Anti-tracking techniques from browsers can be misused for tracking, Apple warns – according to a tip from Google.
Apple has improved the anti-tracking technology integrated in the Safari browser. Any type of tracking prevention carries the risk of being misused for tracking, if websites can discover the different handling of web content and URLs by the browser, as Apple’s WebKitTeam said.
Improved Tracking Protection In iOS 13.3
To prevent this from happening, Safari should now make it more difficult, if not impossible, for websites to recognize the differences in the handling of content and website data required for tracking protection. The new version of Apple’s Intelligent Tracking Prevention (ITP) is part of Safari in iOS 13.3, iPadOS 13.3 and Safari 13.0.4 for macOS.
The adjustment was made to a note from Google, as the WebKit team emphasizes: Google has researched how the different handling of web content can be recognized by anti-tracking technology and which “bad things” are possible as a result. Google’s report is not public, notes WebKit developer John Wilander.
One of the innovations of the ITP is that Safari now blocks all cookies from third-party domains as long as the user has not yet interacted with the website accessed. In addition, referrers for cross-page requests are now generally shortened to their original domain instead of transmitting the full path, according to the WebKit blog. Safaris cookie requirements should now also apply to the Storage Access API.