WebKit (the browser engine used by Apple’s Safari, App Store and Mail applications) last week released a second cookie blocker iteration of its Intelligent Tracking Prevention, giving users the power to prevent a certain amount of online tracking.
The key features of this latest version include: removal of the 24-Hour Cookie Access Window, user-driven access for cookie storage via the Storage Access API, and protection against first party bounce trackers, to name a few.
The updates are just the latest in a push by many browser providers to emphasise user privacy.
Cybersecurity giant Trend Micro, for example, also recently released its Zero Browser for Apple devices, specifically designed to block various kinds of tracking, including session replay scripts, where everything you do on a website is recorded and viewable by interested third parties.
24-Hour Cookie Access Window replaced with user authentication
A key feature from ITP 1.0 was the enforcement of cookies only being accessible to sites visited regularly, (within 24 hours). This helped to prevent cookies being persisted from several websites that users may have not been aware of, due to a lack of usage.
For example, a user may have visited xyz.com last year and without ITP, xyz.com may still be able to track the user due to the cookies persistent expiry date.
ITP 2.0 builds upon this sentiment but differentiates by replacing the 24-Hour cookie access window with user authenticated access (the user must grant access to tracking, upon being asked by the browser).
This helpful feature gives power to users, who are now able to work alongside the browser to prevent tracking, as opposed to offloading this responsibility primarily to the browser. This authentication is implemented using the Storage Access API, introduced into ITP 1.1 earlier this year and further integrated into ITP 2.0 as announced last week.
Protection Against Third Party Bounce Trackers
ITP 2.0 is able to intelligently identify websites that are used only to redirect users to sites ultimately enabling tracking.
The WebKit team said: “ITP 2.0 has the ability to detect when a domain is solely used as a ‘first party bounce tracker,’ meaning that it is never used as a third party content provider but tracks the user purely through navigational redirects”.
“ITP 2.0 detects such tracking behavior and treats those domains just like any other tracker, i.e. purges their website data”