WebKit Introduces New Tracking Prevention Policy (webkit.org) 35
AmiMoJo writes: WebKit, the open source HTML engine used by Apple's Safari browser and a number of others, has created a new policy on tracking prevention. The short version is that many forms of tracking will now be treated the same way as security flaws, being blocked or mitigated with no exceptions. While on-site tracking will still be allowed (and is practically impossible to prevent anyway), all forms of cross-site tracking and covert tracking will be actively and aggressively blocked.
That's fine by me (Score:1)
Webkit Development Lives! (Score:1)
Great to see that Apple is continuing to actively improve WebKit.
Will ads still work? (Score:1)
Re: (Score:2, Funny)
Re: Will ads still work? (Score:3)
Re: (Score:3)
Presumably ads will still work, in that they will display. They just may not be able to track you so well.
Re: (Score:1)
That ad had to show and what interaction happened has to be accounted for.
No company is going to pay money for their "presumably" displayed ads...
If the ads work perfectly then the new "prevention" is not doing much....
Re: (Score:1)
Hi, I work in dirt-poor media and the ad industry. Plenty of companies do pay for "presumably" displayed ads. All we know is what they send in the headers, IP address, etc. No high-tech "tracking." The clients pay. But there are only so many of them, and they're negotiated directly with salespeople, not the way you just place an order with Google or Facebook. Very oldschool. But we exist and all my paychecks come from this.
Re: (Score:2)
And presumably there would be a hell of a lot more with these capabilities removed since there were a hell of a lot more before these capabilities existed.
Re: (Score:2)
As TFA notes there is a new API for privacy-enforcing ad-impression tracking.
Re: (Score:1)
Re:Will ads still work? (Score:4, Insightful)
Ads have been able to do this without any of these enhanced tracking measures all along. Even a simple affiliate id encoded in the link should the user click the ad takes care of this.
All this will do attempt to stop them from targeting as well as they'd like
Re: (Score:2)
Sounds like a problem for spying ad companies, and not for users.
Too fucking bad.
that's nice... (Score:2)
now, how about they update webkit to some of the more recent CSS and Javascript standards so I don't feel like we're fighting yet another front on the "Browser Wars". I'm sick of being told I can't use something because browser X will never support it nor tell us if they even are thinking about it.
Re: (Score:2)
Convenient that non-webkit browsers aren't even allowed to be installed on iOS/iPadOS. Could you imagine in Microsoft had forbidden any non-Trident browser to be installed on Windows?
Will tracking sites start banning Safari? (Score:2)
Re: Will tracking sites start banning Safari? (Score:2, Interesting)
Firstly, Safari is not the only browser on OSX. It's not ever the major browser by most accounts.
Secondly, Apple products are used by CEOs. The web will adjust itself to work with their devices. Not the other way around.
Re:Will tracking sites start banning Safari? (Score:5, Interesting)
What if iOS/Mac users start getting banned from websites entirely due to this?
Pretty sure that a site-op, if faced with a choice between...
I'm pretty sure they'll content themselves with half a slice of cake (and the resulting traffic, e-commerce, etc) as opposed to no slice.
Using iOS itself makes your eyeballs more valuable (Score:3)
I sincerely doubt that most advertisers would want to block users of iOS, as the average user of iOS tends to have far more disposable income than the average user of Android. This means that despite interest-targeted impressions producing three times the CPM (cost per thousand impressions) in general compared to context-targeted impressions, a context-targeted impression served to an iOS user may still command a greater CPM than an interest-targeted impression served to an Android user.
Re: Using iOS itself makes your eyeballs more valu (Score:1)
All those Buick drivers are more likely to buy the deluxe fuzzy dice and not just the standard ones.
Re: (Score:1)
Sites that start banning browsers that block trackers won't survive for long, which is just fine by me. Those scumbags need to get the fuck off of the internet.
"Ad or tracking blockers" in the same breath (Score:2)
Sites that start banning browsers that block trackers won't survive for long
The Atlantic has blocked users of Firefox tracking protection for years. Its anti-adblock troubleshooting page [theatlantic.com] consistently mentions "ad or tracking blockers" in the same breath, manipulating the terminology to carefully exclude the question "Can I look at ads that don't track me?" from readers' minds. Forbes tried it for a while, as did WIRED [harvard.edu] up until when WIRED switched to a paywall.
Re: (Score:2)
The Atlantic works in Firefox with uBlock Origin also running. So the question is, will WebKit implement whatever fix uBlock has to thwart this kind of thing?
My guess is not. Their site suggests that they expect and accept some breakage.
Re: (Score:2)
If webkit browsers start treating the site as if it is a security risk they may need to rethink what they are doing or loose the business of those users.
Re: (Score:3)
Well, iOS/Mac killed Flash when most web sites were 90% Flash, so it's not likely that people will ban them now over this
Re: (Score:2)
Websites that want to not be seen by iPhone and iPad users will see a sizeable drop in their traffic and ad impressions. And if they're that intent on spying on people, it is to our benefit for them to self-select out of our viewership.
Cross domain white lists (Score:4, Interesting)
The web would be so much better if cross-origin resources were just disable by default. It should be opt-in for every extra domain you want resources from.
Re: (Score:1, Flamebait)
The web would be better if people would just fucking take the responsibilities they have and actually work with them.
Got a website? You manage your fucking CDN and ads, on-premises, on your own. No third-party shit. If you can't run all of it on your own, you have no business running it at all.
Re: Cross domain white lists (Score:2)
Sure, but there's no benefit to the provider to do that. But if it annoyed their customers to opt in, they would be forced into good behavior.
Re: (Score:2)
The one issue I can see with that, apart from the massive breakage which could be sorted with a default whitelist, is that it would make it harder for new players to enter the market for Javascript frameworks. Many of them are huge and only perform decently because the browser caches them and all sites using them reference the cached copy on a third party domain.
I'm not sure that can be fixed in a way that doesn't also permit tracking. Having a copy on the same domain is going to hammer performance as it ha
Sites are going to share data either way (Score:1)
The metaphor of a worldwide web seems more appropriate as every day passes. It is impossible to detangle yourself from the privacy nightmare that Tim Berners-Lee has bestowed upon us.
What's frustrating is that despite being a step in the right direction, there will constantly be successful attempts at thwarting privacy measures. I rejoiced when Google announced that they were doing away with the mechanism that allowed sites to detect the sandboxed incognito mode, only to realize that site developers just