Apple redirects Google’s Safe Browsing traffic to its own servers in iOS 14.5

[JoseGuya]

 

 

Summary

Apple redirects Google Safe Browsing traffic through its own proxy servers to prevent disclosing users’ IP addresses to Google in iOS 14.5 

 

Apple’s privacy push is much more widespread than it seems at the surface. A perfect example is the new privacy feature in iOS 14.5 Beta 1 (V2) which redirects Google Safe Browsing traffic through Apple’s own proxy servers to enhance users’ privacy and to not let Google see your IP address.

 

Quotes

Quote

 Google Safe Browsing is a security service created by Google that checks whether a website is malicious. When you access a website on the desktop version of Chrome on your Mac or PC, for instance, Google Safe Browsing checks if a website is safe to browse and displays a warning accordingly. The user ultimately has the choice, however.
 

What Apple is doing here is instead of constantly checking Google’s database online, it downloads the database locally. Then, Apple checks links on its own servers cutting Google out of the equation. As a result, your browsing activity is not accessible to Google while it is still accessible to Apple. 

However, there’s a chance Apple might be updating the local database remotely in which case neither Google nor Apple can view your browsing activity.

 

My thoughts

Well, if this increases user’s privacy I’m all for it. Apple already has my ip, among other private information, and preventing third parties for getting that info is good, I recon. How would Google take this “intervention” will definitely be interesting

 

Sources

https://the8-bit.com/apple-proxies-google-safe-browsing-privacy/

 

[Jet_ski]

This is all happening because Facebook and Google took it too far when they paid iOS and Android users for their entire internet traffic. In iOS they used Apple’s developer licenses to bypass iOS’s restriction of total data collection. That’s how Facebook knew to acquire Instagram and then WhatsApp. They saw most of their users were signing up for those platforms and in order to kill and own the competition, they bought those platforms. From a big tech’s stand point like Apple, you are not going to let them get away with that kinda stuff. And masking user IPs might be another way to stop giving Google and Facebook that kind of data.

[RejZoR]

And people were making fun of me when I said SafeBrowsing is a privacy liability (as it comes in almost all browsers, unproxied) and everyone was screeching at me that it's private and I don't understand how it even works. I guess Apple doesn't understand it either then...

[Ashley MLP Fangirl]

 Apple

[Drama Lama]

nice privacy for apple eaters

[Vishera]

The problem with Apple and privacy is that Apple thinks that they are the only one who is entitled to collect user data.

At least it's an improvement,instead of everyone collecting data from you only Apple will (with an exception to web pages).

[wamred]

7 hours ago, JoseGuya said:

How would Google take this “intervention” will definitely be interesting

Yes, yes it will. 

[StDragon]

54 minutes ago, gabrielcarvfer said:

Oh man, that's just brilliant! It's a meme of two wolves (dogs) and sheep deciding what's for dinner.

[spartaman64]

14 hours ago, RejZoR said:

And people were making fun of me when I said SafeBrowsing is a privacy liability (as it comes in almost all browsers, unproxied) and everyone was screeching at me that it's private and I don't understand how it even works. I guess Apple doesn't understand it either then...

i mean there is no such thing as privacy when you are using the internet. your isp has logs of every website you access

[poochyena]

14 hours ago, RejZoR said:

And people were making fun of me when I said SafeBrowsing is a privacy liability

this doesn't change that though. In what way is it a liability?

[Arika]

Wait... People think safe browsing was the only way Google can track you and obtain your IP? 

 

This change ultimately means nothing 

[JLO64]

10 hours ago, Vishera said:

The problem with Apple and privacy is that Apple thinks that they are the only one who is entitled to collect user data.

