Home / iPhone / Apple's warning: Break Safari's web-tracking rules and we'll hit back

Apple's warning: Break Safari's web-tracking rules and we'll hit back


iTunes customers sue Apple for allegedly selling their data
The lawsuit claims that Apple has violated the privacy of its users in the quest for profit.

Apple’s Safari WebKit team has posted its official policy on web-tracking prevention, which it implemented in Safari’s Intelligent Tracking Prevention (ITP) technology.

ITP broadly aims to limit marketers from tracking iOS and macOS Safari users across different websites, but without impeding a marketer’s ability to measure the performance of their online ads

ITP, first rolled out in 2017, originally targeted third-party cookies, but recent updates also take aim at abuse of first-party cookies.   

The document outlines what Apple considers to be tracking, different types of tracking, the types it will prevent, and how it treats any attempt to bypass its anti-tracking measures. 

The company warns it will treat efforts to circumvent its anti-tracking tech in Safari “with the same seriousness as exploitation of security vulnerabilities”, with its response potentially targeted at a specific organization. 

“If a party attempts to circumvent our tracking-prevention methods, we may add additional restrictions without prior notice,” the WebKit team said. 

“These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.”

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

Among the list of techniques that Apple said it considers tracking includes link decoration, device fingerprinting, and tracking that uses storage on a user’s device, such as “cookies, DOM storage, IndexedDB, the HTTP cache and other caches, HSTS, and media keys”.    

The policy appears to be a shot across the bow for the likes of Google and Facebook, which use link decoration to bypass ITP, but the policy is also aimed at marketing companies that use shadier privacy-busting practices like browser fingerprinting

The WebKit team said in the release of ITP 2.2 that, since introducing ITP, it had noticed unnamed social networks tracking users across sites through ‘link decoration’, which involves adding a ‘click ID’ in the URLs for all outgoing links as a substitute for an actual user ID in cross-site tracking. 

The click ID is stored in a first-party cookie but can be used by a social network to track users across multiple sites, as long as the developer of a destination site has allowed their page to import scripts from the social network. Apple says this is usually achieved by the social network offering developers a new feature to integrate.   

At the time, Apple said that “changes to third-party JavaScript embedded on websites introduced link decoration without web developers’ knowledge”. 

However, Apple also vows to “limit unintended impact” of its anti-tracking measures. Practices that fall into this category include “Like buttons, Google and Facebook login to third-party sites, analytics on a single website, and audience measurement”. 

“We may alter tracking-prevention methods to permit certain use cases, particularly when greater strictness would harm the user experience. In other cases, we will design and implement new web technologies to re-enable these practices without reintroducing tracking capabilities,” the WebKit team notes. 

Apple WebKit says the new policy document was inspired by Mozilla’s Firefox anti-tracking policy in February, which ZDNet reported on in January

Source link

About admin

I'm a 50 year old PLC programmer from Burnley, UK. I severed my time as an electrician in the baking industry and soon got involved with the up and coming technology of PLC's. Initially this was all based in the Uk but as the years went by I have gradually worked my way around the globe. At first it was mainly Mitsubishi with a bit of Modicon thrown in but these days the industry leaders seem to be the Allen Bradley range of PLC and HMI’s.

Check Also

I tried to photograph the apocalypse, but my iPhone wouldn't let me

Advertisements The iPhone XR prefers Victorian beauty. Chris Matyszczyk/ZDNet I was awake, but I already ...

Leave a Reply

Your email address will not be published. Required fields are marked *