Later this year, users running the next version of Apple’s Safari browser on iOS and macOS should start seeing a new pop-up dialogue box when they visit many websites.
Shown during a demo earlier this week at Apple’s WWDC conference by software chief Craig Federighi, this will ask users whether to allow or block web tracking quietly carried out by a certain company’s ‘like’, ‘share’ and comment widgets.
Said a bullish Federighi to loud applause:
We’ve all seen these like buttons, share buttons and comment fields. Well it turns out, these can be used to track you, whether you click on them or not. And so this year, we’re shutting that down.
Facebook wasn’t mentioned verbally, but nobody was left in any doubt about the primary target of the new feature when they read the dialog text used in Federighi’s demo:
Do you want to allow ‘facebook.com’ to use cookies and website data while browsing [example.com]? This will allow ‘facebook.com’ to track your activity.
Facebook’s chief security officer later tweeted back, testily:
https://twitter.com/alexstamos/status/1003716676813090818
It’s an unexpected turn of events for Apple, a company that normally uses public presentations to tout new features but has recently indulged a bit of rival bashing in ways that hark back to the late 1990s when it was at perpetual loggerheads with Microsoft.
Back then the target was the stifling hand of the Windows monopoly, just as now it is the oppressive force of internet surveillance by companies – Facebook but also Google – which are, in Apple’s view, wrecking user privacy to feed their advertising-based business models.
The technology Apple is using to achieve its blocking is an enhanced version 2.0 of the Intelligent Tracking Protection (ITP) first added to its WebKit browser engine in 2017.
ITP segregates the cookies from each website, which stops a company like Facebook and advertisers from tracking users across multiple sites (cross-site tracking), running their ads or embedding content such as ‘like’ buttons.
ITP previously allowed concessions for up to 24 hours for domains that users visit regularly, a window that disappears in ITP2. These requests will now go through something called the Storage Access API, which is what will throw up the permission dialog mentioned a few paragraphs up.
In parallel, Apple is continuing its long-running war against browser fingerprinting, through which advertisers attempt to track users across the web by noticing unique characteristics such as their computer hardware.
In future, Safari’s ITP2 will also limit the data that websites can extract, said Federighi:
As a result, your Mac will look more like everyone else’s Mac, and it will be dramatically more difficult for data companies to uniquely identify your device and track you.
With around half of all mobile users, Safari’s ITP2 sounds as if it has the potential to throw a spanner in advertising’s works, including that fed through Facebook and Google.
It will all hinge on what Safari users do when repeatedly asked whether they want to allow a site to track them.
ITP’s “sabotage” reportedly lost advertisers hundreds of millions of dollars when it was introduced, so a lot is riding on how this pans out.
If history is any guide, users are likely to quickly tire of the question and start clicking ‘yes’ to make life easier for themselves, even if a significant minority stick it to Facebook and others by clicking ‘no’.
Clicking yes will be a necessity on sites using Facebook to sign in, which suggests that one way to get around ITP2 is simply to make that feature even more ubiquitous.