Apple warns Safari tracking firms to stop now, or else…
Apple is showing its teeth and stressing it is utterly and completely serious in its attempt to prevent data grabbers, loggers and others exfiltrating your location and other data when you’re simply surfing the web.
That’s why it is warning those who abuse its upcoming protections against this dark art that they’ll be treated as malware distributors if they seek to undermine its perfectly logical privacy protections in Safari.
Safari has tough privacy protections
Apple in August 2019 published a policy to explain how Safari will prevent advertisers and websites tracking visitors online through the browser.
“Tracking is the collection of data regarding an individual’s identity or activity across one or more websites. Even if such data is not believed to be personally identifiable, it’s still tracking,” Apple explains bluntly on the WebKit website.
The company began blocking this kind of cross-site tracking in 2017. Other browsers are following suit, even (to a lesser extent) Google Chrome.
But to get around this, sites began using device fingerprinting and complex cookie to continue gathering information about users – even when they had expressly said they didn’t want this to happen using Safari’s privacy protections.
I don’t think that’s good enough.
Neither does Apple.
What Apple is saying
This is Apple’s warning to those attempting to subvert its protections:
“We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities. If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice,” it says.
What about tracking practises Apple doesn’t know about?
Apple is coming for you if you use some other form of tracking tech, it warns.
“If we discover additional tracking techniques, we may expand this policy to include the new techniques and we may implement technical measures to prevent those techniques.”
What about sites and services you want to use?
Apple is attempting to find a middle ground between convenience and privacy.
If there are sites and services you use frequently that you don’t mind also track you, you should be able to continue to use those unhindered – though Apple will require that this permission exchange is clear and understood.
“We consider certain user actions, such as logging in to multiple first party websites or apps using the same account, to be implied consent to identifying the user as having the same identity in these multiple places. However, such logins should require a user action and be noticeable by the user, not be invisible or hidden,” it said.
What about legitimate use of such data?
Apple understands that there may be legitimate reasons for some tracking, but it has no way of determining is such use is valid or not.
Nor can it control what happens to that information once it is collected – such as who can access it or who it might get sold to.
So, there are no exceptions to this policy.
Surely there’s a compromise?
Apple will always support the user above the service, but will try to limit unintended impact on some services with an eye to user experience.
That means it will design new tools to support legitimate needs, such as fraud prevention or sign-in. Indeed, this is why Apple introduced Sign in With Apple.
What is the aim of all this?
“We want to see a healthy web ecosystem, with privacy by design,” said Apple. The company also said its policy is inspired by and derived from Mozilla’s anti-tracking policy.
“Platforms and algorithms that promised to improve our lives can actually magnify our worst human tendencies,” Apple CEO Tim Cook told us last year.
“Rogue actors and even governments have taken advantage of user trust to deepen divisions, incite violence, and even undermine our shared sense of what is true and what is false. This crisis is real. It is not imagined, or exaggerated or crazy.”
Products from Amazon.com
The message is becoming quite clear:
If you value privacy, avoid Facebook, use DuckDuckGofor search and if you can’t run Safari, run Firefox. You may want to join MeWe as well.
Meanwhile, Apple’s own recent actionsshow it is deeply dedicated to user privacy – even when the entity probing privacy is itself.
Privacy is essential in a connected age. The easiest way to protect it is to stop supporting services that grab your data. On which, here’s something I wrote earlier…