BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News How Apple's Intelligent Tracking Prevention in Safari Works

How Apple's Intelligent Tracking Prevention in Safari Works

Leia em Português

This item in japanese

Bookmarks

The latest release of Apple's web browser, Safari 12, will provide "Intelligent Tracking Prevention" (ITP) 2.0, which aims to reduce the ability of third-parties to track web users via cookies and other methods.

The WebKit open source web browser engine is used by Safari and many other apps on macOS, iOS and Linux. The ITP function within WebKit collects statistics on web page resource loads as well as user interactions such as "taps, clicks, and text entries". The statistics are put into buckets per top privately-controlled domain or eTLD+1, shorthand for an "effective Top Level Domain" consisting of a typical base website URL. An example of an eTLD+1 would be social.co.uk, but not sub.social.co.uk (eTLD+2) or co.uk (just eTLD). According to the WebKit blog, a machine learning model is used to classify which top privately-controlled domains have the ability to track the user cross-site, based on the collected statistics. All data collection and classification happens on-device.

Once a eTLD is classified as having the ability to track a user cross-site, several preventative measures were implemented in ITP version 1.0 and 1.1. If the user had not interacted with a site in the last 30 days, say "example.com", the example.com website data and cookies were immediately purged and continued to be purged if new data was added. However, if the user interacted with example.com as the top domain, often referred to as a first-party domain, ITP considered it a signal that the user is interested in the website and temporarily adjusted its behavior as depicted in this timeline below:

ITP 1.1 cookie timeline

With ITP 1.0 and 1.1., if the user had interacted with example.com in the previous 24 hours its cookies would also be available when resources from example.com are requested or embedded as a third-party. According to the WebKit blog, this allowed for "Sign in with my X account on Y" login scenarios. This meant users only have long-term persistent cookies and website data from the sites they actually interact with, and tracking data is removed proactively as they browse the web.

If the user interacted with example.com in the last 30 days but not the last 24 hours, example.com gets to keep its cookies but they will be "partitioned". Partitioned means third-parties get unique, isolated storage per top privately-controlled domain or TLD+1. For example, account.example.com and www.example.com share the partition example.com. This allows users to remain logged in even if they only visit a site occasionally, while restricting the use of cookies for cross-site tracking.

ITP 2.0 has removed the 24 hour cookie access window. Authenticated embeds can only get access to their first-party cookies through the Storage Access API. ITP 2.0 has also restricted third-party content to only be able to identify the user when they actually use the content, such as write a comment or play a video. This is also the point at which Safari will ask for the user's permission (if the widget is asking for permission to see its cookies).

ITP 2.0 cookie timeline

ITP 2.0 also has the ability to detect when a domain is used as a "first party bounce tracker," meaning that it is never used as a third party content provider but tracks the user purely through navigational redirects. This pattern is often seen with shortened links provided by social media sites. Additional countermeasures to tracking include protection against tracker collusion, where multiple sites attempt to collude to identify a user, and origin-only referrer for domains without user interaction, which means that the referrer information is downgraded to just the page's origin for third party requests (e.g. the referrer "https://store.example/baby/strollers/deluxe-stroller-navy-blue.html" becomes simply "https://store.example/").

Safari Technology Preview Release 58 is now available for download for macOS High Sierra, and with this release Safari Technology Preview is now available for betas of macOS Mojave.

Rate this Article

Adoption
Style

BT