Here's how Apple protects your privacy in Safari with Intelligent Tracking Protection 2.0

Posted:
in iPhone edited June 2018
Apple released a new Safari Tech Preview on Wednesday, and it includes the Intelligent Tracking Protection 2.0 that was promised at WWDC. AppleInsider looks at what Apple is doing to ensure your protection and privacy as you go about your business on the web.

Safari Tech Preview


The new version of Intelligent Tracking Protection kills the old 24-hour window that Safari used to keep tracking cookies from sites you visit. Instead, a website can request tracking privileges, but the user has to specifically opt in.

If the user allows the cookie, it is deleted after the user stops visiting the site after 30 days of Safari use. If you go on vacation and don't use Safari at all, those days aren't counted.

Users can also opt in to permanent tracking, without a 30-day cookie purge. For example, if you subscribe to YouTube Music, the cookies won't be purged -- assuming you stay logged into the service and keep using it by actively clicking on a link, using the service, or making an entry in a form on the site.

The timeline of the new Intelligent Tracking Protection


The new Safari also isn't fooled by a "first party bounce tracker" across multiple browser redirects. The quick redirects won't be allowed to deposit cookies at all, and Safari won't log them as having user interaction, nor will it reset any day counter.

Widgets or embeds in a website have independent tracking of the site visited. For example, if you watched one of our videos embedded in the corresponding article on AppleInsider, you'd have to grant YouTube permission to deposit a tracking cookie independently if you haven't already.

As a result of all this, "federated logins" from social media sites will be less able, or prevented entirely, from tracking a user across the web. With the new Safari, the user can only be identified and request tracking authorization when the user actually interacts with the social media content, like writing a comment or playing a video.

So, if you've shopped on Amazon for something, you'll only see related ads if you've granted FaceBook the permission to do so in Safari explicitly.

And, if you have regrets after granting one website or another tracking access, the new Safari will retract all granted permissions when the user clears Safari history.

Intelligent Tracking Protection 2.0 debuted on stage at WWDC earlier in June, and didn't roll out to Safari Tech Preview testers until Wednesday. It will come to all users on macOS Mojave and iOS 12 in the fall on all devices that support the new operating systems.
«1

Comments

  • Reply 1 of 21
    gatorguygatorguy Posts: 20,894member
    Curious if ISP's can still continue tracking your web activity if Intelligent Tracking 2.0 is in use? To be honest the whole thing with VPN's, private browsing, incognito etc is confusing and I'm sure I'm not the only one. 
  • Reply 2 of 21
    Mike WuertheleMike Wuerthele Posts: 4,753administrator
    gatorguy said:
    Curious if ISP's can still continue tracking your web activity if Intelligent Tracking 2.0 is in use? To be honest the whole thing with VPN's, private browsing, incognito etc is confusing and I'm sure I'm not the only one. 
    By IP address, sure. Can't do a ton about that. But if they're tossing cookies on your machine, they'll have to ask permission.

    We'll be talking more about VPNs, private browsing, and incognito mode very soon.
    edited June 2018 racerhomie3williamlondonchasm
  • Reply 3 of 21
    tallest skiltallest skil Posts: 43,399member
    Why can’t Apple offer us a cookie whitelist? I only want cookies from the sites from which I want them. All others can and should be totally blocked. Or at the very least, cookie locking, where I can lock cookies I want to protect from deletion so that I can one-click delete all of the others instead of having to manually pick them (or far more likely, just ignore the thousands of third party cookies that outright bypass my “disallow third party cookies” setting).
    watto_cobra
  • Reply 4 of 21
    maltzmaltz Posts: 144member
    Why can’t Apple offer us a cookie whitelist? I only want cookies from the sites from which I want them. All others can and should be totally blocked. Or at the very least, cookie locking, where I can lock cookies I want to protect from deletion so that I can one-click delete all of the others instead of having to manually pick them (or far more likely, just ignore the thousands of third party cookies that outright bypass my “disallow third party cookies” setting).
    Chrome and Firefox offer exactly that, and have for years - Firefox, anyway. Block all cookies, unless they're on the exception list. Chrome is supposedly even better, allowing cookies, so sites that require them aren't broken, but deleting them all when you close Chrome (save the ones on the exception list) but I've had trouble getting it to actually delete. My theory is that it's actually a timeout, and I visit the site often enough it doesn't timeout. Just a guess, though. Anyway, as privacy-focused as Apple is, I've always been baffled that Safari doesn't have something like that.
  • Reply 5 of 21
    FolioFolio Posts: 591member
    gatorguy said:
    Curious if ISP's can still continue tracking your web activity if Intelligent Tracking 2.0 is in use? To be honest the whole thing with VPN's, private browsing, incognito etc is confusing and I'm sure I'm not the only one. 
    Ditto. I was out of town, surfing via hotspot on T-Mobile and suddenly got a text message on my iPhone X from some local realtor who I'd never before contacted. Very bizarre. Luckily it hasn't happened since. Not that I do anything nefarious, but I always make a habit of using incognito. 
    watto_cobra
  • Reply 6 of 21
    SoliSoli Posts: 9,176member
    With Mojave beta 2 I've had to re-log into everything in Safari again. Could be a fluke, but I wonder if this due to changes that occurred with Safari because new privacy setup. Did anyone else have this issue?


