Wednesday, November 22, 2023

Safari Share Menu Now Violates Privacy

Jeff Johnson:

Looking at the packet trace, the share menu attempts to fetch the icon files favicon.ico, apple-touch-icon.png, and apple-touch-icon-precomposed.png from the site.


And of course your IP address is leaked.

My belief is that a website should not be notified and given your IP address and other information such as hardware device type and web browser version when you share the URL of the website.


The only purpose of the HTTP requests in Safari’s share menu appears to be to display the link’s icon and title in the share menu. Crucially, that information is not passed along to the other apps!

In most cases, I think people would be sharing the page that Safari is currently showing, so the data would have already been loaded. But it’s not expected that essentially copying a link within that page would send additional network requests.


1 Comment RSS · Twitter · Mastodon

It is possible to go back to the old menu-base share sheet, at least for now.

Leave a Comment