Apple Releases Safari Private Browsing 2.0, Opposes Google's Topics API

July 17, 2024 at 2:45:30 PM

TL;DR Apple's WebKit team introduced Private Browsing 2.0 for Safari 17, enhancing protection against cross-site tracking and fingerprinting. Features include link tracking protection, blocking known trackers, advanced fingerprinting protection, and extensions management. Additional protections apply to all browsing modes, like capped cookie lifetimes and partitioned storage. Apple rejects Google's Topics API due to privacy concerns, emphasizing the importance of not adding fingerprintable APIs.

Apple Releases Safari Private Browsing 2.0, Opposes Google's Topics API

Apple's WebKit team has introduced Private Browsing 2.0 for Safari, enhancing protection against cross-site tracking and fingerprinting. These new privacy features will be available in Safari 17's enhanced Private Browsing mode.

Apple first introduced Private Browsing in 2005 to allow users to browse without leaving local traces. Over the years, they have incrementally increased privacy protections, emphasizing that users should not be tracked without their knowledge or consent.

Enhanced Private Browsing Features

The new features in Safari 17.0 include:

Link Tracking Protection: Removes tracking information from URLs during navigation.
Blocking Network Loads of Known Trackers: Blocks network requests to known trackers using data from DuckDuckGo and EasyPrivacy.
Advanced Fingerprinting Protection: Adds noise to various APIs to prevent fingerprinting.
Extensions Management: Extensions with website or history access are off by default in Private Browsing.
Web AdAttributionKit: Allows privacy-preserving ad attribution.

Additional Protections in All Browsing Modes

Capped Lifetime of Cookies: Limits the lifespan of cookies from cloaked third-party IP addresses.
Partitioned SessionStorage and Blob URLs: Isolates storage to prevent cross-site tracking.
Network Privacy Enhancements: Uses encrypted DNS and proxies unencrypted HTTP requests.

Advanced Fingerprinting Protection

Safari introduces several measures to combat fingerprinting:

Noise Injection: Applies noise to 2D canvas, WebGL, and WebAudio APIs to obscure unique device characteristics.
Fixed Values for Screen/Window Metrics: Standardizes values returned by APIs to reduce fingerprinting entropy.

Opposition to Google's Topics API

Apple has rejected Google's Topics API which is part of the privacy sandbox, emphasizing the importance of not adding fingerprintable APIs to the web. The company has been working with the standards community to improve user privacy on the web platform and believes that introducing new fingerprintable APIs would exacerbate the fingerprinting problem. While some trade-offs might be acceptable for a richer web experience or enhanced accessibility, Apple generally advocates for progressing the web without increasing fingerprintability.

Research by Yohan Beugin and Patrick McDaniel from the University of Wisconsin-Madison highlights significant privacy concerns with the Topics API. Their study shows that the 5% noise intended to provide plausible deniability can be defeated, allowing the API to fingerprint and re-identify users. The research concludes that users can be uniquely re-identified across websites through their topics of interest, worsening privacy violations over time.

Beyond re-identification, the Topics API also enables profiling of users' cross-site activity. For example, a data broker can track a user's shifting interests over several years, building a detailed profile without the user's explicit consent. This data can be combined with other data points to feed algorithms that draw conclusions about the user, raising further privacy concerns.

In summary, Apple's rejection of the Topics API is rooted in its potential to increase fingerprinting and privacy violations, which contradicts the company's long-standing efforts to enhance user privacy on the web.