Apple is one of the biggest champions of user privacy and security in the tech industry. It doesn’t have a perfect track record, but it often goes the extra mile to ensure your privacy. The tech giant has published a new online tracking prevention policy for its Safari browser. To put the new policy bluntly, Apple is threatening to punish websites that violate the Safari privacy rules.
Apple’s tracking protection project leader John Wilander published a WebKit Tracking Prevention Policy on Wednesday. The new policy seeks to prevent all types of covert tracking methods used by sites and apps. In some cases, the Safari browser would seek user’s consent before allowing tracking.
Thanks everyone who attended my talk on web privacy at #usesec19. My demos worked – yay!
By the way, we *just* announced the WebKit Tracking Prevention Policy: https://t.co/jo5MPkNAAs
— John Wilander ?? (@johnwilander) August 14, 2019
The Cupertino company says in its new policy that sites and apps trying to circumvent the Safari privacy rules will be treated “with the same seriousness as exploitation of security vulnerabilities.” It means if your website attempts to bypass Apple’s built-in anti-tracking features, it will be treated like malware.
The tech giant warned that it could add “additional restrictions without prior notice.” And these restrictions would specifically target the websites that tried to bypass the Safari privacy rules.
It’s unclear how the company would restrict individual sites and apps. Apple says its new anti-tracking policy was inspired by that of Mozilla’s. Mozilla relies on Disconnect’s Tracking Protection List for blocking individual websites from using cooking and other browser features.
Apple’s Safari browser is based on the WebKit browser rendering engine. Google’s popular Chrome browser uses a forked version of the WebKit rendering engine. A couple of years ago, Apple added Intelligent Tracking Protection (ITP) feature to Safari’s WebKit browser engine to limit cross-site tracking by advertisers. The feature also measures the effectiveness of ad campaigns on the web while ensuring user privacy.
When Apple implemented the ITP, it discovered that many popular websites were using more than 70 different trackers to collect your data. The iPhone maker realizes that its new anti-tracking policy could have some “unintended” consequences, especially on practices that use the “techniques that can also be used for tracking.” A few examples of such practices are bot detection and ‘Like’ buttons. The company said it would “try to limit” the unintended impact.
“When faced with a tradeoff, we will typically prioritize user benefits over preserving current website practices,” said John Wilander.
Apple’s decision to take user privacy a notch higher would force other popular browsers to rethink their own strategies. Mozilla is obsessed with user privacy. Brave browser, which has become the default browser on my laptop, blocks ads by default while offering a fast and clean user experience. People are also increasingly using ad-blockers.
Websites and apps that rely on ads for revenue often track visitors from one site to another. It helps them create a detailed profile of the user and identify the user’s interests so that they can show more relevant ads. But that violates your privacy. If you visit Amazon to look at a product or maybe save it to your wishlist, you’ll likely see ads for the same or similar products on other websites and apps.
That’s one of the things Apple is trying to prevent with its new Safari privacy rules. Websites collect data through cookies, browser and device fingerprinting, supercookies, tracking pixels, and other navigation tracking methods to build a detailed profile of users.
Apple has been taking a series of steps to enhance user privacy. Recently, the Cupertino company announced ‘Sign-in with Apple’ single sign-on feature that allows you to sign in to third-party apps and websites without revealing any of your personal information. The privacy-focused sign-on option will compete with similar features from Facebook and Google. It generates random emails while signing in to a service to protect your primary email.
