In its effort to curb the practices it believes are harmful to users, and the unintended consequences of those preventive countermeasures, Apple’s WebKit team has just released its full “Tracking Prevention Policy.” This policy is an outline of WebKit’s tracking efforts and details what types of tracking WebKit will prevent, countermeasures, and more.
Apple is taking a hard stance on online privacy with a new anti-tracking policy in Safari. The browser engineering group, responsible for maintaining the WebKit rendering engine that powers Apple’s Safari browser for macOS and iOS, said it has implemented, or will implement, the technical protections described in the document and may install defenses against additional invasive tracking techniques that come to light in the future. Here’s how the WebKit team explains the new breakdown of tracking measures detailed in the policy published today;
“This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user’s privacy without giving users the ability to identify, understand, consent to, or control them.“
The stance taken by the WebKit team on those trying to circumvent browser privacy protections sounds severe. “We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities,” the policy says.
But the breadth and manner of Apple’s policy enforcement remains unspecified. That may be because covert tracking and cross-site tracking are so common – Google Analytics has documentation that describes how to do cross-domain measurement – that clarity would entail a fight with the entire ad-supported internet.
The policy suggests Apple would prefer to avoid disrupting the behavioral ad biz but allows that the company’s actions may have “unintended impact” on the advertisers, ad analytics, federated login (eg. Facebook Login), and social media widgets, among other things.
Notably, Apple has some influence, given its iOS platform rules give Safari the home field advantage and its platform control allows default distribution. But Google Chrome is so widely used that Apple’s policy may have more power as a guidepost for ad industry regulation than as a technical barrier against misbehaving marketers.