Protecting Your Privacy in Safari for iOS

safari ios iconEvery time you visit a website on your iPhone or iPad, you are sharing information about yourself with the outside world. This guide runs through a number of methods you can use to gain more control over what gets shared, and who it gets shared with, whenever you use Apple's Safari browser to access the web on an iOS device.

It also covers some methods you can use to prevent traces of your browsing history from showing up on your iOS devices. While you may trust friends and family not to go searching through your web history, it's possible for them to unintentionally discover what you've been looking at, just by using Safari or performing a simple Spotlight search on your iPhone or iPad. If you're interested in a similar overview covering Safari on OS X, check out this guide.

The guide assumes you are using the latest public release of iOS 9.3 (9.3.3 as of initial writing). If your device is running an older version, a message should have appeared on the screen that an update is available. Connect your device to a power source and then tap "Install Now" on the message to download the update over the air, or open the Settings app and tap General -> Software Update, and then tap "Download and Install".

Alternatively, connect your device to a computer with an internet connection and with the latest version of iTunes 12 installed. Open iTunes, select your device (a device icon should appear just below the playback controls), click "Summary" in the sidebar, and then click "Check for Update" in the Summary screen. Click "Download and Update" if an update dialog appears.

Cookies, Location Services, and Tracking


Many websites attempt to store cookies and other web page data on iOS devices. Cookies are small data files that can include things like your IP address, device type, web browser version, the date you last visited the site, as well as any personal information you have provided, such as your name, email address, and any relevant preferences. This information is used to identify you when you revisit a site, so that it can offer tailored services, provide specific content, or display targeted ads.

Websites are increasingly upfront about their use of cookies – you've probably seen notices on popular sites requesting that you acknowledge their use. That's largely because EU law requires sites based within its borders to get consent from visitors to store or retrieve cookie data, and as of September 2015, Google requires that any website using its advertising products comply with the law if any of its users are inside the EU, regardless of where the site itself is based.

safariios8
By default, Safari accepts cookies and website data only from websites you visit, and attempts to block third-party cookies that try to target you with ads or create a profile of your online activities. If you don't like the idea of being tracked at all, you can selectively block the use of cookies by following the numbered steps below. Note however that some pages might not work unless you allow the use of cookies, so if you run into login problems or other issues on familiar sites after adjusting these settings, then you might want to dial back the changes.

Additionally, Do Not Track is another feature you can enable to try to prevent sites from tracking your web visits across the web. With the feature turned on, Safari specifically asks sites and their third party content providers (including advertisers) not to track you. In reality, it's up to the website to honor this request, but it's an option worth enabling for a potential extra layer of privacy.

Lastly, you may have noticed how Safari asks if you want to share your location whenever you visit a geolocation-enabled website. If you don't expect the site to provide helpful location-based services such as weather information or local amenities, you can deny individual requests and continue to do so on a case-by-case basis. Alternatively, you can disable location services in Safari completely, which is also described in the following steps.


  1. On your iOS device, open the Settings app, scroll down the list, and tap "Safari".

  2. In Safari settings, tap "Block Cookies" under the Privacy & Security options, and choose one of the following: Always Block, Allow from Current Websites Only, Allow from Websites I Visit, or Always Allow.

  3. Toggle on the button next to "Do Not Track".

  4. Return to the first menu in the Settings app and select "Privacy" from the list.

  5. Tap "Location Services", scroll down the list and select "Safari Websites", and then tap on "Never" in the next screen. Again, be aware that defaulting to "Never" may impact the functionality of some sites you visit.
iOS privacy

Enable Private Browsing


By enabling Private Browsing, you can prevent Safari from remembering the pages you visit and any AutoFill information, while any private tabs you open won't be stored in iCloud. When using Private Browsing, Safari also automatically asks sites and third-party content providers not to track you, prevents sites from modifying any information stored on your iOS device, and deletes cookies when you close the related tab.


  1. In Safari, tap the Pages icon (consisting of two squares) to bring up the open tabs view, and then tap "Private". Notice how the interface turns a dark gray.

  2. Tap the "+" icon to open a private tab.

  3. When you're done with the web session, return to the open tabs view, close your tabs, and tap "Private" again. Your private tabs are now cleared from memory.

iOS Private

Clear Browsing History


Clearing your web history in Safari has changed with iOS 9. You can no longer clear your history without also deleting all cookies and web data. This may affect stored login data for certain sites, so think twice before proceeding.

The first method described below is the 'nuke' option since it clears all history, cookies and website data on all devices signed into your iCloud account regardless of when the sites were accessed.