    Off topic: A modest request. I love that macOS is named because going by a version number isn't very consumer friendly, but I'd like that same system to be applied to all of Apple's major OSes. We don't drop the version numbers (and build numbers), we just keep them as part of the system. The name Mojave is marketable, and since we now these OSes being launched all at the same time because of how connected all these OSes are, I'd love to see them drop adopt something like: macOS Mojave, iOS Mojave: tvOS Mojave, watchOS Mojave.
    watto_cobra
  • Reply 7 of 21
    gatorguy said:
    Curious if ISP's can still continue tracking your web activity if Intelligent Tracking 2.0 is in use? To be honest the whole thing with VPN's, private browsing, incognito etc is confusing and I'm sure I'm not the only one. 
    By IP address, sure. Can't do a ton about that. But if they're tossing cookies on your machine, they'll have to ask permission.

    We'll be talking more about VPNs, private browsing, and incognito mode very soon.
    For your consideration - TOR : https://www.torproject.org/download/download-easy.html.en
    williamlondon
  • Reply 8 of 21
    Mike WuertheleMike Wuerthele Posts: 4,753administrator
    gatorguy said:
    Curious if ISP's can still continue tracking your web activity if Intelligent Tracking 2.0 is in use? To be honest the whole thing with VPN's, private browsing, incognito etc is confusing and I'm sure I'm not the only one. 
    By IP address, sure. Can't do a ton about that. But if they're tossing cookies on your machine, they'll have to ask permission.

    We'll be talking more about VPNs, private browsing, and incognito mode very soon.
    For your consideration - TOR : https://www.torproject.org/download/download-easy.html.en
    We'll be talking about that.
    williamlondon
  • Reply 9 of 21
    croprcropr Posts: 954member
    maltz said:
    Why can’t Apple offer us a cookie whitelist? I only want cookies from the sites from which I want them. All others can and should be totally blocked. Or at the very least, cookie locking, where I can lock cookies I want to protect from deletion so that I can one-click delete all of the others instead of having to manually pick them (or far more likely, just ignore the thousands of third party cookies that outright bypass my “disallow third party cookies” setting).
    Chrome and Firefox offer exactly that, and have for years - Firefox, anyway. Block all cookies, unless they're on the exception list. Chrome is supposedly even better, allowing cookies, so sites that require them aren't broken, but deleting them all when you close Chrome (save the ones on the exception list) but I've had trouble getting it to actually delete. My theory is that it's actually a timeout, and I visit the site often enough it doesn't timeout. Just a guess, though. Anyway, as privacy-focused as Apple is, I've always been baffled that Safari doesn't have something like that.
    Recently Firefox is offering containers, which is a great feature.  A container is like browsing as another user.  You have a special Facebook container plugin, which automatically creates a separate container when you navigate to a Facebook related url.  As such Facebook cannot track your behaviour on other sites.  In the other containers you simply have no Facebook profile or cookies. 
  • Reply 10 of 21
    StrangeDaysStrangeDays Posts: 8,244member
    Why can’t Apple offer us a cookie whitelist? I only want cookies from the sites from which I want them. All others can and should be totally blocked. Or at the very least, cookie locking, where I can lock cookies I want to protect from deletion so that I can one-click delete all of the others instead of having to manually pick them (or far more likely, just ignore the thousands of third party cookies that outright bypass my “disallow third party cookies” setting).
    Check out 1Blocker, for iOS and macOS. 
    racerhomie3williamlondonhexclocktallest skilwatto_cobra
  • Reply 11 of 21
    One of the reasons I upgraded/recycled my 2009 MacBookPro to a 2017 MacBook was to get the latest and greatest Safari for safe web browsing. I'd love if Ai would do a video on what settings we should have "on" in Safari and then recommend Apps like Ghostery, Adware, etc. etc. :)

