Apple's WebKit team has published a "WebKit Tracking Prevention Policy" that details a range of anti-tracking measures it has developed and the types of tracking practices it believes are harmful to users.
/article-new/2019/08/webkit-logo.jpg){kind=logo}
Inspired by Mozilla's anti-tracking policy, the document posted to the WebKit blog provides an insight into the anti-tracking features built into Apple's Safari browser that the team hopes to see in all browsers one day.
This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them.
Apple introduced Intelligent Tracking Prevention in iOS 11 and in Safari 11 in macOS High Sierra 10.13 and has been working to develop ITP ever since. For example, in February Apple released iOS 12.2 and Safari 12.1 for macOS, both of which included ITP 2.1 featuring enhancements that block cross-site tracking.
The new WebKit policy highlights Apple's continuing efforts to target all forms of cross-site tracking behavior, even if it's in plain view.
WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.
If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior.
In addition to cross-site tracking, the document outlines several other tracking practices it deems harmful to users, and says WebKit will treat circumvention of its anti-tracking measures "with the same seriousness as exploitation of security vulnerabilities."
If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.
For more on tracking definitions, the unintended impact of anti-tracking measures, and exceptions to the rules, check out the full WebKit Tracking Prevention Policy on the WebKit blog.
Top Rated Comments
(View all)I don't mind ads. They're a necessary nuisance to fund the web services and content that we won't directly compensate. Therefore, I allow those entities whose known purpose is ad serving. It's the unknown purpose(s) and reputations of other tracking entities that I choose to undermine.
I mention this tool because it—or anything like it—are sorely needed on iOS devices.
Disclaimer: I am not an employee or spokesperson for Little Snitch. My endorsement is my own.
I will forever think Facebook is listening.
Press icon til wobbly - delete.The other day I was TALKING to my friend on the couch how I want to wait with buying plane tickets until my boss approves the holidays so I don’t end up spending money on a ticket I won’t be able to use and literally 30 minutes later I open Instagram I get an ad about „how do I get my money back for an unused plane ticket? Find out more“
There's a content-blocker interface in iOS Safari, and a bunch of content blocker apps that use this, including some that will let you add arbitrary sites/IPs. You could port your blacklist into one of these, but it wouldn't be simple.
To be clear, I'm not seeking to block content. Ad blockers do that. I'm more interested in blocking covert background activities that hog resources and don't reveal their purpose.
https://www.macrumors.com/2019/07/24/lockdown-firewall-app-privacy-protection/I mention this tool because it—or anything like it—are sorely needed on iOS devices.