www.TWG.IO

Since 2002

Whiteboard Home

A TWG project

Search
Skip Navigation

  • Advertising

    WebKit Tracking Prevention Policy

    (Webkit.org)

    Do you want YouTube to know everything you’ve browsed or purchased on Amazon? Do you want every Google search you make to be accessed by Facebook to customize your news feed?

    If you’ve resigned yourself to accepting that everyone already knows everything you do online, last week’s major announcement from the Apple’s Webkit team may give you some hope. Webkit, the browser engine used by Apple’s Safari browser and iOS apps, have announced strict new rules around cross-domain user tracking (which is how Amazon ads for those headphones you looked at seem to follow you everywhere).
    WebKit logo

    While not “anti-commerce”, Apple is making no concessions to the business impact these changes will have to the ability of digital advertisers (notably Google, Facebook, Amazon etc.) to micro-target ads and content recommendations to users based on their browsing habits.

    Tracking We Will Prevent

    WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us. If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior. If even limiting the capability of a technique is not possible without undue user harm, WebKit will ask for the user’s informed consent to potential tracking.

    Policy Circumvention

    We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities. If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.

    No Exceptions

    We do not grant exceptions to our tracking prevention technologies to specific parties. Some parties might have valid uses for techniques that are also used for tracking. But WebKit often has no technical means to distinguish valid uses from tracking, and doesn’t know what the parties involved will do with the collected data, either now or in the future.

    Unintended Impact

    There are practices on the web that we do not intend to disrupt, but which may be inadvertently affected because they rely on techniques that can also be used for tracking. We consider this to be unintended impact. When faced with a tradeoff, we will typically prioritize user benefits over preserving current website practices. We believe that that is the role of a web browser, also known as the user agent.

    Pointedly, at the end of that last section Webkit calls out the purpose of the browser is to serve the user, not the advertising ecosystem that has been built on top of it. No surprise that Google is trying to argue that blocking cookies is bad for privacy, because it will force advertisers to use more covert tracking methods like browser fingerprinting that users can’t disable (to that point, Webkit has said it will also shut down fingerprinting or any other covert tracking methods should they become an issue).

    Apple is giving credit where credit is due, noting the changes were “inspired by and derived from Mozilla’s anti tracking policy”. Mozilla’s Firefox browser has been on a roll lately, implementing major speed improvements earlier this year, and great to see them leading this user-centric privacy initiative. For users creeped out by pervasive cross-site tracking, Safari and Firefox are appealing alternatives.

    August 26, 2019 — Richard Switzer