Safari in New Versions of iOS and macOS Includes Full Third-Party Cookie Blocking

safari iconSafari in macOS 10.15.4 and iOS and iPadOS 13.4 includes enhancements to Apple's Intelligent Tracking Prevention feature that allow for full third-party cookie blocking, Apple's WebKit team said today in a new blog post.

Cookies for cross-site resources are blocked by default in the new versions of Safari, introducing significant privacy improvements because it further cuts down on cross-site tracking functionality.

It might seem like a bigger change than it is. But we've added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari. To keep supporting cross-site integration, we shipped the Storage Access API two years ago to provide the means for authenticated embeds to get cookie access with mandatory user control. It is going through the standards process in the W3C Privacy Community Group right now.

The new cookie blocking feature makes sure there's no Intelligent Tracking Prevention state that can be detected through cookie blocking behavior as it removes statefulness, and it also prevents an attacker from seeing ITP status.

Safari's default cookie policy requires a third-party to have "seeded" its cookie jar as first-party before it can use cookies as third-party. This means the absence of cookies in a third-party request can be due to ITP blocking existing cookies or the default cookie policy blocking cookies because the user never visited the website, the website's cookies have expired, or because the user or ITP has explicitly deleted the website's cookies.

Thus, the absence of cookies in a third-party request outside the attacker's control is not proof that the third-party domain is classified by ITP.

Safari is the first mainstream browser to fully block third-party cookies by default, and Apple's WebKit team wants to pave the way for other browsers to do the same, so it plans to report on the experiences of full third-party cookie blocking to W3C privacy groups in an effort to help other browsers make the change as well.

More info on the changes implemented in Safari for iOS, iPadOS, and macOS today can be found in the full blog post.

Tag: Safari

Top Rated Comments

John.B Avatar
30 months ago
It's like a game of whack-a-mole, but I appreciate Apple pressing the issue.
Score: 8 Votes (Like | Disagree)
BWhaler Avatar
30 months ago
Thank you Apple and the Webkit Team.

While no company is perfect, it is a true gift to have the largest and best consumer tech company care so much about our privacy. There’s more money in selling us out, so I am grateful for the people of Apple taking a stand on principle.
Score: 8 Votes (Like | Disagree)
xxray Avatar
30 months ago
Thank you Apple. Please continue to find new ways to protect our privacy.
Score: 6 Votes (Like | Disagree)
farewelwilliams Avatar
30 months ago
Apple should have its own built-in VPN service.
Score: 5 Votes (Like | Disagree)
now i see it Avatar
30 months ago
Private Mode browsing works even better
Score: 4 Votes (Like | Disagree)
I7guy Avatar
30 months ago

It's like a game of whack-a-mole, but I appreciate Apple pressing the issue.
Exactly. I appreciate the focus on privacy as much as can be expected, by browsing the web.
Score: 4 Votes (Like | Disagree)

Popular Stories

macbook air m2

Exclusive: Apple Plans to Launch MacBook Air With M2 Chip on July 15

Wednesday June 29, 2022 5:23 pm PDT by
The redesigned MacBook Air with the all-new M2 Apple silicon chip will be available for customers starting Friday, July 15, MacRumors has learned from a retail source. The new MacBook Air was announced and previewed during WWDC earlier this month, with Apple stating availability will begin in July. The MacBook Air features a redesigned body that is thinner and lighter than the previous...
Mac Studio IO

Apple Begins Selling Refurbished Mac Studio Models

Thursday June 30, 2022 7:42 pm PDT by
Apple today began selling refurbished Mac Studio models for the first time in the United States, Canada, and select European countries, such as Belgium, Germany, Ireland, Spain, Switzerland, the Netherlands, and the United Kingdom. In the United States, two refurbished Mac Studio configurations are currently available, including one with the M1 Max chip (10-core CPU and 24-core GPU) for...
top stories 2jul2022

Top Stories: M2 MacBook Air Release Date, New HomePod Rumor, and More

Saturday July 2, 2022 6:00 am PDT by
The M2 MacBook Pro has started making its way into customers' hands and we're learning more about how it performs in a variety of situations, but all eyes are really on the upcoming M2 MacBook Air which has seen a complete redesign and should be arriving in a couple of weeks. Other top stories this week included a host of product rumors including additional M2 and even M3 Macs, an updated...
original iphone 2007

15 Years Ago Today, the iPhone Went On Sale

Wednesday June 29, 2022 4:43 am PDT by
Fifteen years ago to this day, the iPhone, the revolutionary device presented to the world by the late Steve Jobs, officially went on sale. The first iPhone was announced by Steve Jobs on January 9, 2007, and went on sale on June 29, 2007. "An iPod, a phone, an internet mobile communicator... these are not three separate devices," Jobs famously said. "Today, Apple is going to reinvent the...
rootbug

Major macOS High Sierra Bug Allows Full Admin Access Without Password - How to Fix [Updated]

Tuesday November 28, 2017 12:33 pm PST by
There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with a blank password and no security check. The bug, discovered by developer Lemi Ergin, lets anyone log into an admin account using the username "root" with no password. This works when attempting to access an administrator's account on an unlocked Mac, and it also provides access at the login...