iOS 12.2 and Safari 12.1 for macOS Include Updated Intelligent Tracking Prevention Feature

safari iconSafari in the iOS 12.2 beta and Safari 12.1 for macOS High Sierra and Mojave includes an updated version of Intelligent Tracking Prevention, according to details shared on Apple's WebKit blog.

ITP 2.1, as Apple is calling it, caps client-side cookie storage to seven days. After this time period, cookies expire. As outlined by Apple, this offers improvements in privacy, security, and performance. From Apple's WebKit blog:

- Cross-site trackers have started using first-party sites' own cookie jars for the purpose of persistent tracking. The first-party storage space is especially troublesome for privacy since all tracker scripts in the first-party context can read and write each other's data. Say social.example writes a user tracking ID as a news.example first-party cookie. Now analytics.example, adnetwork.example, and video.example can leverage or cross pollinate that user tracking ID through their scripts on news.example.

- Cookies available in document.cookie can be stolen by speculative execution attacks on memory. Therefore, they should not carry sensitive information such as credentials.

- Cookies available in document.cookie can be stolen by cross-site scripting attacks. Again, therefore, they should not carry sensitive information such as credentials.

- The proliferation of cookies slows down page and resource loads since cookies are added to every applicable HTTP request. Additionally, many cookies have high entropy values which means they cannot be compressed efficiently. We come across sites with kilobytes of cookies sent in every resource request.

- There is a size limit on outgoing cookie headers for performance reasons, and websites risk hitting this limit when cross-site trackers add first-party cookies. We've investigated reports of news site subscribers getting spuriously logged out, and found that trackers were adding so many cookies that the news site's legitimate login cookie got pushed out.

The cookie storage limits will not log users out as long as websites are using the appropriate authentication cookies because it only affects cookies created through document.cookie.

ITP 2.1 also allows for just a single set of cookies per site rather than multiples, and third party tools with cross-site tracking capabilities need to use the Storage Access API to get cookie access.

Apple says this change simplifies cookie behavior for developers, lowers the memory footprint of Safari, and makes Intelligent Tracking Prevention compatible with more platforms.

A verified partitioned cache for cutting down on cache abuse for tracking purposes is also included, and as we covered earlier this month, support for Do Not Track has been disabled.

Apple says that it is removing Do Not Track because most websites never paid any attention to it since it was opt-in and could be ignored.

The DNT project recently ended without the publication of a standard, in part "because there has not been sufficient deployment of these extensions (as defined) to justify further advancement." Given the lack of deployment of DNT and Safari's on by default privacy protections such as ITP, Safari removed support for DNT so that users are not presented with a misleading and ineffective privacy control that, if anything, only offered additional browser fingerprinting entropy.

Additional details on the Intelligent Tracking Prevention updates being introduced are available via Apple's full WebKit blog post.

Tag: Safari

Top Rated Comments

AngerDanger Avatar
66 months ago
Eh, I never liked that tracking prevention stuff. Just be smart, and advertisers won't learn a thing about you.



Attachment Image
Score: 39 Votes (Like | Disagree)
IRockThat828pScreen Avatar
66 months ago
Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
[LIST=1]
* Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
* Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.

wooosh
Score: 16 Votes (Like | Disagree)
techguy9 Avatar
66 months ago
Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
[LIST=1]
* Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
* Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.

It’s a joke comment.
Score: 10 Votes (Like | Disagree)
keysofanxiety Avatar
66 months ago
Eh, I never liked that tracking prevention stuff. Just be smart, and advertisers won't be able to learn a thing about you.

This made my evening. Thank you.

Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
[LIST=1]
* Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
* Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.

I know of two things that can break the speed of sound: the Concorde, and that joke flying over your head.
Score: 9 Votes (Like | Disagree)
swanseaboy Avatar
66 months ago
If only we could have a functional cookie manager...
Score: 7 Votes (Like | Disagree)
smithrh Avatar
66 months ago
I completely wipe cookies every time I think of it - say, every 1-3 days.

It's never been a negative.

Cookies aren't for users, they're for advertisers and people who want to track you.

Passwords aren't an issue with password fill.
Score: 5 Votes (Like | Disagree)

Popular Stories

Apple car wheel icon feature yellow

Apple Cancels Electric Car Project

Tuesday February 27, 2024 11:05 am PST by
Apple has canceled all plans to release an autonomous, electric vehicle, reports Bloomberg. Apple has been working on an Apple Car for more than a decade and invested millions of dollars into development before deciding it was not a viable project. Apple's Chief Operating Officer Jeff Williams today told approximately 2,000 employees working on the Apple Car that the project was canceled,...
iOS 18 Mock iPhone 16 Feature Gray

iOS 18 Rumored to Be Compatible With These iPhone Models

Tuesday February 27, 2024 6:31 am PST by
iOS 18 will be compatible with the iPhone XR, and thereby also the iPhone XS and iPhone XS Max models with the same A12 Bionic chip, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS updates. The post was spotted by MacRumors contributor Aaron Perris, and it has since been deleted. However, this was likely because the...
iOS 17

iOS 17.4 Coming Soon With These New Features for Your iPhone

Monday February 26, 2024 6:08 am PST by
In a press release last month, Apple confirmed that iOS 17.4 will be released in March, and the update includes several new features and changes for the iPhone. Key new features in iOS 17.4 include major App Store changes in the EU, Apple Podcasts transcripts, and an iMessage security upgrade. The update also adds new emoji and includes preparations for the launch of next-generation CarPlay...
iPad Air 5

iPadOS 18 Rumored to Drop Support for These iPad Models

Tuesday February 27, 2024 6:55 am PST by
iPadOS 18 will drop support for iPad models equipped with the A10X Fusion chip, according to a post on X today from a private account with a proven track record of sharing build numbers for upcoming iOS and iPadOS updates. This means that iPadOS 18 would not be compatible with the first-generation 10.5-inch iPad Pro or the second-generation 12.9-inch iPad Pro models released in 2017. It...
applearcade

Game Developers Describe 'Smell of Death' Around Apple Arcade

Monday February 26, 2024 7:24 am PST by
Some game developers are dissatisfied with Apple Arcade amid concerns about the subscription service's future, a new report claims. Sources speaking to mobilegamer.biz described a "smell of death" around Apple's games subscription service and noted the difference between the company's investment in TV and music, and its interest in games. "At the very top of the company there needs to be a ...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

Six Reasons to Wait for Next Year's iPhone 17

Thursday February 22, 2024 4:20 am PST by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models concurrently, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different, and already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...