Information
Public (Routable) IP addresses can be used to track people to their current location, including home and business addresses. While a valid IP addess is necessary to load the site the valid address does not need to be provided to known trackers and should be hidden.
Rationale:
Trackers can correlate your visits through various applications including websites and is a threat to your privacy.
Impact:
Website address blocking through iCloud Private Relay made prevent some wanted pages to load that use IP geolocation access controls.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
Graphical Method:
Perform the following steps to set Safari whether or not to hide IP addresses from trackers:
Open Safari
Select Safari from the menu bar
Select Preferences
Select Privacy
Set Hide IP address from trackers to your organization's requirements
Terminal Method:
Run the following command to enable or disable hiding IP addresses from trackers in Safari:
$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int <3296/3300>
3296 will set hide IP address from trackers to disabled. 3300 will enable it.
example:
$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 3300
$ /usr/bin/sudo -u seconduser /usr/bin/defaults write /Users/seconduser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 3296
Note: To run the Terminal commands, Terminal must be granted Full Disk Access in the Security & Privacy pane in System Preferences.