[om2]

We've addressed the issues disclosed to us, and if you try any of the 5 POCs in the paper you will find they no longer work in the latest Safari. Details of the fixes here: https://webkit.org/blog/9661/preventing-tracking-prevention-...

There may be room for more improvement here but be aware what the POCs illustrate is not an active vulnerability any more.

In addition, we don't believe this channel was ever exploited in the wild.

(If anyone is aware of other issues in this area, I encourage you to practice responsible disclosure and report to Apple or to the WebKit project.)

[taf2]

If only we had the same level of transparency in native apps. At least in Chrome, Firefox, Safari - you have dedicated large groups of engineers thinking about privacy, security and stability. Compared to native iOS/android where you get isolated groups of developers able to exploit and track with little to no visibility from end users - let alone access to source code for review by third party software engineers like we have on the web.... it's madding that apple doesn't invest more in its browser and yet pretends to care so much about privacy - of the major three browsers - apple definitely _seems_ to underinvest when it comes to web technology...

[Terretta]

> It’s madding that apple doesn't invest more in its browser and yet pretends to care so much about privacy - of the major three browsers - apple definitely _seems_ to underinvest when it comes to web technology...

Well, WebKit came from Apple’s work on KHTML. So Safari, Chrome, Edge ...

”KHTML and KJS were adopted by Apple in 2002 for use in the Safari web browser. Apple publishes the source code for their fork of the KHTML engine, called WebKit. In 2013, Google began development on a fork of WebKit, called Blink.”

— https://en.wikipedia.org/wiki/KHTML

That’s not that long ago in browser families, and 2002 - 2013 is 11 years of investment in web tech that now everyone else built on. And they didn’t stop investing.

Some of those investments:

- It’s mostly been the least battery hungry modern browser (by a long shot) on the most wished for dev laptop, and in many cases, the highest performance.

- The bookmark and tab sync across devices is seamlessly slick. I regularly end up maxed on tabs (it’s in the 100s of tabs open at once) and can access any / all of them across all devices sharing iCloud account. Also appreciate that across all kinds of devices, you can save all open tabs to a folder of tabs, then close all tabs, and immediate get at those 300 tabs in the bookmarks from another machine. All those bookmarks are searchable too. None of this slows it down.

- Built in reader mode works beautifully. Reading List is there too.

- Saving a web page to file can save clean reader views into full length PDFs. They’re amazing!

- Interacts with keychain, essentially has LastPass “built in” if you let it store passwords on your keychain.

- While I miss UBlock Origin, ad blockers like 1BlockerX work great across iPad, iPhone, and MacOS. (See also AdGuard for Safari.)

- ITP performs better than one would expect for something you don’t think about at all, while not breaking most banks, which I appreciate.

- Safari never kills my iPad, iPhone, or Mac. Once in a blue moon a terrible site makes me ‘eject’ Safari from running apps on iOS. Launch it again, and all your tabs etc. are fine.

There’s a lot to like, except it’s not super tweakable, or basically “it’s not Chrome”. Even there, most devs or tech geeks who grump at Safari and reach for Chrome, have no idea of the lineage.

Doesn’t seem fair to call it under-invested in.

[pampedant]

Hey hey, "Google Chrome" (+ MS Edge) is not everyone else. Firefox exists and is based on Gecko, which is based on Netscape, they've had a separate and unbroken lineage for 23 years now.

Apple's OSS work tends feel well-made (I use CUPS on Devuan, they own that), but they are not and will never be "The One True Web Tech Makers".

Still, they're the biggest ones on the market as of today, if you count their offspring, Blink.