  1. Open the Settings app and scroll down to Safari in the list.

  2. At the bottom of the options screen, tap "Clear History and Website Data".
clear history ios

The following alternative method allows you to limit the clearing of history, cookies and website data to a specific timeframe.


  1. Open Safari and tap the Bookmarks icon (the open book).

  2. Tap the first Bookmarks tab if it's not already selected and select "History" from near the top of the list.

  3. Tap "Clear" and select the option you prefer from the following: The last hour; Today; Today and yesterday; and All time.

clear history ios(2)

Exclude Browsing History From Spotlight Searches



If you'd like to retain your browsing history but don't want web pages you've visited to appear in Spotlight Search results, follow these steps.

  1. Open the Settings app and tap "General".

  2. Select "Spotlight Search", scroll down the Search Results list, and toggle off the switch for Safari.

Spotlight Safari iOS

Switch Search Engine and Disable Safari Suggestions


Just because you cleared your browsing history and web data in Safari or browsed in a Private window, doesn't mean your searches aren't still recorded elsewhere. For example, if you logged into a Google account during the session, searches you performed may be logged by Google and later show up as search suggestions when you start typing in the Google search bar when logged into the same account. In fact, your search and ad results may be customized based on your search-related activity, even if you're signed out of your account.

To get around this issue, either consult the privacy help page of your preferred search engine to learn how to turn off tracking settings, or add a non-tracking search engine such as StartPage to your favorites (visit the site, tap the Share icon – the square with an arrow pointing out of it – and tap the star icon to "Add to Favorites"). The next series of steps shows you how to set Safari to use non-tracking search engine DuckDuckGo when you type in search queries into the address bar.

Another thing to reconsider is your use of Safari Suggestions. With this option enabled, your search queries, the Safari Suggestions you select, and related usage data are sent to Apple. Additionally, if you have Location Services turned on, when you make a search query in Safari with Safari Suggestions enabled your location is also sent to Apple. If you don't want this information shared, turn off Safari Suggestions, which is also described in the steps below.


  1. Open the Settings app and scroll down to Safari in the list.

  2. In the Search options list, toggle off the "Search Engine Suggestions" and "Safari Suggestions" switches.

  3. Tap "Search Engine" at the top of the list, and select DuckDuckGo from the available options.

iOS search engine

Disable Frequently Visited Sites

By default, Frequently Visited Sites appear below your Favorites whenever you open a new tab in Safari. You can turn this feature off.



  1. Open the Settings app, scroll down and tap "Safari" in the list.

  2. Toggle off "Frequently Visited Sites" under the General section.

Visited Sites Safari iOS

Turn Off AutoFill

Safari's AutoFill feature remembers text and values you enter into online forms, and can be useful for speeding up logins and registrations as well as online purchases. If other people use your iOS device, you might not want this information to show up when websites are revisited. Here's how to disable AutoFill.



  1. Open the Settings app, scroll down, and tap on "Safari" in the list.

  2. Tap to open the AutoFill menu and toggle off the switch next to the details you'd rather not include. You can also edit/delete stored bank cards from here by tapping "Saved Credit Cards".

Safari AutoFill iOS

Finally...


If your privacy concerns extend to a desire for enhanced security and anonymity, consider subscribing to a Virtual Private Network (VPN) service that offers an iOS client or supports OpenVPN (Private Internet Access and IPVanish are two popular options), and using a Tor-powered browser for iOS.



Top Rated Comments

(View all)
Avatar
31 months ago
This article is a good beginner's guide, but an in-depth exploration of VPNs would be welcomed by many people here.
Rating: 3 Votes
Avatar
31 months ago

Visitors should be able to log into any website without the need to store cookies. Websites that demand cookies storage in those cases are totally corrupt and in desperate need of a recode.


To me, cookies seem to be completely unnecessary for any behavior outside of logging in to a membership site, such as this forum, and I'm perplexed with and dismayed by any site that requires cookies for casual browsing, Forbes is a good example. The big revamp of Apple's site a few months back, when they went from a static page to the scrolling live pages, now requires cookies to be turned on or generally Safari won't display the page properly. For instance, the the frame on the home page with the slideshow that displays the iPhone, Watch, MBP, etc, now shows as one pic with all the frame captions overlaid on each other. Its such a mess - it looks like some kids were playing a game of Barrel Of Monkeys ('https://www.amazon.com/Milton-Bradley-04056-Barrel-Monkeys/dp/B00000IWHE') on top of some ad proofs and gave up halfway through.

In-depth searching shouldn't require any cookies either, unless you're searching member content, again like our forum here. I've dealt with e-shopping sites that used javascript instead of cookies. Every time I went to a new item or category, the site would simply append more code to the end of the URL. No tracking to worry about; after you're done with the site simply clear history and forget it.

