Apple announced a slew of new software features at its , including an augmented reality upgrade and animojis that can stick out their tongues when you do. But the company’s latest desktop and mobile operating systems contain a more subtle, yet more radical, innovation. The newest version of Apple’s Safari browser will push back hard against the ad-tracking methods and device fingerprinting techniques that marketers and data brokers use to monitor web users as they browse. Starting with Facebook.
The next version of Safari will explicitly prompt you when a website tries to access your cookies or other data, and let you decide whether to allow it, a welcome step toward explicit choices about online tracking. Safari will also make a dent in defeating the so-called “fingerprinting” approach, in which marketers use publicly accessible information about devices—like the way they’re configured, the fonts they have installed, and the plug-ins they run—to assign them an individual, trackable ID. In macOS Mojave and iOS 12, Safari will scrub much of this data, exposing only generic configuration information and default fonts. The browser will also stop supporting legacy plugins. The idea is to make your Mac indistinguishable from millions of others, muting the fingerprinting effect.
“Data companies are clever and relentless,” Craig Federighi, Apple’s senior vice president of software engineering, said on Monday, explaining why Apple pushed to add these features. The company calls the set of tools “Intelligent Tracking Prevention 2.0,” and they feature, like eliminating a 24-hour grace period that gave trackers a day of cookie access.
‘The real test will be how well it works and how advertisers and trackers will react.’
Will Strafach, Sudo Security Group
The new version of Safari will also help improve password hygiene by offering to generate, autofill, and store strong passwords. It’s a well-intentioned approach, althoughdepending on how it’s deployed. The browser will now also audit password reuse to try to discourage people from using the same password for multiple services—a crucial way consumers of being impacted by data breaches.
The antitracking features continue Apple’s assault on ad tech;video and audio from autoplaying, and the Intelligent Tracking Prevention Webkit tool worked to identify and block tracking cookies. This year’s updates, though, take things a step further by significantly expanding the tracking techniques Safari can block or warn users about.
Apple’s not the only company to toughen up its browser against privacy and security menaces. As with Chrome’s Do Not Track mechanism, Apple seems to have based some of the new Safari protections onfrom Mozilla, which offers its own protections in the Firefox browser. In February, Chrome also started to bring more comprehensive protections to users based on standards from the Coalition for Better Ads. There are also , Privacy Badger, and Adblock Plus to help stymie various tracking techniques. But Apple’s efforts in Mojave and iOS 12 appear to be the most prominent and comprehensive yet.
Facebook did not immediately respond to a request from WIRED for comment, and the platform is certainly not the only large ad network incorporating these techniques. But it’s a prominent player that hasfor letting a variety of user data tracking tools run rampant. The company’s chief information security officer Alex Stamos on Twitter that it doesn’t seem like the new Safari will block tracking pixels or , which are notorious for being exploitable as trackers or by bad actors for malicious activity.
Stamos seemed more focused on blasting Apple’s attempt to single Facebook out, but it’s true that this generation of Intelligent Tracking Prevention will inevitably have limitations. It’s difficult to fully block online tracking methods without also eroding website usability, and different privacy initiatives have approached dealing with this conflict in different ways.
“The consent popups will be a big deal to people. It’s more visual so you know that they are attempting to track you versus it just happening in the background silently,” says Will Strafach, an iOS security researcher and the president of Sudo Security Group. “I guess the real test will be how well these measures work and how advertisers and trackers will react.”
Google and Firefox already offer plenty of solid ad-blocking and antitracking mechanisms, and offer athat may make them more desirable than Apple’s browser. But if privacy matters most to you, it might be time to give Safari a try.
More WWDC 2018 Coverage