Apple on Tuesday released Safari 13.1 and updated the Intelligent Tracking Prevention (ITP) privacy feature. Intelligent Tracking Prevention allows Safari to block cookies and prevent advertisers from snooping on users’ web habits.
According to Apple WebKit engineer John Wilander, Safari now blocks all third-party cookies. (WebKit is the browser engine that powers Safari.) That means that online advertisers and websites cannot track users around the internet using browser cookie files.
Wilander said the change for Safari might seem brand-new, but the browser already was blocking most third-party cookies through restrictions in ITP:
“It might seem like a bigger change than it is,” said John Wilander, “But we’ve added so many restrictions to ITP since its initial release in 2017 that we are now at a place where most third-party cookies are already blocked in Safari.”
“This update takes several important steps to fight cross-site tracking and make it more safe to browse the web. First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap,” John Wilander noted on Twitter.
Although Google announced last May that it hopes to do the same in Chrome by 2022, Apple’s Safari is now the second browser, after the lesser-used Tor Browser, to block all third-party cookies by default for all its users.
Google released Chrome v80 at the beginning of February with support for third-party cookie blocking (under the name of SameSite cookies), which will complete full rollout in about two years.
Full Cookie Block Ensure Web Privacy
“Cookies for cross-site resources are now blocked by default across the board. This is a significant improvement for privacy since it removes any sense of exceptions or ‘a little bit of cross-site tracking is allowed,’” Wilander added.
“First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.
“Second, full third-party cookie blocking removes statefulness in cookie blocking.
“Third, full third-party cookie blocking fully disables login fingerprinting, a problem on the web described already 12 years ago. Without protection, trackers can figure out which websites you’re logged in to and use it as a fingerprint,” added the engineer.
“Fourth, full third-party cookie blocking solves cross-site request forgeries. This is one of the web’s original security vulnerabilities and discussed in communities like OWASP for well over a decade. Those vulnerabilities are now gone in Safari.”