Since I mentioned membership sites like forums, another thing that bothers me are sites that require me to leave cookie acceptance active in order to keep using the site. For forum use I have the browser set to accept first party cookies, I login, then I turn the acceptance back to 'never'. The cookie is available for credentialing, but no new info can be added. But sites like cracked.com won't display article pictures unless cookie acceptance is left active. At the least thats poor coding, at worst its an attempt to ensure they can track every iota of your browsing habits.

Apple itself has contributed mightily to our inability to avoid tracking, despite Cook's speeches about how vigorously they defend user privacy. A few versions ago, Safari displayed cookies by item - going to the cookie controls showed what each site placed on my machine whether it was a regular cookie or a tracker - and allowed me to delete individual pieces as I wished. That way I could sign in to a site, turn off the cookie acceptance, and then delete all those vile _utm trackers from Google. Now, cookies are displayed by site and gathered under single name. I have Ghostery installed so it should be stopping those _utm's but is it really?
Rating: 3 Votes
Avatar
31 months ago
So just turn off pretty much all of the functionality of Safari?

Why not just write a post telling people not to go on the Internet?

Arguably using Autofill is better for privacy, allowing Safari to suggest and securely save much stronger and varied passwords. Store your card details encrypted, and then hide them away in safe, combined with the use of Apple Pay in the real world, that's much better...

The only thing I do is delete my browsing history, why? Because I'm worried about the fact I searched for "graduate jobs"? No. Because sometimes it takes up quite a lot of space on my device when it's syncing it all across iCloud.
Rating: 3 Votes
Avatar
31 months ago
I'm somewhat surprised that content blockers (that offer blocking of trackers) aren't mentioned.

There's also the whole piece related to advertising under Settings > Privacy > Advertising as well as some under Settings > Privacy > Location Services > System Services that might be worth looking into and adjusting (although I'm not certain of how much direct/indirect impact those might have on Safari in particular).
Rating: 2 Votes
Avatar
31 months ago

Until law-makers grow a pair, enabling Do Not Track is simply an exercise in futility. Trackers do their damnedest to keep tabs on users, and just ignore this option. Every time I open a web page in Safari, it sends a snippet of data along with the request saying Do Not Track. Does that stop any website tracking me? No, of course not.

We need legislation so that website must obey this option on penalty of stiff fines. But big business and the advertising industry have deep pockets, and money talks when it comes to defending vested interests.



I don't think thats the way to go. Every time there is more regulation, the inevitable result is that some businesses are damaged, some consumers are hurt, and exceptions are made for politically favored groups. Then the government comes back with "if only we had more money/power/control..." and once again someone steps up with "there oughta be a law!" and the process starts over.

Prior to Google, remember how messed up search was? Excite, Atavista, Webcrawler, etc. Imagine if the feds decided to step in and say "we'll take care of search!" What would search have been like if it was brought to you by the same people who brought us the VA and the public school system, instead of the guys who started Google? Larry Page and Sergey Brin realized they could do a search superior to anything available at the time, and then give it away AND profit from it. Needs drives innovation.
I think the best thing to do is create enough of a noise about the tracking thing that someone or some group comes up with a solution that they can turn into a business, not get the feds involved in it.
Rating: 1 Votes
Avatar
31 months ago
Visitors should be able to log into any website without the need to store cookies. Websites that demand cookies storage in those cases are totally corrupt and in desperate need of a recode.
Rating: 1 Votes
Avatar
31 months ago
Privacy while connected to the Internet is an illusion.
Rating: 1 Votes
Avatar
31 months ago

... so we could have the option for the Tor Browser ...


Not necessarily: https://pando.com/2014/07/16/tor-spooks/

The Thought Police in 1984 were agents of the state. The Thought Collectors in 2016 are massively powerful private corporations.


Yes, and it's the State that I'm worried about. The corporations might be willing or unwilling accomplices, or even drive the corruption, I agree. But, I'm far more worried about the State taking my rights away than a corporation using data to sell me something.

But, my point is that the UN-nanny-state type cookie policy stuff doesn't accomplish anything but creating a hassle for legitimate cookie use.
Rating: 1 Votes
Avatar
31 months ago
As far as I'm concerned, if you use a smart phone in any way you can be tracked,hacked etc. etc.

Only real way to be sure is to disconnect.

I understand the article is more about safe browsing practices, which I agree make some sense. But I'm thinking bigger lol
Rating: 1 Votes
Avatar
31 months ago

So just turn off pretty much all of the functionality of Safari?

Why not just write a post telling people not to go on the Internet?


Hyperbole much?

Answer: Yes.
Rating: 1 Votes
[ Read All Comments ]