    This reminds me of a few years ago when everyone was talking about backups. But with Apple's, TimeMachine, iCloud Backup, DropBox, etc. Backups have almost become automatic.

    This is where web security should be. :)

    Best
    watto_cobra
  • Reply 12 of 21
    mattinozmattinoz Posts: 1,121member
    So is Safari snappier without having to load buckets of stuff that doesn't effect the information presented?

  • Reply 13 of 21
    tallest skiltallest skil Posts: 43,399member
    Check out 1Blocker, for iOS and macOS. 
    I use it on my iDevices, but how does it compare to uBlock Origin (which I use now) on OS X for its adblocking power?

    EDIT: Okay, this is either humorous or an actual cause for concern. Wait, unless this isn’t the real website; it seems uBlock Origin only has a GitHub page...

    watto_cobra
  • Reply 14 of 21
    SoliSoli Posts: 9,176member
    Check out 1Blocker, for iOS and macOS. 
    I use it on my iDevices, but how does it compare to uBlock Origin (which I use now) on OS X for its adblocking power?

    EDIT: Okay, this is either humorous or an actual cause for concern. Wait, unless this isn’t the real website; it seems uBlock Origin only has a GitHub page…
    [image]
    uBlock won't work with Safari in Mojave. You'll need a solution like 1Blocker or for uBlock to update their Extension to work through the new store.
    tallest skilwatto_cobra
  • Reply 15 of 21
    mike54mike54 Posts: 347member
    Would you know if Apple would be pushing the Safari update to El Capitan users?
    watto_cobra
  • Reply 16 of 21
    tallest skiltallest skil Posts: 43,399member
    Soli said:
    uBlock won't work with Safari in Mojave. You'll need a solution like 1Blocker or for uBlock to update their Extension to work through the new store.
    Interesting; thanks for the heads up. I’ll have to check my other extensions for compatibility, too.
    mike54 said:
    Would you know if Apple would be pushing the Safari update to El Capitan users?
    Oh, I’m sure they will. Apple updates Safari for several past versions of OS X today.

    Aside, in looking for the Safari download page to confirm that it does go to several past versions, I found that the Dashboard widget page is still up. Simpler times.


    edited June 2018 coolfactor
  • Reply 17 of 21
    chasmchasm Posts: 1,642member
    Tor is something that users should be aware of, but it doesn't (and probably never will) pass the grandma test. A VPN, once set up, is far more invisible to most users, or even just one-time installs like Ghostery. There are plenty of ways to easily prevent tracking, and Intelligent Tracking Protection is another one of those. Thanks, Apple!
    watto_cobra
  • Reply 18 of 21
    IreneWIreneW Posts: 164member
    Folio said: Not that I do anything nefarious, but I always make a habit of using incognito. 
    Sorry, but using incognito mode won't help at all against ISP tracking.
    williamlondontallest skil
  • Reply 19 of 21
    chasm said:
    Tor is something that users should be aware of, but it doesn't (and probably never will) pass the grandma test. A VPN, once set up, is far more invisible to most users, or even just one-time installs like Ghostery. There are plenty of ways to easily prevent tracking, and Intelligent Tracking Protection is another one of those. Thanks, Apple!

    I recently tried to create a secondary gmail account. I didn't want to leave breadcrumbs all over my digital space, so tried to do it via the TOR browser. Unfortunately, Google now asks for a mobile number so the whole process was moot. It did think that I was in Scandinavia, but I couldn't move ahead.
    watto_cobra
  • Reply 20 of 21
    lkrupplkrupp Posts: 7,162member
    ,,,
    edited June 2018
Sign In or Register to comment.