Later this year, users running the next version of Apple’s Safari browser on iOS and macOS should start seeing a new pop-up dialogue box when they visit many websites.
Shown during a demo earlier this week at Apple’s WWDC conference by software chief Craig Federighi, this will ask users whether to allow or block web tracking quietly carried out by a certain company’s ‘like’, ‘share’ and comment widgets.
Said a bullish Federighi to loud applause:
We’ve all seen these like buttons, share buttons and comment fields. Well it turns out, these can be used to track you, whether you click on them or not. And so this year, we’re shutting that down.
Facebook wasn’t mentioned verbally, but nobody was left in any doubt about the primary target of the new feature when they read the dialog text used in Federighi’s demo:
Do you want to allow ‘facebook.com’ to use cookies and website data while browsing [example.com]? This will allow ‘facebook.com’ to track your activity.
Facebook’s chief security officer later tweeted back, testily:
https://twitter.com/alexstamos/status/1003716676813090818
It’s an unexpected turn of events for Apple, a company that normally uses public presentations to tout new features but has recently indulged a bit of rival bashing in ways that hark back to the late 1990s when it was at perpetual loggerheads with Microsoft.
Back then the target was the stifling hand of the Windows monopoly, just as now it is the oppressive force of internet surveillance by companies – Facebook but also Google – which are, in Apple’s view, wrecking user privacy to feed their advertising-based business models.
The technology Apple is using to achieve its blocking is an enhanced version 2.0 of the Intelligent Tracking Protection (ITP) first added to its WebKit browser engine in 2017.
ITP segregates the cookies from each website, which stops a company like Facebook and advertisers from tracking users across multiple sites (cross-site tracking), running their ads or embedding content such as ‘like’ buttons.
ITP previously allowed concessions for up to 24 hours for domains that users visit regularly, a window that disappears in ITP2. These requests will now go through something called the Storage Access API, which is what will throw up the permission dialog mentioned a few paragraphs up.
In parallel, Apple is continuing its long-running war against browser fingerprinting, through which advertisers attempt to track users across the web by noticing unique characteristics such as their computer hardware.
In future, Safari’s ITP2 will also limit the data that websites can extract, said Federighi:
As a result, your Mac will look more like everyone else’s Mac, and it will be dramatically more difficult for data companies to uniquely identify your device and track you.
With around half of all mobile users, Safari’s ITP2 sounds as if it has the potential to throw a spanner in advertising’s works, including that fed through Facebook and Google.
It will all hinge on what Safari users do when repeatedly asked whether they want to allow a site to track them.
ITP’s “sabotage” reportedly lost advertisers hundreds of millions of dollars when it was introduced, so a lot is riding on how this pans out.
If history is any guide, users are likely to quickly tire of the question and start clicking ‘yes’ to make life easier for themselves, even if a significant minority stick it to Facebook and others by clicking ‘no’.
Clicking yes will be a necessity on sites using Facebook to sign in, which suggests that one way to get around ITP2 is simply to make that feature even more ubiquitous.
Epic_Null
“If this is about protecting privacy, and not just cute virtue signaling, then they should block all 3rd party JS and pixels.” Ah, Stamos is talking about something more like NoScript. I do love mine despite the challenges it can sometimes pose, and I wouldn’t necessarily be against more people using it…
And the browser providing it by default would mean that people would start seeing all the stuff that sites use, and it would make many sites actually have to recognize the amount of 3rd party shit that they have… Taking that drastic of a measure should probably be done carefully though – many users are not prepared for the mess they would see if 3rd party scripts were disabled.
Simon McAllister
This is brilliant! Some visibility of tracking will at last be available to respective users, rather than being hidden in complex T’s & C’s that need deciphering. Good work Apple. Will be interesting to see the reactions from other said companies.
Edgar M. Toro (@edgarmtoro)
But will the feature protect it also from Apple itself tracking their users? Apple has finally realized that user data usage is gold, and they want to keep it to themselves?
Peter
Yes, they want to keep it to themselves and they only keep the minimal amount they need to provide services. That’s because their business model does not rely or need any income from selling data. Of course they know what data is worth, everyone knows that. Apple doesn’t need it, though, their business model is to make money by selling hardware and services, not user data. Unless that changes with some new future CEO that takes over after Tim Cook, it’s really not a concern.
Plus they continuously do as much on device as possible using on-device machine learning and only send the minimal amount to the cloud as possible. What they collect really is for the purpose of providing you with services. As a result, some services, like Siri, don’t learn as well and are not as functional in some ways as Google assistant or Alexa, but that’s the compromise.
Raffles Administrator
On a similar note I have just skimmed through of the terms and conditions relating to a banking app for my bank. The document is longer than the complete works of Shakespeare and I would age considerably if I had to read it in detail. I notice that they want users to agree to allow some data to be shared with advertisers. Well that I already pay banking fees. Should I refuse it and do without the banking app?I’m quite prepared to do it and tell the bank why, the problem is that I’m a fart in a thunderstorm as most people 99.999%’ just click on accept without realizing that some dudes are getting very rich at their expense.
Brian T. Nakamoto
Checkout Apple’s site on Privacy. In general, Apple encrypts your data with a private key that only you have so there’s less data for them to mine. Their business also isn’t reliant on selling advertising (unlike Google and Facebook).