[Swordmaker]

Technically, this is NOT a "security flaw" but rather a choice of security over privacy. The issue is that when one switches to private browsing, the so-called "Super Cookie" remains and allows you to connect to a website still in a secure, locked down mode. However, if you erase the Super Cookie, no encryption to that website will be sent when you connect to it on return visits. This could be logging in to your BANK, and or a secure site for a purchase. . . and credit cards will be sent un-encrypted in clear text, because the Super Cookie that was set for an HTTPS Secure connection site has been deleted, and you are now connected only as a standard HTTP. You have effectively traded security for privacy . . . not a good trade. The only way this can effectively be fixed is to re-write the entire HTTP language.

As one knowledgeable commentor puts it:

"Apple products (in this case) are both safer and more secure, but (in some very unique circumstances) can still be tracked. They are trading security (against hackers) for a very minor amount of privacy (against a threat that hasn't been seen in the wild)."

The real method to avoid this issue is to NOT go to secure websites such as your Banking institution or Financial institution when you are using Private Browsing. Problem solved.

[Swordmaker]

Business Insider is reporting claims of an Internet flaw that allows tracking of Private Browsing using a Super Cookie that Apple iOS Safari users cannot delete. . . which other browsers CAN delete. . . but deleting this Super Cookie is a two edged sword that can bite users that do delete it. — PING!

Apple iOS Security Awareness Ping!

If you want on or off the Mac Ping List, Freepmail me.

[The Ghost of FReepers Past]

Interesting.

I am constantly at war with the cookies on my computer. Some of them really mess things up until I delete them. I am not an expert in these matters so I can’t tell you why. I just know that deleting them helps.

[jsanders2001]

Has anyone noticed that hackers have really ratcheted their activities since Obama started pushing “net neutrality” (which has absolutely nothing to do with neutrality but rather gaining more control of it).

[Vendome]

BTTT

[Candor7]

You want to get rid of super cookies...no problem....just use this , its free, just configure it properly:

http://www.alexandrugroza.ro/mptec/software/DisCleaner/_download/index.html

And you still will be able to sign in to your bank etc..no worries.

[ansel12]

Along with my security programs, I use HTTPS Everywhere, and Malwarebytes Anti-Exploit free, Disconnect, and Adblock Plus.

Where does that put me, in regards to the issue you just described?

[nuconvert]

I’m an apple eater, not an Apple user

[SeeSharp]

This could be logging in to your BANK, and or a secure site for a purchase

Not unless the bank allows unsecured connections in the first place. What bank does that?

The feature in question forces an encrypted HTTPS connection when you attempt an unencrypted HTTP connection, thus sparing you an error message. But the absence of that cookie will not get you an unencrypted connection if the server does not allow it.

[goldstategop]

So much for activating the porn mode on your browser. ;-)

[trebb]

Thanks for that info - many of us do not always grasp the real implications of some of the “techno-babble” and you generally clear it up for us non-nerds.