iOS 17 Can Automatically Remove Tracking Parameters From URLs in Safari, Messages, and Mail

[MacRumors]

Starting with iOS 17, iPadOS 17, and macOS Sonoma, Safari automatically removes tracking parameters from URLs while in Private Browsing Mode, in order to prevent cross-website tracking. When a tracking parameter is detected while browsing or copying a link, Apple says Safari strips the identifying components of the URL, while leaving the rest intact. The links will still work as expected, but will no longer have unique identifiers.

Apple calls this new feature Advanced Tracking and Fingerprinting Protection, and it also works for links shared in the Messages and Mail apps. It can even be enabled for regular Safari browsing. On the iPhone, open the Settings app, tap Safari → Advanced → Advanced Tracking and Fingerprinting Protection, and select All Browsing. Users can also turn off the feature in this menu if they prefer not to use it at all.

In a WWDC 2023 video for developers, Apple shared an example of a URL before and after the tracking parameters are removed. The original URL has a unique "click_id" parameter that advertisers can use to track a user's activity across websites. Safari automatically removes this parameter to protect the user's privacy.

iOS 17 and macOS Sonoma will be released later this year, and are currently available in beta for users with an Apple developer account.

Article Link: iOS 17 Can Automatically Remove Tracking Parameters From URLs in Safari, Messages, and Mail

 

[macsplusmacs]

So happy about this.

Hopefully, this cuts way down "super" cookie logic that the advertisers are using.

I mean, abusing.

 

[maxfromdenmark]

This is something I do appreciate.

 

[Apple Fan 2008]

Good, more privacy features are always nice to see.

 

[Seoras]

Great, saves me editing them out when I paste them into my nav window.
FB continuing to get a hammering from Apple.
No wonder Zuckeberg keeps a VR head set over his head most of the day.

 

[jlc1978]

A great idea. No doubt some companies will claim this is "anti-competitive," a flagrant abiuse of Apple's market power, and will lead to anarchy, death, destruction lower profits unless the government steps in and forces Apple stop this dangerous practice...

 

[alanvitek]

At first I thought they were stripping all query string parameters off of urls! That would have been bold haha

I wonder though if this is a machine learning thing, or if there is a list of strings that safari matches against. If so, could it just become a cat/mouse game of ad networks changing the text in their frameworks to spoof it?

 

[Phaseangle]

What about when you receive email verification for password resets and account activation?

 

[hagar]

What about when you receive email verification for password resets and account activation?

Obviously this feature will not interfere with such URL’s.

 

[jz0309]

Now there’s a reason to upgrade!

 

[alanvitek]

What about when you receive email verification for password resets and account activation?

Judging from the screenshot those links would still function fine. This is targeting specific parts of URLs that cater to cross site tracking for marketing/data collection

 

[SoldOnApple]

What about my Amazon affiliate sites 😩 They all use the same tag.

 

[upandown]

You can also enable this feature for a regular non private browser tab. It’s off by default but can be enabled in the settings.

 

[Frosties]

Safari iOS is still a bad browser without stopthemadness as it autoplays video-ads.

 

[fer_schez]

*All browsing, not just private browsing.

 

[wood1208]

God bless Privacy and for that God bless Apple!

 

[Realityck]

Starting with iOS 17 and macOS Sonoma, Safari automatically removes tracking parameters from URLs while in Private Browsing Mode, in order to prevent cross-website tracking. When a tracking parameter is detected while browsing or copying a link, Apple says Safari strips the identifying components of the URL, while leaving the rest intact.

​

Apple calls this new feature Link Tracking Protection, and it also works for links shared in the Messages and Mail apps. The links will still work as expected, but will no longer have unique identifiers embedded into the URL for tracking purposes.

So many cool features added this year.

Another key change includes Link Tracking Protection in Mail, Messages, and Safari's private mode to automatically remove tracking parameters in URLs, which are often used to track information about a click.

"Safari has been a somewhat unheralded pioneer of private browsing, and so many privacy and security features, and this year it's just a tour de force," Apple's Craig Federighi was quoted as saying to Fast Company. "Browsing the internet is one of the major privacy threat vectors."

 

[phenste]

as someone who removes everything following a question mark (with rare exception) in a URL while sharing, this is a highly appreciated addition. iOS 17 is shaping up great.

View attachment 2219522 *All browsing, not just private browsing.

!!!

 

[andrewxgx]

sorry but getting anti tracking updates once a year aint gonna cut it
either you adapt quickly or become irrelevant in 2 months after release
most adblockers for firefox/chrome aleady had this for a while now, to the point that fb/ig has started to work around it by creating server-side url tracking logic (unblockable in browser)

 

[subjonas]

Cool had no idea about this kind of thing.

What about iPadOS?

 

[darkpaw]

There are ways around this for advertisers.

For example, the campaign_id in the screenshot above could easily be the actual identifier for an individual. campaign_id=1 could be Dave Smith. 2 could be Jane Doe. 3 could be Rob Smeghead, etc.

Also, you could tailor every link to go to a specific page, i.e. https://example.com/page1 is for Dave Smith, page2 is for Jane Doe, page3 is for that Smeghead guy.

By moving the tracking from the link to the website itself, Apple can't stop it. The nefarious advertisers will always find a way around this.

(NB: This only applies for companies doing their own advertising.)

 

[JosephAW]

The only way they can really remove tracking URLs is if Apple is collecting your meta data from multiple user's emails and comparing data between messages and finding what's similar and what's different and removing that.

Used to do bulk mailings and it was easy to outsmart things like this. Even tracking people with jpeg imaging server that tracked users and ip address with a static jpeg url.
I'm assuming Apple is keeping a black list of domains for images. There's a lot of meta data shared from your phone / browser even from loading jpegs.

 

[Love-hate 🍏 relationship]

Fwiw, brave has been doing this for some time now, and in REGULAR browsing as well, not just private browsing like safari 17

Which browsers are best for privacy?

An open-source privacy audit of popular web browsers.

privacytests.org

 

[coolfactor]

Cool had no idea about this kind of thing.

What about iPadOS?

iPadOS automatically inherits all of these features, as it's a superset of iOS.

Superset = everything + other stuff

 

[Apple_Robert]

I like the idea but, why can't this also be enabled in standard Safari mode as well?