Apple Plans to Block All Covert, Cross-Site Tracking in Safari


Apple has released its WebKit Tracking Prevention Policy which outlines the tracking methods blocked by the Safari web browser in order to provide consumers with a privacy-driven internet environment.

On all Apple systems the open source WebKit web browser engine Safari now utilizes the function called Intelligent Tracking Prevention (ITP), which manages site cookies dynamically to ensure that sites do not use cookies or other recorded information to remain on the web while browsing their customers.

The development team was able to discover “famous websites with over 70 trackers, all quietly collecting information from customers, when the WebKit ITP functionality was introduced in the engine first.”

The newly published tracking prevention policy was inspired by Mozilla’s anti-tracking policy, published on January 28, 2019. Mozilla currently uses Disconnect’s Tracking Protection list to classify the trackers that its Firefox web browser blocks from using cookies and browser storage features.

Types of web tracking blocked by Safari

“Tracking is the collection of data regarding an individual’s identity or activity across one or more websites. Even if such data is not believed to be personally identifiable, it’s still tracking,” as per WebKit’s definition.

According to its development team, “the present WebKit anti-tracking mitiges will be applied to all websites universally, or based on algorithmic, on device classifications.” The new tracking strategy will examine all potential WebKit patches and internet norms, while also developing fresh internet technology from the ground up with non-harmful methods.

The new policy of WebKit lists the following recognized methods in internet monitoring that the browser engine does its utmost to block:

Cross-site tracking is tracking across multiple first party websites
Stateful tracking is tracking using storage on the user’s device
Covert stateful tracking is stateful tracking which uses mechanisms that are not intended for general-purpose storage, such as HSTS or TLS
Navigational tracking is tracking through information controlled by the source of a top-level navigation or a subresource load, transferred to the destination
Fingerprinting, or stateless tracking, is tracking based on the properties of the user’s behavior and computing environment, without the need for explicit client-side storage
Covert tracking includes covert stateful tracking, fingerprinting, and any other methods that are similarly hidden from user visibility and control.

In addition to the above-mentioned monitoring methods, WebKit will also attempt to add mitigation steps to presently unknown techniques in order to safeguard the privacy of users while browsing the Web.

The browser engine will limit the ability of the sites to use the tracking method for tracking techniques that WebKit cannot block. Should limitation of the ability “not feasible without undue damage to the user,” the browser will notify customers of future monitoring measures used by the Website that they are visiting.

Stand on policy exceptions and bypasses.

The policy of WebKit also states that no exceptions are given to any websites and that any party’s monitoring efforts will be blocked by the tracking protective characteristics integrated in browsers used thereby.

“Some sides may have valid uses for monitoring methods as well,” the policy says. “But WebKit often doesn’t have any technical means to differentiate valid uses of tracking, and doesn’t know what the parties concerned will do with information being gathered in the present or the future.” The project suggests that it adds further limitations “no previous notice” when it comes to locations implementing anti-tracking measures to bypass the tracking preventative characteristics of WebKit.

All lawful procedures that will be impacted or interrupted by WebKit’s tracking avoidance characteristics are marked as an unintended effect and the developing team will possibly try to “change tracking preventative techniques, in some instances in order to allow certain usage instances, especially when increased strictness would damage the user’s experience.”

This has already occurred in at least two cases when Storage Access and Private Click Measurements were intended to restore site capacities broken after invasive cross-site privacy monitoring tech has been blocked.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.