Apple Beats Google: Brings Full Third-Party Cookie Blocking 2 Years Early
Apple has updated the Intelligent Tracking Prevention (ITP) in its Safari web browser on iOS 13.4, iPadOS 13.4, and Safari 13.1 on macOS. The web browser now blocks all third-parties cookies by default and prevents websites from tracking users as they browse the internet.
While the new Safari privacy feature is a big leap, what makes it more interesting is that Apple has leapfrogged its rival Google by almost two years.
Back in January, Google announced that it would add blocking of third-party cookies to its Chrome web browser sometime around 2022. As it turns out, Apple didn’t spare a second in taking advantage of the opportunity.
“This is a significant improvement for privacy since it removes any sense of exceptions or a little bit of cross-site tracking is allowed, Apple engineer John Wilander said in the announcement post for the new privacy update. He also praised Google for initiating the research on this topic.
This update takes several important steps to fight cross-site tracking and make it more safe to browse the web. First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.
— John Wilander 🇺🇦 (@johnwilander) March 24, 2020
Safari’s Intelligent Tracking Prevention feature was first launched in 2017. Since then, tracking prevention has become the latest trend in web browsers. Mozilla Firefox also added similar functionality back in June last year.
Wilander said that Apple has already implemented Storage Access API to enable cross-site integration, allowing cookies to be shared via authenticated methods and mandatory user control in place.
In the absence of full third-party cookie blocking, websites can track whether a user has logged in or not – a technique known as Login Fingerprinting. Now, the improved Safari browser will be able to tackle that.
The new tracking prevention update disables cross-site requests for forgery attacks and also prevents anyone from using an “auxiliary third-party domain to identify users.” In other words, websites won’t be able to maintain people’s IDs even if they have deleted their accounts, which was otherwise possible.
While Safari’s new ITP update seems like a big one, Apple has been adding many changes to ITP since its initial release in 2017 and “we are now at a place where most third-party cookies are already blocked in Safari.” So, users may not feel much of a difference, Wilander added.
“We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap.”