Apple’s WebKit team published its tracking prevention policy last week, outlining its stance against technologies designed to track user activity across the web.
Falling in line with the company’s pro-privacy position, the WebKit Tracking Prevention Policy outlines the web tracking practices it believes should be limited by default. Webkit, the open-source rendering engine that powers Safari, aims to treat attempts to circumvent the policy as security abuse: “We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.”
“No exceptions.” The policy issues a firm warning to parties who fail to adhere to the standards, stating:
“We do not grant exceptions to our tracking prevention technologies to specific parties. Some parties might have valid uses for techniques that are also used for tracking. But WebKit often has no technical means to distinguish valid uses from tracking, and doesn’t know what the parties involved will do with the collected data, either now or in the future.”
Tracking prevention measures. According to the document, WebKit has implemented (or will implement, as new circumvention methods arise) protections and defenses against tracking techniques that could impede user privacy.
Apple’s Intelligent Tracking Prevention (ITP) has evolved since it launched in 2017 — primarily to cut off workarounds by ad tech firms. ITP is designed to block first and third-party trackers from capturing cross-site browsing data for ad targeting purposes.
WebKit said it will prevent covert tracking and all cross-site tracking (even when it’s not covert). This includes cross-site tracking, stateful tracking, covert stateful tracking, navigational tracking, fingerprinting, as well as all tracking techniques not currently known.
Additionally, the document states that if a tracking technique isn’t preventable “without undue user harm,” WebKit will take measures to limit the use of such techniques by obtaining explicit user consent for potential tracking. “For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior,” WebKit wrote.
Google’s response. While Apple makes its play to tighten the reins on user data privacy, Google is challenging Apple’s approach with call this week for an industry discussion on how to balance user privacy and personalized, data-driven advertising. Google believes Apple is going too far, while Apple doesn’t believe Google is enough to protect users.
Why we should care. Apple’s firm stance on tracking user’s web activity has implications for tracking parties and advertisers that have already been wrestling with Apple’s Intelligent Tracking Prevention efforts.
Apple isn’t closing the door all the way, however. “We may alter tracking prevention methods to permit certain use cases, particularly when greater strictness would harm the user experience,” the document states. “In other cases, we will design and implement new web technologies to re-enable these practices without reintroducing tracking capabilities.”
Apple’s policy certainly disrupts how user data is collected, how advertisers measure the effectiveness of their campaigns on Apple’s Safari browser on iOS and macOS devices. Additionally, advertisers may face further restrictions to audience measurement, analytics tracking and third-party authentication.