Apple is taking a hard stance on online privacy with a new anti-tracking policy in Safari.
The iPhone maker has published a “WebKit Tracking Prevention Policy” that goes into specifics about the types of anti-tracking methods it has developed, the practices it believes are harmful to users, and the unintended consequences of those preventive countermeasures.
The open-source WebKit browser rendering engine is the basis for Safari, in addition to the browsers bundled with Amazon Kindle ebook reader and Samsung Tizen OS.
Blink — the rendering engine that powers Google Chrome — is also a fork of WebKit. But on iOS, Chrome and other third-party browsers rely on WebKit due to restrictions imposed by Apple’s App Store Review Guidelines (Section 2.5.6).
Intelligent Tracking Protection
Publishers and companies rely heavily on online tracking — i.e. collecting (anonymized) data about a user’s activity on the web — to keep tabs on your every move as you hop from one site to the other.
Thanks everyone who attended my talk on web privacy at #usesec19. My demos worked – yay!
By the way, we *just* announced the WebKit Tracking Prevention Policy: https://t.co/jo5MPkNAAs
— John Wilander (@johnwilander) August 14, 2019
While this is typically used for targeted advertising, the implications go beyond just serving relevant ads in that it allows marketers to create detailed dossiers about your interests — resulting in significant loss of privacy.
Apple, for its part, began to crack down on web-tracking two years ago with Intelligent Tracking Protection (ITP). The technology aims to limit advertisers’ cross-site tracking on iOS and macOS Safari browsers, at the same time, measure the effectiveness of their ad campaigns on the web without compromising on your privacy.
The anti-tracking policy
Viewed in that light, the new policy is an extension of this privacy-by-design paradigm. It seeks to prevent all forms of covert tracking methods outlined above, failing which it will ask for user’s informed consent before allowing tracking.
Apple warns that parties trying to circumvent its anti-tracking tech in Safari will be treated “with the same seriousness as exploitation of security vulnerabilities,” and that it “may add additional restrictions without prior notice.”
— Steven Englehardt (@s_englehardt) August 15, 2019
At the same time, the Cupertino-based tech giant acknowledged it will “try to limit unintended impact” of its anti-tracking methods, particularly on practices that could be affected because “they rely on techniques that can also be used for tracking,” such as “Like” buttons, third-party sign-on, and bot detection.
It is, however, not immediately clear if paywall detection methods employed by publishers will be considered forbidden in this context.
Privacy trumps all
“When faced with a tradeoff, we will typically prioritize user benefits over preserving current website practices,” the WebKit engineering team said.
Apple is not the first company to go after abusive tracking methods — the company notes its anti-tracking methods were inspired by Mozilla’s anti-tracking policy. But with Safari being the default browser on all Apple devices, the development could tip the scales in its favor.
The policy enforcement also comes at a time when use of ad-blockers is at its peak, with privacy-focused web browser Brave registering a 1,200 percent increase in verified publishers using its Brave Rewards program since July last year.
Brave blocks ads by by default, but allows its users to earn BAT tokens if they choose to accept ads that are provided by the company.
But by equating circumvention of anti-tracking measures with a security vulnerability, Apple has taken its efforts to guarantee user privacy up a notch.
While a lot of it will depend how the policy is enforced, you can bet it will force advertisers and other browser makers — including Google’s widely used Chrome — to rethink their approach. And that can only be a win for privacy.