Apple Releases Safari Private Browsing 2.0, Opposes Google's Topics API

July 17, 2024 at 2:45:30 PM

TL;DR Apple's WebKit team introduced Private Browsing 2.0 for Safari 17, enhancing protection against cross-site tracking and fingerprinting. Features include link tracking protection, blocking known trackers, advanced fingerprinting protection, and extensions management. Additional protections apply to all browsing modes, like capped cookie lifetimes and partitioned storage. Apple rejects Google's Topics API due to privacy concerns, emphasizing the importance of not adding fingerprintable APIs.

Apple Releases Safari Private Browsing 2.0, Opposes Google's Topics API

Apple's WebKit team has introduced Private Browsing 2.0 for Safari, enhancing protection against cross-site tracking and fingerprinting. These new privacy features will be available in Safari 17's enhanced Private Browsing mode.

Apple first introduced Private Browsing in 2005 to allow users to browse without leaving local traces. Over the years, they have incrementally increased privacy protections, emphasizing that users should not be tracked without their knowledge or consent.

Enhanced Private Browsing Features

The new features in Safari 17.0 include:

  • Link Tracking Protection: Removes tracking information from URLs during navigation.
  • Blocking Network Loads of Known Trackers: Blocks network requests to known trackers using data from DuckDuckGo and EasyPrivacy.
  • Advanced Fingerprinting Protection: Adds noise to various APIs to prevent fingerprinting.
  • Extensions Management: Extensions with website or history access are off by default in Private Browsing.
  • Web AdAttributionKit: Allows privacy-preserving ad attribution.

Additional Protections in All Browsing Modes

  • Capped Lifetime of Cookies: Limits the lifespan of cookies from cloaked third-party IP addresses.
  • Partitioned SessionStorage and Blob URLs: Isolates storage to prevent cross-site tracking.
  • Network Privacy Enhancements: Uses encrypted DNS and proxies unencrypted HTTP requests.

Advanced Fingerprinting Protection

Safari introduces several measures to combat fingerprinting:

  • Noise Injection: Applies noise to 2D canvas, WebGL, and WebAudio APIs to obscure unique device characteristics.
  • Fixed Values for Screen/Window Metrics: Standardizes values returned by APIs to reduce fingerprinting entropy.

Opposition to Google's Topics API

Apple has rejected Google's Topics API which is part of the privacy sandbox, emphasizing the importance of not adding fingerprintable APIs to the web. The company has been working with the standards community to improve user privacy on the web platform and believes that introducing new fingerprintable APIs would exacerbate the fingerprinting problem. While some trade-offs might be acceptable for a richer web experience or enhanced accessibility, Apple generally advocates for progressing the web without increasing fingerprintability.

Research by Yohan Beugin and Patrick McDaniel from the University of Wisconsin-Madison highlights significant privacy concerns with the Topics API. Their study shows that the 5% noise intended to provide plausible deniability can be defeated, allowing the API to fingerprint and re-identify users. The research concludes that users can be uniquely re-identified across websites through their topics of interest, worsening privacy violations over time.

Beyond re-identification, the Topics API also enables profiling of users' cross-site activity. For example, a data broker can track a user's shifting interests over several years, building a detailed profile without the user's explicit consent. This data can be combined with other data points to feed algorithms that draw conclusions about the user, raising further privacy concerns.

In summary, Apple's rejection of the Topics API is rooted in its potential to increase fingerprinting and privacy violations, which contradicts the company's long-standing efforts to enhance user privacy on the web.

Q&A

Have more questions on this topic? Ask our AI assistant for in-depth insights.

Read more from sources πŸ‘‡

The Only Digital Marketing Feed You'll Ever Need.

Stay informed your way. Tailored updates when and how you want them. 100% Free.

10,000+ Users

500+ Sources

1000+ Tools

Or

Related Posts

Google Tag Manager Launches Server-Side Tagging Support for Mobile Apps Trending ️‍πŸ”₯

Google Tag Manager Launches Server-Side Tagging Support for Mobile Apps

Brais Calvo
Brais Calvo

Top Creator

Top Analytics Creator

Brais Calvo is a Top Analytics Creator. Part of Swipe Insight Select, a curated list of top creators.

Top Analytics Creator
Top-Notch Google Analytics Audit Tool

Top-Notch Google Analytics Audit Tool

Sponsored
GA4 Auditor
GA4 Auditor

Verified Sponsor

Verified Sponsor

GA4 Auditor is a Verified Sponsor. Want to get featured here? Contact us.

Verified Sponsor
Microsoft Edge Launches Ad Selection API Preview for Privacy-Focused Advertising

Microsoft Edge Launches Ad Selection API Preview for Privacy-Focused Advertising

Microsoft Advertising
Microsoft Advertising

Official Source

Official Source

Microsoft Advertising is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Google Privacy Sandbox Adds Deal Support, Clickiness Signals, Longer Interest Group Lifespans

Google Privacy Sandbox Adds Deal Support, Clickiness Signals, Longer Interest Group Lifespans

Google Tag Rolls Out 'Consent Mode Override' Feature

Google Tag Rolls Out 'Consent Mode Override' Feature

Brais Calvo
Brais Calvo

Top Creator

Top Analytics Creator

Brais Calvo is a Top Analytics Creator. Part of Swipe Insight Select, a curated list of top creators.

Top Analytics Creator
Apple Announces EU-Specific Changes to Browser Choice and Default Apps

Apple Announces EU-Specific Changes to Browser Choice and Default Apps

Apple Developer
Apple Developer

Official Source

Official Source

Apple Developer is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Google Reports Promising Results from Privacy Sandbox Experiment for Display Ads

Google Reports Promising Results from Privacy Sandbox Experiment for Display Ads

Google
Google

Official Source

Official Source

Google is a Official Source. The source has been verified by Swipe Insight team.

Official Source
Google Won't Remove Third-Party Cookies from Chrome Trending ️‍πŸ”₯

Google Won't Remove Third-Party Cookies from Chrome

Google
Google

Official Source

Official Source

Google is a Official Source. The source has been verified by Swipe Insight team.

Official Source

Related Tools

GA4 Auditor logo

GA4 Auditor

Verified Tool

Verified Tool

GA4 Auditor is a Verified Tool. Want to get this badge? Contact us.

Verified Tool

Automated GA4 audits with actionable insights

Get Featured Here

Showcase your tool in this list.

Contact Us
Adsmurai logo

Adsmurai

Manage and scale your digital marketing campaigns

Ad Management
easyTag.io logo

easyTag.io

Effortless GA4 server-side tracking

Rockerbox logo

Rockerbox

Simplified marketing data for strategic decisions

Branch logo

Branch

Seamless mobile linking and attribution solutions

Datahash logo

Datahash

Privacy-focused server-side tracking

Stape.io logo

Stape.io

Simplify server-side data tracking and compliance

AppsFlyer logo

AppsFlyer

Maximize app growth with data-driven insights

Adjust logo

Adjust

Optimize and scale app growth with real-time insights

TrueROAS logo

TrueROAS

AI ad tracking for Shopify and WooCommerce

Get Featured Here

Showcase your tool in this list.

Contact Us