Apple WebKit Team Publishes Website Tracking Prevention Policy

Apple's WebKit team has published a "WebKit Tracking Prevention Policy" that details a range of anti-tracking measures it has developed and the types of tracking practices it believes are harmful to users.


Inspired by Mozilla's anti-tracking policy, the document posted to the WebKit blog provides an insight into the anti-tracking features built into Apple's Safari browser that the team hopes to see in all browsers one day.
This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them.
Apple introduced Intelligent Tracking Prevention in iOS 11 and in Safari 11 in macOS High Sierra 10.13 and has been working to develop ITP ever since. For example, in February Apple released iOS 12.2 and Safari 12.1 for macOS, both of which included ITP 2.1 featuring enhancements that block cross-site tracking.

The new WebKit policy highlights Apple's continuing efforts to target all forms of cross-site tracking behavior, even if it's in plain view.
WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.

If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior.
In addition to cross-site tracking, the document outlines several other tracking practices it deems harmful to users, and says WebKit will treat circumvention of its anti-tracking measures "with the same seriousness as exploitation of security vulnerabilities."
If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.
For more on tracking definitions, the unintended impact of anti-tracking measures, and exceptions to the rules, check out the full WebKit Tracking Prevention Policy on the WebKit blog.



Top Rated Comments

(View all)
Avatar
3 days ago at 06:29 am
The logical way to thwart tracking/spying is to cut off network communication to the servers that collect data. I've been using Little Snitch on MacOS for years to do so. It's amazing how many servers and domains a typical app or website connect to. Some are necessary for core functions but a large number are for activities by undisclosed associates with covert motives. Little Snitch lets me deny network connections selectively to background requests. I've amassed a blacklist that is in the hundreds.

I don't mind ads. They're a necessary nuisance to fund the web services and content that we won't directly compensate. Therefore, I allow those entities whose known purpose is ad serving. It's the unknown purpose(s) and reputations of other tracking entities that I choose to undermine.

I mention this tool because it—or anything like it—are sorely needed on iOS devices.

Disclaimer: I am not an employee or spokesperson for Little Snitch. My endorsement is my own.
Rating: 3 Votes
Avatar
3 days ago at 05:04 am
Keep fighting the good fight Apple
Rating: 3 Votes
Avatar
3 days ago at 04:39 am

I will forever think Facebook is listening.
The other day I was TALKING to my friend on the couch how I want to wait with buying plane tickets until my boss approves the holidays so I don’t end up spending money on a ticket I won’t be able to use and literally 30 minutes later I open Instagram I get an ad about „how do I get my money back for an unused plane ticket? Find out more“

Press icon til wobbly - delete.
Rating: 3 Votes
Avatar
3 days ago at 03:58 am
Hey, I like that Safari icon better than the actual one.
Rating: 1 Votes
Avatar
3 days ago at 10:37 am

There's a content-blocker interface in iOS Safari, and a bunch of content blocker apps that use this, including some that will let you add arbitrary sites/IPs. You could port your blacklist into one of these, but it wouldn't be simple.


To be clear, I'm not seeking to block content. Ad blockers do that. I'm more interested in blocking covert background activities that hog resources and don't reveal their purpose.
Rating: 1 Votes
Avatar
3 days ago at 07:51 am


I mention this tool because it—or anything like it—are sorely needed on iOS devices.


https://www.macrumors.com/2019/07/24/lockdown-firewall-app-privacy-protection/
Rating: 1 Votes
[ Read All Comments ]