Here’s the thing, I’m ok with that since they have almost no incentive to do anything with that data.  Unlike most other Big Tech companies (Google, Facebook, Microsoft, Amazon, etc..) Apple doesn’t sell or really use their users’ data (at least we don’t think so right now)

 

Why is Apple doing this then? Personally, I think it’s something that they can add as a marketing point for their devices. As they face stiffer competition on mobile, they’re trying to make their phones stand out in the one area they have the most control over, software.  That and the fact that for some reason (not that I’m complaining) a bunch of people are objecting to the way that user data is collected has incentivized Apple to burn some bridges right now with other big tech companies for the sake of being able to point out in their million dollar ads “Only on our phones do you get the option to not be tracked by (other) Big Tech companies.”

[RejZoR]

25 minutes ago, spartaman64 said:

i mean there is no such thing as privacy when you are using the internet. your isp has logs of every website you access

When i don't use anything Google, I don't want them to just casually get my IP nicely refreshed non stop. ISP logging my stuff is somewhat acceptable because I'm actually using them. I don't use Google so it can kindly f**k off.

[Spindel]

10 hours ago, spartaman64 said:

i mean there is no such thing as privacy when you are using the internet. your isp has logs of every website you access

My ISP only saves those logs the minimum time the law here requires. I think it’s 24 h unless law enforcement contacts them and asks for specifics for a certain IP. 
 

It is one of my ISPs USPs

[LAwLz]

On 2/11/2021 at 8:41 AM, RejZoR said:

And people were making fun of me when I said SafeBrowsing is a privacy liability (as it comes in almost all browsers, unproxied) and everyone was screeching at me that it's private and I don't understand how it even works. I guess Apple doesn't understand it either then...

I which thread did that happen?

I looked through your posts and I only found four mentions from you about SafeBrowsing.

Here, when nobody even replied to you.

Here, when, again, nobody replied to you.

Here, where once again nobody replied to you about that.

And here where you briefly mentioned it but nobody replied.

 

Maybe it happened on another forum? Or maybe you got some detail wrong that people were pointing out but you interpreted that as people saying "no it's safe bla bla bla"?

[Sauron]

Ok, so Google logging your IP is bad but somehow Apple logging your IP is fine and good?

 

Surely you can see that this does nothing for your privacy...?

12 hours ago, JLO64 said:

I’m ok with that since they have almost no incentive to do anything with that data.

That's not true at all, why do you think they collect it? Just because they don't directly sell it to third parties doesn't mean they don't use it. Do you think what you get recommended on the app store isn't literally targeted advertising? Also the collection itself is the problem, you can't know if or when it will get leaked to someone who does have a reason to use it maliciously. Here is a case where what was theoretically meant as a security feature was just leaking your data out to whomever wanted it:

Don't ever be fooled into thinking Apple cares in the slightest about your privacy. They just want as much control of their platform as possible, period. It just so happens that sometimes that is tangentially beneficial to privacy but that is always secondary. In this case it just isn't though.

[Master Disaster]

43 minutes ago, Sauron said:

Ok, so Google logging your IP is bad but somehow Apple logging your IP is fine and good?

 

Surely you can see that this does nothing for your privacy...?

That's not true at all, why do you think they collect it? Just because they don't directly sell it to third parties doesn't mean they don't use it. Do you think what you get recommended on the app store isn't literally targeted advertising? Also the collection itself is the problem, you can't know if or when it will get leaked to someone who does have a reason to use it maliciously. Here is a case where what was theoretically meant as a security feature was just leaking your data out to whomever wanted it:

 

Don't ever be fooled into thinking Apple cares in the slightest about your privacy. They just want as much control of their platform as possible, period. It just so happens that sometimes that is tangentially beneficial to privacy but that is always secondary. In this case it just isn't though.

Anyone who thinks any large corporation has their best interests at heart when making any large business decision is living in cloud cuckoo land.

 

There's a reason this current era is called the information age, in most cases information is worth more to a company than their actual product.

[lewdicrous]

4 minutes ago, Master Disaster said:

There's a reason this current era is called the information age, in most cases information is worth more to a company than their actual product.

Basically, "if the app is free, you're the product".

[Arika]

1 minute ago, lewdicrous said:

Basically, "if the app is free, you're the product".

