Security news that informs and inspires

Safari Removing Do Not Track Support

Apple is enabling some new security and privacy features for Safari that will improve the browser’s protections against pervasive tracking and phishing and attack sites, and simplify the login process.

Safari 12.1 is the next major version of Apple’s browser and the company has a number of subtle changes planned that will streamline protection against some of the stickier web security problems. Among the updates is a series of changes to the way that sites are allowed to track users. The biggest change is the removal of support for the Do Not Track standard, a controversial feature that has been the subject of a years-long fight involving, at various times, browser vendors, privacy advocates, advertising groups, and the federal government.

DNT was designed as a way for browser to send a signal to sites that individuals didn’t want to be tracked, whether by the site operator itself or advertisers on the site. But there are a number of problems with the standard, chief among them the fact that there is no requirement for site owners to respect the DNT signal from a given visitor. Also, finding the setting in the browser to enable DNT wasn’t always an easy task, so plenty of people never got around to turning it on. In the last few years, browser vendors have begun to disable DNT by default and privacy groups and individuals have soured on it serving as a functional defense against pervasive tracking.

Recently, DuckDuckGo, the privacy focused browser maker, conducted a survey of more than 500 people about their knowledge and use of DNT. The results showed that many people have no idea that DNT doesn’t require sites to respect the signal from browsers.

“Unfortunately, tens of millions of Americans (and many more worldwide) who enable DNT don’t know that it's only sending a voluntary signal. Of the respondents who heard of and were at least ‘slightly familiar’ with the Do Not Track setting, 44.4% (±7.3) of them were not aware of its true voluntary nature. Even among those who have consciously enabled DNT in their browser, 41.4% (±8.9) didn't know that it only sends a voluntary signal,” the company said in a post on the survey results this week.

“It can be alarming to realize that Do Not Track is about as foolproof as putting a sign on your front lawn that says ‘Please, don’t look into my house’ while all of your blinds remain open. In fact, most major tech companies, including Google, Facebook, and Twitter, do not respect the Do Not Track setting when you visit and use their sites – a fact of which 77.3% (±3.6) of U.S. adults overall weren’t aware.”

In the release notes for Safari 12.1, Apple says it is removing “support for the expired Do Not Track standard to prevent potential use as a fingerprinting variable.” Apple also made two other changes regarding tracking, specifically in the way that Safari handles cookies.

“Removed support for partitioned cookies for domains with cross-site tracking capabilities. The Storage Access API now provides third-party access to cookies. Improved Intelligent Tracking Prevention to limit long-term tracking based on client-side first-party cookies and to verify partitioned cache entries,” the release notes say.

There are also a couple of other important security upgrades coming to Safari. One of the changes will display automatic warnings to users when they visit a page that has been identified as being malicious or a phishing page, a feature that Google Chrome has had enabled for some time. Safari also is adding a feature that will log people into sites automatically when the Password AutoFill function fills in credentials on a site.