Track­ing in High Sierra

The new Sa­fari takes steps to re­duce per­sis­tent user track­ing, but is it enough? Jef­fery Bat­tersby re­ports

Macworld - - Contents -

In macOS High Sierra, third par­ties will have a more dif­fi­cult time shar­ing any track­ing in­for­ma­tion via Sa­fari. It’s all part of Ap­ple’s ap­proach to pri­vacy, and it’s not just lip ser­vice. While such poli­cies cer­tainly helps the com­pany from a mar­ket­ing stand­point, they’re also rou­tinely turned into prod­uct fea­tures.

The new fea­ture seems to have the po­ten­tial to make it harder for un­re­lated sites to fol­low you around the In­ter­net. But some ex­perts be­lieve that, while a noble tech­nol­ogy to de­ploy, the ac­tion has

al­ready shifted to a dif­fer­ent front that Ap­ple can’t help with di­rectly.

You are the prod­uct

Ap­ple has long taken the stance that it doesn’t treat our pri­vate data and on­line be­hav­iour as prop­erty it can sell or lease to oth­ers. This no­tion is partly in re­ac­tion to Google, Face­book, Ama­zon, and oth­ers who make their money in dif­fer­ent ways than Ap­ple, all of which have led them to push at the le­gal and eth­i­cal lim­its of har­vest­ing our per­sonal lives.

When was the last time you re­mem­ber any of those sites mak­ing a change that you felt in­creased your pri­vacy? Mean­while, you can list court cases, fea­tures, op­tions, and un­der-the-hood tech­nol­ogy that Ap­ple has pur­sued to pre­vent un­wanted or un­war­ranted ac­cess to your data and pri­vate life.

In iOS 9, Ap­ple added con­tent-block­ing Sa­fari ex­ten­sions, and brought the same tech­nol­ogy to macOS in Sierra the next year. App developers could cre­ate rule­sets that pre­vented con­tent from spe­cific do­mains, con­tain­ing cer­tain for­mat­ting el­e­ments, or in var­i­ous me­dia for­mats from load­ing at all.

This seemed like an aw­fully hos­tile move, even though 11 per­cent of all In­ter­net users cur­rently use ad-block­ing soft­ware, ac­cord­ing to PageFair. But ad block­ing largely isn’t about ad­ver­tis­ing. Rather, it’s about page bloat, load time, popovers, au­to­play videos, band­width us­age, a site’s us­abil­ity, and un­in­ten­tion­ally de­liv­ered mal­ware. Most users don’t nec­es­sar­ily com­plain about all these fac­tors

at once, but those who in­stall Ghostery, 1Blocker, and other desk­top and mobile fil­ters do so from frus­tra­tion. (Yes, some peo­ple just ob­ject to ads qua ads, but ads pay the bills.)

Ap­ple’s lat­est move, an­nounced at WWDC, doesn’t block ads at all, but it tries to pre­vent un­wanted path­ways be­tween user be­hav­iours and track­ing, of­ten used for tar­geted ad­ver­tis­ing. Those path­ways al­low track­ing sys­tems to fol­low you by stor­ing in­for­ma­tion in your browser that the browser then sends when you visit other sites that use the same track­ers.

In­tel­li­gent Track­ing Pre­ven­tion (ITP) is Ap­ple’s term for the new tech­nol­ogy go­ing into We­bKit, the open-source en­gine Ap­ple developers that un­der­lies Sa­fari for macOS and iOS, as well as

third-party browsers. At this stage, Ap­ple has dis­cussed ITP only as a macOS fea­ture.

Track­ers work by gen­er­at­ing a unique to­ken stored in the browser. This is typ­i­cally done with cook­ies, but track­ing sys­tems that are nom­i­nally scrupu­lous may use other stor­age mech­a­nisms, too, cre­at­ing ‘ev­er­cook­ies’. These drop track­ing IDs in all the nooks and cran­nies in a browser that al­low any form of data stor­age or caching, mak­ing it al­most im­pos­si­ble to root out. The only way to avoid them in Sa­fari is by us­ing pri­vate brows­ing.

ITP at­tempts to rec­og­nize to­kens de­signed to iden­tify you across sites, rather than those used for rou­tine sin­gle-site-based in­ter­ac­tion. It watches how re­mote re­sources are loaded, and how you in­ter­act with them, in­clud­ing whether you tap, click, or en­ter data into forms. Be­cause it’s Ap­ple, the statis­tics and ac­tions gath­ered aren’t sent back to the cloud, but are stored lo­cally to build up a pro­file for your Sa­fari on your Mac. (It’s pos­si­ble Ap­ple will send cer­tain limited and anonymized data back us­ing dif­fer­en­tial pri­vacy, but that wasn’t an­nounced.)

