Intelligent Tracking Prevention (ITP) is a privacy mechanism implemented by Apple's Safari browser, released in October 2017. ITP aims to reduce the cross-site tracking of web users by limiting the capabilities of cookies and other website data. As part of a routine security review, the Information Security Engineering team at Google has identified multiple security and privacy issues in Safari's ITP design. These issues have a number of unexpected consequences, including the disclosure of the user's web browsing habits, allowing persistent cross-site tracking, and enabling cross-site information leaks (including cross-site search). This report is a modestly expanded version of our original vulnerability submission to Apple (WebKit bug #201319), providing additional context and edited for clarity. A number of the issues discussed here have been addressed in Safari 13.0.4 and iOS 13.3, released in December 2019.

中文翻译：

---

通过 Safari 的智能跟踪预防来防止信息泄露

智能跟踪预防 (ITP) 是由 Apple 的 Safari 浏览器实现的隐私机制，于 2017 年 10 月发布。ITP 旨在通过限制 cookie 和其他网站数据的功能来减少网络用户的跨站点跟踪。作为例行安全审查的一部分，谷歌的信息安全工程团队发现了 Safari 的 ITP 设计中的多个安全和隐私问题。这些问题会产生许多意想不到的后果，包括泄露用户的网络浏览习惯、允许持续的跨站点跟踪以及导致跨站点信息泄露（包括跨站点搜索）。本报告是我们向 Apple 提交的原始漏洞（WebKit 错误 #201319）的适度扩展版本，提供了额外的上下文并进行了编辑以确保清晰。