7.2.6 Audit Hide IP Address in Safari Setting

Information

Public (Routable) IP addresses can be used to track people to their current location, including home and business addresses. While a valid IP addess is necessary to load the site the valid address does not need to be provided to known trackers and should be hidden.

Rationale:

Trackers can correlate your visits through various applications including websites and is a threat to your privacy.

Impact:

Website address blocking through iCloud Private Relay made prevent some wanted pages to load that use IP geolocation access controls.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

Graphical Method:
Perform the following steps to set Safari whether or not to hide IP addresses from trackers:

Open Safari

Select Safari from the menu bar

Select Preferences

Select Privacy

Set Hide IP address from trackers to your organization's requirements

Terminal Method:
Run the following command to enable or disable hiding IP addresses from trackers in Safari:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int <3296/3300>

3296 will set hide IP address from trackers to disabled. 3300 will enable it.
example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 3300

$ /usr/bin/sudo -u seconduser /usr/bin/defaults write /Users/seconduser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 3296

Note: To run the Terminal commands, Terminal must be granted Full Disk Access in the Security & Privacy pane in System Preferences.

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-7(3), 800-53|SC-7(4), 800-53|SC-18, CSCv7|7.1, CSCv7|7.4

Plugin: Unix

Control ID: 716dc507cadb0a8f723812f3addc923cbbb9bb50702b64a0c601d7e23b22848a