Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Privacy Safari Security The Internet IT

WebKit Introduces New Tracking Prevention Policy (webkit.org) 35

AmiMoJo writes: WebKit, the open source HTML engine used by Apple's Safari browser and a number of others, has created a new policy on tracking prevention. The short version is that many forms of tracking will now be treated the same way as security flaws, being blocked or mitigated with no exceptions. While on-site tracking will still be allowed (and is practically impossible to prevent anyway), all forms of cross-site tracking and covert tracking will be actively and aggressively blocked.
This discussion has been archived. No new comments can be posted.

WebKit Introduces New Tracking Prevention Policy

Comments Filter:
  • by Anonymous Coward
    Any and all cross-site tracking should be killed at the browser-level. Without exception.
  • Great to see that Apple is continuing to actively improve WebKit.

  • The approved ads?
    • Re: (Score:2, Funny)

      by Merk42 ( 1906718 )
      If you want ads, you must make an iOS/iPadOS app (so Apple gets money from you) then only use iAds (so Apple gets money from you)
    • by AmiMoJo ( 196126 )

      Presumably ads will still work, in that they will display. They just may not be able to track you so well.

      • by AHuxley ( 892839 )
        Then they are not working as the ad company is paying for.
        That ad had to show and what interaction happened has to be accounted for.
        No company is going to pay money for their "presumably" displayed ads...
        If the ads work perfectly then the new "prevention" is not doing much....
        • by Anonymous Coward

          No company is going to pay money for their "presumably" displayed ads...

          Hi, I work in dirt-poor media and the ad industry. Plenty of companies do pay for "presumably" displayed ads. All we know is what they send in the headers, IP address, etc. No high-tech "tracking." The clients pay. But there are only so many of them, and they're negotiated directly with salespeople, not the way you just place an order with Google or Facebook. Very oldschool. But we exist and all my paychecks come from this.

          • by Shaitan ( 22585 )

            And presumably there would be a hell of a lot more with these capabilities removed since there were a hell of a lot more before these capabilities existed.

        • by AmiMoJo ( 196126 )

          As TFA notes there is a new API for privacy-enforcing ad-impression tracking.

          • by AHuxley ( 892839 )
            If the ads work as expected and as been paid for the notes about "privacy-enforcing ad-impression tracking" is doing nothing in the real world :)
        • by Shaitan ( 22585 ) on Tuesday August 20, 2019 @12:13PM (#59106224)

          Ads have been able to do this without any of these enhanced tracking measures all along. Even a simple affiliate id encoded in the link should the user click the ad takes care of this.

          All this will do attempt to stop them from targeting as well as they'd like

        • Sounds like a problem for spying ad companies, and not for users.

          Too fucking bad.

  • now, how about they update webkit to some of the more recent CSS and Javascript standards so I don't feel like we're fighting yet another front on the "Browser Wars". I'm sick of being told I can't use something because browser X will never support it nor tell us if they even are thinking about it.

    • by Merk42 ( 1906718 )
      They only introduce things that break the web, can't have people using some open standards instead of the walled garden App Store!

      Convenient that non-webkit browsers aren't even allowed to be installed on iOS/iPadOS. Could you imagine in Microsoft had forbidden any non-Trident browser to be installed on Windows?
  • What if iOS/Mac users start getting banned from websites entirely due to this? Will trackers force users to use Android/Windows devices where they can be tracked. I feel the ultimate fate of the browser wars will be done by trackers.
    • Firstly, Safari is not the only browser on OSX. It's not ever the major browser by most accounts.

      Secondly, Apple products are used by CEOs. The web will adjust itself to work with their devices. Not the other way around.

    • by Penguinisto ( 415985 ) on Tuesday August 20, 2019 @11:00AM (#59105890) Journal

      What if iOS/Mac users start getting banned from websites entirely due to this?

      Pretty sure that a site-op, if faced with a choice between...

      • * having to infer some to fill the BI holes off of most iOS/MacOS (Safari) users and getting what they can
      • * blowing off the majority of mobile browsers (and 10-20% of non-mobile traffic) entirely out of some sense of spite

      I'm pretty sure they'll content themselves with half a slice of cake (and the resulting traffic, e-commerce, etc) as opposed to no slice.

    • I sincerely doubt that most advertisers would want to block users of iOS, as the average user of iOS tends to have far more disposable income than the average user of Android. This means that despite interest-targeted impressions producing three times the CPM (cost per thousand impressions) in general compared to context-targeted impressions, a context-targeted impression served to an iOS user may still command a greater CPM than an interest-targeted impression served to an Android user.

    • by Anonymous Coward

      Sites that start banning browsers that block trackers won't survive for long, which is just fine by me. Those scumbags need to get the fuck off of the internet.

      • Sites that start banning browsers that block trackers won't survive for long

        The Atlantic has blocked users of Firefox tracking protection for years. Its anti-adblock troubleshooting page [theatlantic.com] consistently mentions "ad or tracking blockers" in the same breath, manipulating the terminology to carefully exclude the question "Can I look at ads that don't track me?" from readers' minds. Forbes tried it for a while, as did WIRED [harvard.edu] up until when WIRED switched to a paywall.

        • by AmiMoJo ( 196126 )

          The Atlantic works in Firefox with uBlock Origin also running. So the question is, will WebKit implement whatever fix uBlock has to thwart this kind of thing?

          My guess is not. Their site suggests that they expect and accept some breakage.

          • If webkit browsers start treating the site as if it is a security risk they may need to rethink what they are doing or loose the business of those users.

    • Well, iOS/Mac killed Flash when most web sites were 90% Flash, so it's not likely that people will ban them now over this

    • Websites that want to not be seen by iPhone and iPad users will see a sizeable drop in their traffic and ad impressions. And if they're that intent on spying on people, it is to our benefit for them to self-select out of our viewership.

  • by reanjr ( 588767 ) on Tuesday August 20, 2019 @10:54AM (#59105854) Homepage

    The web would be so much better if cross-origin resources were just disable by default. It should be opt-in for every extra domain you want resources from.

    • Re: (Score:1, Flamebait)

      by Khyber ( 864651 )

      The web would be better if people would just fucking take the responsibilities they have and actually work with them.

      Got a website? You manage your fucking CDN and ads, on-premises, on your own. No third-party shit. If you can't run all of it on your own, you have no business running it at all.

    • by AmiMoJo ( 196126 )

      The one issue I can see with that, apart from the massive breakage which could be sorted with a default whitelist, is that it would make it harder for new players to enter the market for Javascript frameworks. Many of them are huge and only perform decently because the browser caches them and all sites using them reference the cached copy on a third party domain.

      I'm not sure that can be fixed in a way that doesn't also permit tracking. Having a copy on the same domain is going to hammer performance as it ha

  • The metaphor of a worldwide web seems more appropriate as every day passes. It is impossible to detangle yourself from the privacy nightmare that Tim Berners-Lee has bestowed upon us.

    What's frustrating is that despite being a step in the right direction, there will constantly be successful attempts at thwarting privacy measures. I rejoiced when Google announced that they were doing away with the mechanism that allowed sites to detect the sandboxed incognito mode, only to realize that site developers just

"...a most excellent barbarian ... Genghis Kahn!" -- _Bill And Ted's Excellent Adventure_

Working...