Apple’s Safari browser will now block all third party cookies by default.
Apple has spent the last year cementing its position as the company that cares about your privacy and security. The iPhone maker has just taken this aim a step further today by announcing its Safari browser will now block all third party cookies by default. In other words, advertisers and websites can no longer follow you across the internet using tracking technology.
In a blog post for Apple’s in house browser engine WebKit, engineer John Wilander revealed that cookies for cross-site resources “are now blocked by default across the board” as part of an update to Safari’s Intelligent Tracking Prevention(ITP).
Apple’s announcement is a major step forward for privacy, because there are now no exceptions to the rule, such as “a little bit of cross-site tracking is allowed,” Wilander says.
Browser wars and the battle for privacy
The biggest browser in the market by far is Google’s Chrome, which has over 2 billion users. While Chrome has well over half the market, Apple lags way behind with about 17%.
Like Apple, Google is also realizing that an increasing number of users value their privacy, and it too will eventually block all third party cookies by default, but not until 2022.
Multiple privacy scandals, not least the Cambridge Analytica Facebook debacle, have made all users aware of the information collected about them and frequency of ad trackers across the web.
This has seen the rising popularity of privacy focused alternatives such as Brave and Firefox. Although Brave blocks multiple trackers, there are still a few exceptions. Firefox, however, also blocks third party cookies by default.
Apple’s browser security move: What’s changed?
If you’re already an Apple Safari user, you might not notice a huge change, because ITP–which was launched in Safari three years ago–has been blocking nearly all third party trackers by default already.
But there’s more behind the scenes–third party cookie blocking also disables login fingerprinting, which effectively allows websites to detect when you are logged in.
Other benefits, according toWilander, include:
- Disables cross-site request forgery attacks against websites through third-party requests.
- Removes the ability to use an auxiliary third-party domain to identify users. He says such a setup could otherwise persist IDs, “even when users delete website data for the first party.”
- Simplifies things for developers. “If you need cookie access as third-party, use the Storage Access API,” says Wilander.
Jake Moore, cybersecurity specialist at ESET thinks it’s a good move by Apple to try and encourage more people to use its Safari browser. “Apple understands that it’s behind in the browser race, so adding privacy features seems a great tactic when the privacy wars are heating up.”
Apple is certainly pushing forward in the privacy and security stakes–it’s already possible to use security keys such as the Yubico YubiKey in Safari following the launch of iOS 13.3. Advertisers and websites might not be happy with this latest move but for users, it’s a win-win.