An impromptu test of Apple's privacy claims thanks to Brave

I've written previously about being one of those oddballs who uses Linux as his daily workhorse tech platform. That said, I was also previously a daily Apple user for more than 20 years and still have several loved ones with Apple devices who sometimes need my help troubleshooting them. So I do stay reasonably familiar with that platform as well through friends and family.

I mention all this to offer context to a curious experience I had trying to log into iCloud via the web this morning. Specifically, this was the first time I had occasion to do so since switching to the Brave web browser, which prides itself on protecting user privacy by blocking tech companies' invasive tracking scripts.

Of course, this shouldn't be a problem for an Apple site, since the company touts itself these days on being more respectful of user privacy than the likes of fellow behemoths Facebook and Google, right?

Wrong.

My request to load the icloud.com homepage ultimately timed out, and I got the following error message before the first login field could even display:

Keep in mind, this isn't just a matter of Brave being a relatively obscure browser that icloud.com couldn't reasonably be expected to support. From a technical standpoint, Brave is based upon and essentially identical to Chrome – the most popular web browser in the world by far. Just about the only distinguishing technical characteristic of Brave that could possibly be relevant here is that it blocks trackers. (It also carries a built-in cryptocurrency wallet, but there's no reason why that would matter, as iCloud has no crypto integration.)

To further test my little theory, I also tried to load icloud.com on plain vanilla Chrome, with no tracking protection. Sure enough, the homepage and login field loaded properly:

Out of curiosity at this point, I tried Firefox as well. That one also loaded the homepage just fine:

So what's the offending tracker on iCloud that's tripping up Brave?

I'm not quite sure at this point, even after viewing the page's html. Offhand, I don't discern any of the usual suspects among icloud.com's scripts that might usually cause this problem for a website loading in Brave, like Doubleclick ad trackers, various forms of Facebook chicanery, etc. The culprit here seems, perhaps characteristically, to be some custom script by Apple.

If anyone who's a more experienced JavaScript hand than myself wants to take a look, I'd definitely be curious to hear what you find. Just hit me up on Twitter or drop me an email at peter[at]indizr.com.

UPDATE: Since this original post, Jonathan Sampson (@BraveSampson), a developer on the Brave team, has helpfully responded on Twitter providing further explanation of this issue. His first couple tweets, containing the main technical nitty-gritty, are copied below:

You can check out the full string, which contains some additional discussion, at this link. Just click through and scroll to the top to see the full thing. Thanks, Jonathan!

Show Comments