Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
65,600
34,189



safari-icon-250x250.jpg
Safari in the iOS 12.2 beta and Safari 12.1 for macOS High Sierra and Mojave includes an updated version of Intelligent Tracking Prevention, according to details shared on Apple's WebKit blog.

ITP 2.1, as Apple is calling it, caps client-side cookie storage to seven days. After this time period, cookies expire. As outlined by Apple, this offers improvements in privacy, security, and performance. From Apple's WebKit blog:
- Cross-site trackers have started using first-party sites' own cookie jars for the purpose of persistent tracking. The first-party storage space is especially troublesome for privacy since all tracker scripts in the first-party context can read and write each other's data. Say social.example writes a user tracking ID as a news.example first-party cookie. Now analytics.example, adnetwork.example, and video.example can leverage or cross pollinate that user tracking ID through their scripts on news.example.

- Cookies available in document.cookie can be stolen by speculative execution attacks on memory. Therefore, they should not carry sensitive information such as credentials.

- Cookies available in document.cookie can be stolen by cross-site scripting attacks. Again, therefore, they should not carry sensitive information such as credentials.

- The proliferation of cookies slows down page and resource loads since cookies are added to every applicable HTTP request. Additionally, many cookies have high entropy values which means they cannot be compressed efficiently. We come across sites with kilobytes of cookies sent in every resource request.

- There is a size limit on outgoing cookie headers for performance reasons, and websites risk hitting this limit when cross-site trackers add first-party cookies. We've investigated reports of news site subscribers getting spuriously logged out, and found that trackers were adding so many cookies that the news site's legitimate login cookie got pushed out.
The cookie storage limits will not log users out as long as websites are using the appropriate authentication cookies because it only affects cookies created through document.cookie.

ITP 2.1 also allows for just a single set of cookies per site rather than multiples, and third party tools with cross-site tracking capabilities need to use the Storage Access API to get cookie access.

Apple says this change simplifies cookie behavior for developers, lowers the memory footprint of Safari, and makes Intelligent Tracking Prevention compatible with more platforms.

A verified partitioned cache for cutting down on cache abuse for tracking purposes is also included, and as we covered earlier this month, support for Do Not Track has been disabled.

Apple says that it is removing Do Not Track because most websites never paid any attention to it since it was opt-in and could be ignored.
The DNT project recently ended without the publication of a standard, in part "because there has not been sufficient deployment of these extensions (as defined) to justify further advancement." Given the lack of deployment of DNT and Safari's on by default privacy protections such as ITP, Safari removed support for DNT so that users are not presented with a misleading and ineffective privacy control that, if anything, only offered additional browser fingerprinting entropy.
Additional details on the Intelligent Tracking Prevention updates being introduced are available via Apple's full WebKit blog post.

Article Link: iOS 12.2 and Safari 12.1 for macOS Include Updated Intelligent Tracking Prevention Feature
 

coolfactor

macrumors 604
Jul 29, 2002
7,461
10,381
Vancouver, BC
Eh, I never liked that tracking prevention stuff. Just be smart, and advertisers won't be able to learn a thing about you.

Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
  1. Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
  2. Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.
 

techguy9

macrumors 6502
Aug 16, 2014
353
470
Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
  1. Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
  2. Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.
It’s a joke comment.
 

ghostface147

macrumors 601
May 28, 2008
4,373
5,523
Well when I have that cross track thing enabled, places like jalopnik and io9 don’t work right. Never remember my login and I have to consistently log in.
 
Jan 15, 2019
140
615
Tennessee
Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
  1. Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
  2. Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.
wooosh
 

AppleMad98004

macrumors 6502a
Aug 23, 2011
620
848
Cylde Hill, WA
Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
  1. Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
  2. Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.

Umm that was a joke comment. The joke was the singles ad.
 

smithrh

macrumors 68030
Feb 28, 2009
2,743
1,790
I completely wipe cookies every time I think of it - say, every 1-3 days.

It's never been a negative.

Cookies aren't for users, they're for advertisers and people who want to track you.

Passwords aren't an issue with password fill.
 

keysofanxiety

macrumors G3
Nov 23, 2011
9,539
25,302
Eh, I never liked that tracking prevention stuff. Just be smart, and advertisers won't be able to learn a thing about you.

View attachment 822927

This made my evening. Thank you.

Can you elaborate? Your screenshot doesn't seem to illustrate much other than you being interested in Singles sites.

Some ideas for people:
  1. Use Private Browsing for sites you don't want tracking you. This loads the site into a blank slate, with no existing cookies in place.
  2. Use /etc/hosts to block common ad-serving hosts. These load from 127.0.0.1 (localhost) and the requests will never leave your computer.

I know of two things that can break the speed of sound: the Concorde, and that joke flying over your head.
 

fraczek123

macrumors newbie
Dec 19, 2018
4
14
But there is an error in newest Safari with cut/copy paste

command + x or command + c AND command + V keyboard Shortcuts do not work very often.
 

Sasparilla

macrumors 68020
Jul 6, 2012
2,020
3,456
I completely wipe cookies every time I think of it - say, every 1-3 days.
....
Cookies aren't for users, they're for advertisers and people who want to track you.
....

I'm with you. I wipe my cookies out at the end of every session (easy to setup in Firefox for automatic) - specifically because I consider it a loosing proposition to keep them. Logging in is the price, but since my sessions last a couple of hours to my full user day its not bad (i.e. once a day), you get used to it.
 

TheShadowKnows!

macrumors 6502a
Sep 30, 2014
863
1,741
National Capital Region
Third-Party cookies are the scourge of internet civilization as we know it. I curse on them!
The web architecture has allowed a third-party Cookie Monster (although unimpeachably "cute") to monetize our behavior.
cookie-monster.jpeg
 
  • Like
Reactions: apolloa

smithrh

macrumors 68030
Feb 28, 2009
2,743
1,790
Suspect Apple won't allow cookie clearing in a very easy way (e.g., on a schedule or when quitting Safari) as it's not advertiser friendly. They won't want to make Safari the nail that stands up.
 

nwcs

macrumors 68030
Sep 21, 2009
2,722
5,263
Tennessee
All good, Apple. Now how about continuing to let apps like AdGuard update and keep pace with the changes in privacy? Blocking the pseudo-VPN route is preventing us from greater privacy protection. Also, how about improving the Safari content blocking? It’s all but abandoned from the get-go.
 

Crowbot

macrumors 68000
May 29, 2018
1,831
4,134
NYC
I use Cookie 5, an App Store app that gives me fine control over cookies, databases, tracking cookies, Flash cookies and Silverlight data. It can be set to delete at intervals or when the browser is closed. Works with Safari and Firefox (and more, I assume)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.