Technically, this is NOT a "security flaw" but rather a choice of security over privacy. The issue is that when one switches to private browsing, the so-called "Super Cookie" remains and allows you to connect to a website still in a secure, locked down mode. However, if you erase the Super Cookie, no encryption to that website will be sent when you connect to it on return visits. This could be logging in to your BANK, and or a secure site for a purchase. . . and credit cards will be sent un-encrypted in clear text, because the Super Cookie that was set for an HTTPS Secure connection site has been deleted, and you are now connected only as a standard HTTP. You have effectively traded security for privacy . . . not a good trade. The only way this can effectively be fixed is to re-write the entire HTTP language.
As one knowledgeable commentor puts it:
"Apple products (in this case) are both safer and more secure, but (in some very unique circumstances) can still be tracked. They are trading security (against hackers) for a very minor amount of privacy (against a threat that hasn't been seen in the wild)."
The real method to avoid this issue is to NOT go to secure websites such as your Banking institution or Financial institution when you are using Private Browsing. Problem solved.
To: ~Kim4VRWC's~; 1234; Abundy; Action-America; acoulterfan; AFreeBird; Airwinger; Aliska; altair; ...
Business Insider is reporting claims of an Internet flaw that allows tracking of Private Browsing using a Super Cookie that Apple iOS Safari users cannot delete. . . which other browsers CAN delete. . . but deleting this Super Cookie is a two edged sword that can bite users that do delete it. PING!
Apple iOS Security Awareness Ping!
If you want on or off the Mac Ping List, Freepmail me.
2 posted on
01/08/2015 3:07:56 PM PST by
Swordmaker
(This tag line is a Microsoft insult free zone... but if the insults to Mac users contnue...)
To: Swordmaker
Interesting.
I am constantly at war with the cookies on my computer. Some of them really mess things up until I delete them. I am not an expert in these matters so I can’t tell you why. I just know that deleting them helps.
3 posted on
01/08/2015 3:16:58 PM PST by
The Ghost of FReepers Past
(Woe unto them that call evil good, and good evil; that put darkness for light..... Isaiah 5:20)
To: Swordmaker
Has anyone noticed that hackers have really ratcheted their activities since Obama started pushing “net neutrality” (which has absolutely nothing to do with neutrality but rather gaining more control of it).
To: Vendome
5 posted on
01/08/2015 3:23:27 PM PST by
Vendome
(Don't take life so seriously-you won't live through it anyway-Enjoy Yourself ala Louis Prima)
To: Swordmaker
7 posted on
01/08/2015 3:25:27 PM PST by
Candor7
(Obama fascism article:(http://www.americanthinker.com/2009/05/barack_obama_the_quintessentia_1.html))
To: Swordmaker
Along with my security programs, I use HTTPS Everywhere, and Malwarebytes Anti-Exploit free, Disconnect, and Adblock Plus.
Where does that put me, in regards to the issue you just described?
9 posted on
01/08/2015 3:34:37 PM PST by
ansel12
(Civilization, Crusade against the Mohammedan Death Cult.)
To: Swordmaker
I’m an apple eater, not an Apple user
10 posted on
01/08/2015 3:36:43 PM PST by
nuconvert
( Khomeini promised change too // Hail, Chairman O)
To: Swordmaker
This could be logging in to your BANK, and or a secure site for a purchase Not unless the bank allows unsecured connections in the first place. What bank does that?
The feature in question forces an encrypted HTTPS connection when you attempt an unencrypted HTTP connection, thus sparing you an error message. But the absence of that cookie will not get you an unencrypted connection if the server does not allow it.
13 posted on
01/08/2015 3:58:17 PM PST by
SeeSharp
To: Swordmaker
So much for activating the porn mode on your browser. ;-)
28 posted on
01/08/2015 6:58:05 PM PST by
goldstategop
(In Memory Of A Dearly Beloved Friend Who Lives In My Heart Forever)
To: Swordmaker
Thanks for that info - many of us do not always grasp the real implications of some of the “techno-babble” and you generally clear it up for us non-nerds.
32 posted on
01/09/2015 3:25:10 AM PST by
trebb
(Where in the the hell has my country gone?)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson