Video: How Apple's Intelligent Tracking Protection in Safari works

Posted:
in General Discussion
Have you ever shopped for something on Amazon, and then noticed that other websites and even apps like Facebook are flooded with ads concerning that product? AppleInsider explains how this happens, and how Apple's implementation of Intelligent Tracking Protection in Safari works.





For example, I once searched Amazon and Googles shopping results for a new pair of Adidas shoes, and it led to over a week of Adidas shoe ads in Facebook, Instagram, and practically any website I visited.

Apple has been hard at work to prevent this, and their new solution is already hitting ad firms hard, with online advertising businesses reportedly losing out on hundreds of millions of dollars!

The solution is Safari's new Intelligent Tracking Prevention feature, which came to mobile devices with iOS 11, and also to the Mac with the macOS 10.13 update. Many users are still reluctant to update to iOS 11. But, besides security, I think this feature alone makes updating to iOS 11, totally worth it.




To understand how this new cross-tracking prevention feature works, let me first explain how cookies work. In short, cookies are bits of data from websites you visit, that are saved onto your device. The biggest example of this is a website saving your login information so you dont have to type it in with every visit.

These cookies, called first-party cookies, make total sense and are completely safe and in the clear, since websites can only write or create them when a consumer is visiting their website.

Now comes third-party cookies, where you are being served information or ads from a certain website, while you are on a completely different website. These third-party cookies have always been blocked by Safari, with one exception: if they were originally written as a first-party cookie from a visit to a website.

This exception for first-party cookies was exploited by some ad tech vendors who developed solutions that wrote cookies using the advertisers domain. An example of this is when you visit a site like Amazon and search for a pair of shoes. A first-party cookie will be created to save your search history.

Once you leave that site, advertisers could access that first-party cookie in a third-party context, in other words, while youre not on the original website where the cookie was created. They could then read that cookie and serve you ads based on what you searched for, and you end up seeing ads for shoes all over the web.

Safaris new Intelligent Tracking Prevention feature puts restrictions on whether or not any business can continue to read or update first-party cookies when the user is not directly on the businesss site.

Apples solution was to only provide third parties looking to use that cookie data with a 24-hour window from when a cookie was last accessed from the originating site. Every time you hit the originating site, the access timer is reset. After 24 hours from the last visit to the site, the time is up, and access is denied.

This is why you may have still noticed third-party ads on other websites, even after updating to iOS 11.

For example, last night I was searching for honeymoon packages on Safari, and this morning Ive been seeing Honeymoon ads all over Instagram. Thankfully, with Safaris new cross-site tracking prevention feature, those honeymoon ads should disappear about 9 hours from now, assuming I dont keep searching.

Otherwise, Id be stuck staring at honeymoon ads for a couple of weeks until the advertising sites and algorithms realized Im not interested in that anymore. This is exactly why this new feature is hitting advertisers hard, and so why so many of them have been protesting Apples Safari tracking changes.

Getting back to how the new feature works, like we said, access to first-party cookies from a third-party context will only be regained when you visit the primary website again, and in that case, the 24-hour timer will restart.

If the user doesnt return to the primary website within the next 29 days, the first-party cookie will be entirely deleted.

The only downside to this is that if you dont log into a website for a whole month, certain information like your login credentials stored in a cookie and not stored in your Keychain can be lost, and youll have to reenter them like it was your first time ever using that website.

This new feature is not only useful for avoiding those annoying ads, but it also protects your privacy and security.
mike1tmayGG1kudulolliverwatto_cobraEwalkaceblu

Comments

  • Reply 1 of 19
    The only downside to this is that if you dont log into a website for a whole month, certain information like your login credentials stored in a cookie and not stored in your Keychain can be lost, and youll have to reenter them like it was your first time ever using that website.
    All the more reason that Apple needs to add cookie locking and whitelisting to Safari. I want to be able to just completely wipe my cookies whenever I want, but I have to manually go through them to ensure I don’t delete ones I want. It should be “click on cookie to protect it from deletion” and then “click to delete all cookies”, leaving the ones you protected. Or better yet, a pure whitelist. What if I only want cookies from specific sites? Maybe I want ALL the others blocked, always.
    gatorguyGG1macseekerrepressthisMisterKitwatto_cobrabeowulfschmidtjony0
  • Reply 2 of 19
    useful info AI!  thanks for making the video
    repressthisGeorgeBMacjSnivelywatto_cobra
  • Reply 3 of 19
    gatorguygatorguy Posts: 18,889member
    Very informative video, one I think the members here should appreciate.  Based on some of the forum comments many didn't really understand what Apple's Intelligent Tracking Protection accomplished and why. It's not an ad blocker but in some ways even better than one.  
    repressthisSoliGeorgeBMacwlymjony0
  • Reply 4 of 19
    cornchipcornchip Posts: 1,068member
    It’s even worse than what this article outlines. I’m a designer and was playing around with creating custom textures in Procreate. I wanted to make a custom bark texture. So I image searched “bark” with DDG - I’m fairly certain, it’s my default - (in safari). I used an image on the second or third row & Never thought another thing about it until a few days later. When I got an email... to my personal freelance email from a company called “Bark”. The aim of bark (supposedly, I’ve never contacted them yet) is to match designers with people who need designers to design things for them (for next to nothing no doubt). Somehow it dawned on me about my search a few days earlier. I went back to safari and did an image search with DDG. scroll scroll..... nothing seemed to pop out as unusual. So researched with g!... scroll scroll......


    and and there it was.


    amongst nothing but pictures of bark. A little logo I recognized from a bizarre, unsolicited email. A little icon of a dog barking.

    i don’t know what’s going on there, but it’s incredibly powerful, insideous, and creepy as shit. I don’t know if Apple has solved for this thing exactly, but I applaud their efforts in this area and perhaps they will get to this type of spying in the future if this measure is not effective against it yet.
    magman1979racerhomie3wlymlostkiwiwatto_cobrabeowulfschmidtjony0
  • Reply 5 of 19
    sflocalsflocal Posts: 4,149member
    Waiting for @bitmod to chime in about more of his conspiracy theories about this.
    StrangeDaysSolimacpluspluswatto_cobra
  • Reply 6 of 19
    sflocal said:
    Waiting for @bitmod to chime in about more of his conspiracy theories about this.
    I'd just be happy if he admitted how very wrong his pet theories were.
    watto_cobra
  • Reply 7 of 19
    This is why I've been using a VM for much of my Internet 'searching' for the past 4 years. When I'm done, I shut it down and overwrite the VM files with my baseline version. Periodically, I update the VM and save it to the baseline version again.
    I also don't use Facebook etc. You'd be amazed at how little advertising I see compared to others in my family who do use it and all with essentially the same setup.
    When you realised that the likes of Google, FB and indeed even Amazon collectively know more about you that you can remember it not only gets scary but glad that this sort of protection in there for us.

    We have to take responsibility for our lives. Now if only these Big Brother companies would rein in their slurping the world would be a better place.
    Yes, you Amazon. I bought the concrete mixer from you. Do you really think I want another one within a week or is what you sold me so crap when it comes to quality that I'm going to need another one? Doh!

    watto_cobra
  • Reply 8 of 19
    mike54mike54 Posts: 226member
    Good video.
    I would prefer if first party cookies never be accessed by third party. Maybe have a toggle switch for those that want it.
    GeorgeBMaccornchiprussw
  • Reply 9 of 19
    I agree with others that this was an excellent, helpful video... One thing that would be even more helpful is if Apple added effective help to their settings: For instance, when you tap "Prevent Cross Site Tracking" it would tell you what that setting does.... A few settings, particularly in Parental Controls/Restrictions switch you to a second screen with a brief explanation instead of just providing an on/off switch. So, there are a variety of ways to solve this problem, but for most users "Prevent Cross Site Tracking" is pretty meaningless because they don't know that cross site tracking of cookies exists or what it does -- or how turning this setting on affects it.
    cornchipwatto_cobra
  • Reply 10 of 19
    ajlajl Posts: 86member
    Vadim ended up buying an Adidas T-shirt :D Jokes aside, one thing I've noticed since Safari 11 (and tracking protection, of course) is out is that I can't set YouTube videos in full screen mode anymore.
    edited January 13
  • Reply 11 of 19
    wlymwlym Posts: 54member
    cornchip said:
    It’s even worse than what this article outlines. I’m a designer and was playing around with creating custom textures in Procreate. I wanted to make a custom bark texture. So I image searched “bark” with DDG - I’m fairly certain, it’s my default - (in safari). I used an image on the second or third row & Never thought another thing about it until a few days later. When I got an email... to my personal freelance email from a company called “Bark”. The aim of bark (supposedly, I’ve never contacted them yet) is to match designers with people who need designers to design things for them (for next to nothing no doubt). Somehow it dawned on me about my search a few days earlier. I went back to safari and did an image search with DDG. scroll scroll..... nothing seemed to pop out as unusual. So researched with g!... scroll scroll......


    and and there it was.


    amongst nothing but pictures of bark. A little logo I recognized from a bizarre, unsolicited email. A little icon of a dog barking.

    i don’t know what’s going on there, but it’s incredibly powerful, insideous, and creepy as shit. I don’t know if Apple has solved for this thing exactly, but I applaud their efforts in this area and perhaps they will get to this type of spying in the future if this measure is not effective against it yet.
    Wow, that would not only piss me off but be the reason I'd never do business with "Bark". Talk about casting a wide net! From time-to-time I get unsolicited but targeted email and I let those businesses know that I've blacklisted them (and I'm sure they give a ****). Like the stock photo site 123RF.com where I'd regularly purchased images until they decided I needed to be spammed as well (ignoring that I was not subscribed to their marketing emails).
    cornchipwatto_cobra
  • Reply 12 of 19
    glynhglynh Posts: 121member
    wlym said:

    Wow, that would not only piss me off but be the reason I'd never do business with "Bark". Talk about casting a wide net! From time-to-time I get unsolicited but targeted email and I let those businesses know that I've blacklisted them (and I'm sure they give a ****). Like the stock photo site 123RF.com where I'd regularly purchased images until they decided I needed to be spammed as well (ignoring that I was not subscribed to their marketing emails).
    THIS^^

    The problem is I've blacklisted so many sites over the years I have run out of places to buy from! :)

    Problem is exacerbated leading up to Christmas as many of those Companies that I had previously blacklisted and where I had already unsubscribed suddenly started to spam me again.

    What annoys me even more is where I have had to return a product because it is faulty, sub-standard or where I've had a run-in with the Company and I am plagued with adverts from the same company for the same item I had just returned on almost every website I visit...grrrrr.
    edited January 13 watto_cobra
  • Reply 13 of 19
    cornchipcornchip Posts: 1,068member
    sflocal said:
    Waiting for @bitmod to chime in about more of his conspiracy theories about this.
    Hah! Wasn’t familiar with this member so I just went and read some of his posts. Funny stuff!


    glynh said:
    wlym said:

    Wow, that would not only piss me off but be the reason I'd never do business with "Bark". Talk about casting a wide net! From time-to-time I get unsolicited but targeted email and I let those businesses know that I've blacklisted them (and I'm sure they give a ****). Like the stock photo site 123RF.com where I'd regularly purchased images until they decided I needed to be spammed as well (ignoring that I was not subscribed to their marketing emails).
    THIS^^

    The problem is I've blacklisted so many sites over the years I have run out of places to buy from! :)

    Problem is exacerbated leading up to Christmas as many of those Companies that I had previously blacklisted and where I had already unsubscribed suddenly started to spam me again.

    What annoys me even more is where I have had to return a product because it is faulty, sub-standard or where I've had a run-in with the Company and I am plagued with adverts from the same company for the same item I had just returned on almost every website I visit...grrrrr.


    That’s the thing about these ad networks - they’re not even that smart!

    Yeah I haven’t quite made up my mind on how I’m going to deal with those guys yet. Definitely won’t be using them as a source for contract work!


    edited January 13 watto_cobra
  • Reply 14 of 19
    Wow I think this new feature is a good thing. There are 2 many adds for things in the first place.
    watto_cobra
  • Reply 15 of 19
    The only downside to this is that if you dont log into a website for a whole month, certain information like your login credentials stored in a cookie and not stored in your Keychain can be lost, and youll have to reenter them like it was your first time ever using that website.
    All the more reason that Apple needs to add cookie locking and whitelisting to Safari. I want to be able to just completely wipe my cookies whenever I want, but I have to manually go through them to ensure I don’t delete ones I want. It should be “click on cookie to protect it from deletion” and then “click to delete all cookies”, leaving the ones you protected. Or better yet, a pure whitelist. What if I only want cookies from specific sites? Maybe I want ALL the others blocked, always.
    Yeah, agreed in a general sense.  Introduce Safari settings with granular control of treatment of cookies and ads.  This would be popular with end-users who then have choice about controlling the extent of ads intrusion.  Advertisers wouldn't have much to complain about as it is just how each end-user configures their Safari.
  • Reply 16 of 19
    Just excellent, Vadim! Loving the videos. I checked the settings on my 2017 MacBook and iPadMini...all good. Check my iPhone and its was good, except the 'please don't track me' button was not on. Glad I checked.

    This anti-tracking Safari feature was the main reason I recycled my 2006 iMac (SL) and my 2009 MBP (El Capitan) and bought the 2017 MacBook with Sierra/Safari!

    I also, immediately upgrade to the newest iOS as soon as it is available.

    Best.
    cornchipwatto_cobra
  • Reply 17 of 19
    vadimyuryevvadimyuryev Posts: 134member, editor
    ajl said:
    Vadim ended up buying an Adidas T-shirt :D Jokes aside, one thing I've noticed since Safari 11 (and tracking protection, of course) is out is that I can't set YouTube videos in full screen mode anymore.
    And the adidas shoes  ;)
    glad it helped guys
    edited January 14 watto_cobra
  • Reply 18 of 19
    ivanhivanh Posts: 176member
    29 days? 35 days is a better number to retain the convenience for a monthly visit to the same website.
  • Reply 19 of 19
    ajl said:
    ...one thing I've noticed since Safari 11 (and tracking protection, of course) is out is that I can't set YouTube videos in full screen mode anymore.
    I have always tried to manage cookies from way back in the beginning.

    While employing the Prevent cross-site tracking and the Ask websites not to track me,
    along with Ghoslty, uBlock, Adblock and Adblock plus, I see very minimal advertising, if any.

    While all of these "blocks/preventions" do break some sites in places, like certain forms not loading,
    I have never experienced that Youtube does not play in full screen, or other video not play in full screen, for that matter.
Sign In or Register to comment.