 

even if it's not free, you're supplementary income. directly or indirectly

[lewdicrous]

2 minutes ago, Arika S said:

even if it's not free, you're supplementary income. directly or indirectly

The illusion of privacy. it's made worse when the same companies that collect your data brag about "caring about its customer's privacy" or some shit like that.

[Sauron]

13 minutes ago, lewdicrous said:

Basically, "if the app is free, you're the product".

In Apple's case it's hardly free but hey

[RejZoR]

2 hours ago, LAwLz said:

I which thread did that happen?

I looked through your posts and I only found four mentions from you about SafeBrowsing.

Here, when nobody even replied to you.

Here, when, again, nobody replied to you.

Here, where once again nobody replied to you about that.

And here where you briefly mentioned it but nobody replied.

 

Maybe it happened on another forum? Or maybe you got some detail wrong that people were pointing out but you interpreted that as people saying "no it's safe bla bla bla"?

You know, there is world beyond LTT...

[StDragon]

5 hours ago, Spindel said:

My ISP only saves those logs the minimum time the law here requires. I think it’s 24 h unless law enforcement contacts them and asks for specifics for a certain IP. 

 

2 hours ago, Master Disaster said:

Anyone who thinks any large corporation has their best interests at heart when making any large business decision is living in cloud cuckoo land.

 

There's a reason this current era is called the information age, in most cases information is worth more to a company than their actual product.

 

If it's a legal requirement to keep a record for retention, sure. But I can't fathom why any large ISP would keep billions of records daily of their own subscribers nationally. The backend infrastructure to collect, store, and data-mine would be immense! Can it be done? Sure. But at what cost? And, is the monetization revenue worth the expense?  It's a rhetorical question, because any reasonable business will have ran the numbers. As @Master Disaster alluded to, corporations are cold and calculating. It's not about good/evil from a morality aspect, It's purely about the bottom-line. And if the numbers don't work out for them in terms of data collection, they wont do it. Simple as that.

 

That said however, about 15+ years ago I worked for a large ISP (I won't name-drop, but you've heard of them). They were served a subpoena by a large entertainment mega corp to provide a list of their own subscribers that were behind a specific group of public IPs at specific times of the day. To do that, the ISP cross-references that public IP's lease time to the MAC address (or serial) of the modem to the subscriber. That's easy and doesn't take a whole lot of data in terms of logging retention. The ISP does this more from a billing and asset inventory collection (leased modems) than anything. It doesn't serve to profit ratting out their own customer base (that I know of at least).

 

As for the "entertainment mega corp", rumor had it they were running a honeypot server collecting logs of incoming P2P connections. As far as I'm aware, you didn't hear much of it in the media as the vast majority paid the settlement which ostensibly is cheaper than hiring a lawyer and challenging in court. So word to the wise is be more thoughtful of what online activities you wish to engage in. 

 

 

[porina]

On first read of the OP and the limited quoting within, it sounded like Apple were somehow interfering with Chrome. After checking out the linked article, it appears that Apple are using Google's service for Safari, and it is in that capacity where they are intervening. The article doesn't make it clear if you were to use Chrome if that would be affected also. I can see two possibilities. If Chrome directly connects to Google's servers, then Apple can only break it but not redirect it. This is correct by design to prevent MITM attacks. If however Apple requires Google to use an OS built in service for that function, Apple can do what they like.

[LAwLz]

20 minutes ago, porina said:

On first read of the OP and the limited quoting within, it sounded like Apple were somehow interfering with Chrome. After checking out the linked article, it appears that Apple are using Google's service for Safari, and it is in that capacity where they are intervening. The article doesn't make it clear if you were to use Chrome if that would be affected also. I can see two possibilities. If Chrome directly connects to Google's servers, then Apple can only break it but not redirect it. This is correct by design to prevent MITM attacks. If however Apple requires Google to use an OS built in service for that function, Apple can do what they like.

I hope it's the former and not the latter.

Forcing Google to not use their own service sounds quite a bit abusive to me. If they implement this for Safari (and Safari only) then I see it as a very good thing.