sometimes your shopping habits. Sites use these cookies to serve you product recommendations or targeted advertising.
The Safari browser holds on to these cookies and delivers the relevant data to websites that request them. But one thing that it seemingly gives out willingly is your browsing history, with the bug found by browser fingerprinting and fraud detection service FingerprintJS.
Without going into too many technical details, the IndexedDB is designed to hold user data and follow the Same-origin policy. Essentially, it restricts how “documents or scripts loaded from one origin can interact with resources from other origins.”
But FingerprintJS claims Safari 15’s IndexedDB violates this security measure. “The fact that database names leak across different origins is an obvious privacy violation. It lets arbitrary websites learn what websites the user visits in different tabs or windows,” the company said in a blog post.
What you can do about it
The private browsing session in Safari shouldn’t track your search and web history, right? Well, FingerprintJS found that not to be the case. Typically, a private browsing session on Safari is restricted to a single tab. But if you visit multiple websites within that tab, your history can be exposed.
The worst part of this data leak is there isn’t much Safari users can do about it. The flaw can be found in all versions of Safari, including your Mac, iPhone and iPad browsers.
Apple must develop a patch for the issue before it can be corrected. If you are concerned about your data leaking, you could switch to a different browser. Here are some privacy-focused options:
- Brave: The Brave browser has been built with maximum privacy in mind, as the app doesn’t see or store any of your browsing sessions. By default, the browser will block harmful files and malware from your device, as well as advertising and trackers.
- Mozilla Firefox: One of the most popular alternatives, Firefox has a robust policy centered around privacy. You don’t need an email address to sign up, and the browser collects very little information from you.
- Microsoft Edge: Say what you want about its predecessor, but Edge has been given the full workup to be more secure and privacy-focused. While it feels like Google Chrome, it offers to block unwanted trackers, cookies, or targeted advertising.