6.3.5 Audit Hide IP Address in Safari Setting

Information

Public (Routable) IP addresses can be used to track people to their current location, including home and business addresses. While a valid IP address is necessary to load the site, the valid address does not need to be provided to known trackers and should be hidden.

Trackers can correlate your visits through various applications, including websites, and are a threat to your privacy.

Solution

Graphical Method:

Perform the following steps to set Safari whether or not to hide IP addresses from trackers:

- Open Safari
- Select Safari from the menu bar
- Select Settings
- Select Privacy
- Set Hide IP address from trackers to your organization's requirements

Terminal Method:

Run the following command to enable or disable hiding IP addresses from trackers in Safari:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int <130272/130276>

33422560 will set hide IP address from trackers to disabled. 33422564 will enable from Trackers Only, and 33422572 will enabled from Trackers and Websites.

example

:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 33422560

$ /usr/bin/sudo -u seconduser /usr/bin/defaults write /Users/seconduser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 33422564

$ /usr/bin/sudo -u thirduser /usr/bin/defaults write /Users/thirduser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WBSPrivacyProxyAvailabilityTraffic -int 33422572

Note: To run the Terminal commands, Terminal must be granted Full Disk Access in the Security &amp; Privacy pane in System Preferences.

Impact:

Website address blocking through iCloud Private Relay may prevent some wanted pages to load that use IP geolocation access controls.

Some organizations use IP address access controls (ACLs), if your organization or partners are using IP address ACLs there will be unreachable web services if Apple hides the IP address.

See Also

https://workbench.cisecurity.org/benchmarks/15550

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-7(3), 800-53|SC-7(4), 800-53|SC-18, CSCv7|7.1, CSCv7|7.4

Plugin: Unix

Control ID: f9a449426427211ffd0f95a4db1076d26e76e3f704fe9322ddbf16f18ca822c6