The sys­tem is smart enough to dif­fer­en­ti­ate be­tween first-party and third-party vis­its. A first­party visit hap­pens when you go di­rectly to a site, like mac­; a third-party visit counts any non-mac­ scripts, im­ages, video, or other re­sources that load from mac­

ITP does al­low limited use of cross-site track­ing for the first 24 hours af­ter you visit a first-party site. Ap­ple’s ex­am­ple is a site called Ac­ that

han­dles the lo­gins for, and Vis­it­ing Ac­ and log­ging in sets a cookie at Ac­ that the other sites can re­trieve by load­ing a script from Ac­, let­ting them val­i­date your lo­gin.

Af­ter 24 hours, how­ever, Ap­ple’s sys­tem will stop al­low­ing those third-party cook­ies and other data to load. While your browser data re­lated to Ac­ it­self can be re­trieved for up to 30 days through a first-party visit to that do­main, the sites with other do­mains can no longer ac­cess that in­for­ma­tion.

A site de­vel­oper would need to cre­ate a sim­ple re­di­rect to re­fresh the first-party con­nec­tion: you’d go to, it would re­di­rect you to Ac­, and then back to This

should be fairly seam­less, and some sites make use of this to­day. For user track­ing, how­ever, em­bed­ded scripts and re­sources in a web page can’t cre­ate those redi­rects and thus won’t get in­for­ma­tion af­ter 24 hours.

For do­mains iden­ti­fied as track­ing you across sites, Sa­fari will dump all cook­ies and ‘web­site data’ as­so­ci­ated with the do­main af­ter 30 days with no first-party visit. While Ap­ple hasn’t pro­vided de­tails about which data is removed, I hope it’s all the lo­ca­tions that ev­er­cook­ies rely upon. Oth­er­wise, this purg­ing doesn’t truly stop browser-based track­ing. (You can read a more tech­ni­cal run­down on the We­bKit site at

This all sounds pretty slick. It al­lows short-term use of cross-site data for limited pur­poses and medium-term use for more fo­cused uses, while it re­jects data in­tended to per­sist over long pe­ri­ods across un­re­lated par­ties.

But there’s a prob­lem. It’s only ef­fec­tive on the browser side.

What lies be­neath

Alexan­der Hanff, a pri­vacy ac­tivist, de­flated the ITP bub­ble a bit with a post de­scrib­ing the lim­its of browser-side con­trol of cross-site track­ing. In brief, any­thing a third-party script or re­source loaded on a web page can do, so can the first party serv­ing the page up. Track­ing code can be run in such a way that it’s han­dled by the do­main that a user is vis­it­ing, short-cir­cuit­ing the util­ity of block­ing third-party track­ing.

The first-party site can use the data it ac­quires and com­mu­ni­cate server-to-server with track­ing net­works to as­so­ci­ated a user with other vis­its. It’s not per­fect, be­cause it re­lies on iden­ti­fy­ing unique ses­sion char­ac­ter­is­tics of the browser and its net­work lo­ca­tion, but it can used with a high de­gree of ac­cu­racy. Hanff and oth­ers note that the trend to­wards first-party server-side track­ing isn’t new, and that Ap­ple’s move will only ac­cel­er­ate that ap­proach.

That’s not to say Ap­ple shouldn’t im­ple­ment ITP, Hanff says and I agree. Not ev­ery site has the ca­pa­bil­ity or in­ter­est in host­ing server-side track­ing, and thus ITP can have a broad im­pact against

ca­sual but wide­spread un­so­phis­ti­cated track­ing. Many sites in­cor­po­rate an­a­lyt­ics, ad-serv­ing, and other track­ing code with­out un­der­stand­ing the pri­vacy im­pli­ca­tions (or even be­ing aware there are any to think about, de­pend­ing on the site). And the lack of per­fect browser track­ing us­ing first-party server tools re­duces the value of that track­ing, too. Low-hang­ing fruit can be picked off.

Ap­ple will also add let High Sierra’s Sa­fari pre­vent auto-play videos, the scourge of the net. And an up­com­ing ver­sion of Google Chrome re­port­edly will block ads that don’t con­form to an in­dus­try con­sor­tium’s rules for ‘ac­cept­able’ ads.

Hanff ar­gues that only reg­u­la­tion and en­force­ment can make a dif­fer­ence, be­cause of the server-side shift. But I be­lieve that the ex­ten­sive use of ad block­ers and these up­com­ing Ap­ple and Google plans mean that the air sup­ply for bor­der­line and un­eth­i­cal be­hav­iour is be­ing cut off. This, in turn, will lead pub­lish­ers to make bet­ter de­ci­sions about what to in­clude on their pages, be­cause it will be a dif­fer­ence be­tween users block­ing all ad­ver­tis­ing or be­ing able to tol­er­ate ads that re­spect their band­width, time, and in­tel­li­gence. ITP is an­other piece in this process.

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.