As Apple’s Developer conference rolls on, several new announces around privacy in Safari have surfaced. In this blog I take a look at several of these, explain how they are apt to work, and what you need to know/do before the release of Safari 17 / the new Operating Systems this fall.
Advanced Privacy Protection
Affecting Safari’s Private Browsing mode, a number of new enhancements have been introduced. From the press release:
https://webkit.org/blog/14205/news-from-wwdc23-webkit-features-in-safari-17-beta/
- Adding blocking for known trackers and fingerprinting.
- Adding support for mitigating trackers that map subdomains to third-party IP addresses.
- Adding blocking for known tracking query parameters in links.
- Adding noise to fingerprintable web APIs.
- Adding console log messages when blocking requests to known trackers.
- Adding support for blocking trackers that use third-party CNAME cloaking.
- Adding support for Private Click Measurement for direct response advertising, similar to how it works for in-app direct response advertising.
Many of these items are already handled by Webkit’s Tracking Prevention, which historically hasn’t leveraged the full suite of capabilities when used in Private Mode, as nothing in private mode was persisted beyond the tab being closed. Now, based on the above press release and a review of the code merge that Safari’s private mode will get behavior similar to how Safari’s normal web browsing handles CNAME Cloaking and Third Party Cloaking when dealing with the loading of external resources while rendering a page. For these, there should be no impact that doesn’t already exist for Safari 16 as these are not new technologies.
I also believe that the blocking for known trackers is likely to leverage the tracker list provided by DuckDuckGo, in much the same way that IP Address Obscurification(released in iOS15) works today. This is new behavior as previously the identified domains would be routed across the internet to mask the user’s IP Address. Now they will be blocked at the network layer and the external resource won’t be loaded in a way similar to what Brave’s Shield technology does today. This may cause website features to fail unless you have designed the site to fail gracefully. There is a high likelihood that this will affect attribution and analytics platforms and prevent them from being loaded in Private Browsing instances.
Further, Private Mode will leverage Link Tracking Protection. This will not only affect navigation between URLs (which other browsers do), but also strip user based parameters when copying or pasting URLs into the navigation bar. From the code review, it would appear this primarily happens on cross-domain navigation, and may be disabled for first party scripts and navigation. It appears that the policy that Safari leverages for which parameters to removed is loaded via a remote service so testing will need to occur to verify the impact to commonly used tools and platforms once the Beta and Technology previews become available.
Lastly, Advanced Privacy Protection will add ‘noise’ into several key fingerprinting vectors, such as 2D Canvas, Web GL, Web Audio and Screen a& Window geometry. This will make it more difficult to irreversibly fingerprint specific devices based on their hardware characteristics. It will be critical to test these items to ensure the site continues to work as expected should it leverage these APIs. Reporting that looks at screen size is likely to be impacted by these features.
Safari is the second most popular browser, and according to a 2017 survey, nearly half of American adults have used Private Browsing at least once. So while the impact won’t be as dire as if these same features were used by Safari all the time, they are likely to affect at least part of a site’s traffic in the future and may introduce odd data in relation to the number of users that leverage Private Mode on a given site.
Profiles
The second item – which can be leveraged in Safari’s normal mode is the addition of user profiles. While this may not seem super privacy focused – profiles shard the user’s History, favorites, Tab Groups and website data such as cookies, caches, service workers, and Web Push subscriptions per-profile.
For user’s who share a device (or who wish to have multiple profiles on their device for various activities) this will limit that the behavior undertaken in the course of one activity (on a profile) will impact the experience of another activity (on a different profile). Depending on actual user behavior – this may impact retargeting and attribution efforts as it will not be possible to re-establish the link easily across profiles (basically this is like a cross-device scenario). This as a result may affect how much of a given audience is reachable for targeting advertising.
Recommendations
Both features are part of iOS17 and will arrive this fall. Before that time, it may be in a brands best interest to beta test one of the operating system images and use it to look for bugs on your website so they can be addressed prior to these features reaching general availability when they become available later this fall.
Analytics and Marketing teams should be aware of, and watch for, the impact to key efforts around marketing and reporting. As both features are opt-in, adoption & impact may vary widely between industries and sites.