Apple is Copying Mozilla’s Anti-Tracking Policy

Apple has quietly revealed that it will implement an anti-tracking policy for its WebKit browser engine that’s based on Mozilla’s.

“We are publishing the WebKit Tracking Prevention Policy, covering what types of tracking WebKit will prevent when other tracking countermeasures come into play such as limiting capabilities and informed user consent, and how WebKit handles unintended impact of our tracking prevention,” Apple’s Jonathan David announced. “We’d like to thank Mozilla for their anti-tracking policy which served as inspiration for ours.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Mozilla began offering what it calls Enhanced Tracking Protection in Firefox 63 last October. This blocked the most common form of cross-site tracking, meaning cookies and storage access from third-party trackers. This past summer, it expanded this technology into Enhanced Privacy Protection, and it’s now enabled by default for new users and will be auto-enabled for all Firefox users soon.

Basically, Apple picked the right policy to copy, and given its focus on customer privacy, this change makes a lot of sense.

“WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert),” Apple’s new policy reads. “If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique … If even limiting the capability of a technique is not possible without undue user harm, WebKit will ask for the user’s informed consent to potential tracking.”

Apple says it will treat any attempt at circumventing its anti-tracking functionality with the same severity as it does the exploitation of security vulnerabilities. And that it will grant no exceptions to its tracking prevention; should sites not behave properly because of the changes—something that happens occasionally with Firefox now as well—that’s the site’s problem, Apple says. “We will typically prioritize user benefits over preserving current website practices,” the policy explains. “We believe that that is the role of a web browser, also known as the user agent.”

This is the right approach to tracking. And a model for Google, Microsoft, and all other web browser makers to follow.

Tagged with

Share post

Please check our Community Guidelines before commenting

Conversation 12 comments

  • bart

    Premium Member
    18 August, 2019 - 11:17 am

    <p>I don't have any knowledge of this topic, but how does this compare to Microsoft's efforts in Chredge? </p>

    • Paul Thurrott

      Premium Member
      18 August, 2019 - 2:16 pm

      <blockquote><em><a href="#450225">In reply to Bart:</a></em></blockquote><p>Microsoft is offering tracking protection, which can be fully on, mostly on, or off. as configured by the user. Fully on is where stuff breaks.</p>

  • lilmoe

    18 August, 2019 - 11:27 am

    <p>The easiest, and most secure way to secure your browser against cross site tracking is by disabling 3rd party cookies from your browser settings. If you want to go the extra mile, just disable javascript for all sites but the ones you trust. </p><p><br></p><p>Sites that do not offer an alternative to client side javascript/scripting, or at least a very strict content security policy where all content is served from the site itself, in the future should be marked as insecure.</p><p><br></p><p>You can download duckduckgo's tracking blocker for a rating for the sites you frequent. </p>

    • wright_is

      Premium Member
      19 August, 2019 - 2:51 am

      <blockquote><em><a href="#450226">In reply to lilmoe:</a></em></blockquote><p>Disabling third party cookies only stops a small fraction of the tracking these days. JavaScript as well. They both help, but the world has moved on.</p><p>There are hidden (and not so hidden) elements on the page (E.g. the Facebook Like button and script, invisible GIFs etc.), then there are things like the browser header string, list of add-ons, window size, operating system and hardware information, motion sensors, timing delays and lots of other things.</p><p>Even measuring the delay to write to disk for the local database cache can be used to track you – or at least identify certain things about the browser and visitor; as the workaround for the new Chrome anonymous mode being broken within hours of release last week.</p><p>The only real answer is to forbid connections from tracking sites. I use a mixture of a hosts file on my laptop and a Pi-Hole on my home network to block such sites.</p><p>The hosts file re-routes known tracking sites to 0.0.0.0 (unreachable), whereas the Pi-Hole acts as my local DNS server for my home network and uses several well known anti-tracking lists to provide a list of site which are actively blocked at the DNS level.</p>

      • Chris_Kez

        Premium Member
        19 August, 2019 - 7:56 am

        <blockquote><em><a href="#450301">In reply to wright_is:</a></em></blockquote><p>For all of the effort these companies put into tracking you would think targeted advertising would be AMAZING. What a waste of resources.</p>

        • wright_is

          Premium Member
          19 August, 2019 - 8:05 am

          <blockquote><em><a href="#450321">In reply to Chris_Kez:</a></em></blockquote><p>Yes. I bought a new dishwasher from Amazon 3 months ago, I still get daily offers for other dishwashers… :-S</p>

          • karlinhigh

            Premium Member
            19 August, 2019 - 9:53 am

            <blockquote><em><a href="#450323">In reply to wright_is:</a></em></blockquote><p>To stop the ads after the purchase, I expect Amazon would have to share the purchase info with the advertisers? Then the ads would probably switch to pushing extended warranties and dishwasher supplies instead. :)</p>

    • rosyna

      19 August, 2019 - 8:53 am

      <blockquote><em><a href="#450226">In reply to lilmoe:</a></em></blockquote><p>Safari was the first browser to automatically disable third-party cookies. Ad companies then circumvented the policy through redirection (making Cookies first party), so Safari go intelligent tracking prevention, which applies rules to this type of circumvention.</p>

  • madthinus

    Premium Member
    18 August, 2019 - 3:08 pm

    <p>This is why Mozilla is so important. They are the only company where the web and users come first. </p>

  • Stooks

    18 August, 2019 - 9:53 pm

    <p>Safari was the first browser to prevent cross site tracking, which made a lot of advertisers un-happy. To this day Safari has the BEST audio media playing blocker. I simply do not understand why other browsers do not do this.</p>

    • rosyna

      19 August, 2019 - 8:50 am

      <blockquote><em><a href="#450275">In reply to Stooks:</a></em></blockquote><p>Although Safari generally implements all the things discussed in the policy first, this is the first time there’s been an official policy that states their goals.</p><p><br></p><p>(to get the WebKit policy before, you’d have to look up multiple past release notes and announcements)</p>

  • dontbeevil

    20 August, 2019 - 11:21 am

    <p>OMG you wrote "apple is COPYING", that explains the iceland ice melting</p><p><br></p><p>of course it's not an Hassan article about a feature copied by apple… it will happen only when the hell will freeze</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC