Home Online Advertising Safari Enables Full-On Third-Party Cookie Blocking By Default (Aka, No More Workarounds Ever)

Safari Enables Full-On Third-Party Cookie Blocking By Default (Aka, No More Workarounds Ever)


Are you sitting down? Because there’s some news that actually isn’t related to the coronavirus.

After years of moving in this direction, Apple said Tuesday that all third-party cookies for cross-site tracking will be blocked by default in Safari 13.1 for iOS and macOS.

You’d be forgiven for scratching your head and saying, “Wait a sec, weren’t third-party cookies already blocked in Safari as part of Intelligent Tracking Prevention?”

The answer is yes. What’s new is Safari going full nuclear on workarounds. It’s been a cat-and-mouse game between trackers and Safari for a while, but ITP means business.

In a blog post, WebKit security engineer John Wilander put it like so: “This is a significant improvement for privacy since it removes any sense of exceptions or [that] ‘a little bit of cross-site tracking is allowed.’”

WebKit will share its experiences with unmitigated third-party cookie blocking with privacy groups within W3C “to help other browsers take the leap,” Wilander wrote.

Chrome said earlier this year that it’s planning to deprecate third-party cookies in its browser beginning in 2022.

Here are a few of the exploits WebKit is cracking down on:

  • Ironically, the way in which a tracking prevention method is carried out can in some cases be manipulated to track a person across sites. Full third-party cookie blocking ensures that there is no ITP state that can be detected through cookie-blocking behavior. Basically, trackers won’t be able to use what is being blocked as a signal for tracking.
  • Login fingerprinting, which allows sites to see where a user was previously logged in, will no longer be possible. Aka, no leakage of a user’s login state across sites.
  • Last year, Apple announced that all client-side cookies would expire after seven days. (Later, this became 24 hours.) As expected, third-party scripts reacted by simply moving to other means of first-party storage, such as LocalStorage, which uses JavaScript to store information on the client side and never expires. Well, now there will be a seven-day cap on all script-writable storage too.

Click here to read the full blog post.

Must Read

Mozilla acquires Anonym

Mozilla Acquires Anonym, A Privacy Tech Startup Founded By Two Top Former Meta Execs

Two years after leaving Meta to launch their own privacy-focused ad measurement startup in 2022, Graham Mudd and Brad Smallwood have sold their company to Mozilla.

Nope, We Haven’t Hit Peak Retail Media Yet

The move from in-store to digital shopper marketing continues, as United Airlines, Costco, PayPal, Chase and Expedia make new retail media plays. Plus: what the DSP Madhive saw in advertising sales software company Frequence.

Comic: Ad-ception

The New York Times And Instacart Integrate For Shoppable Recipes

The New York Times and Instacart are partnering for shoppable recipe videos.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters

Experian Enters The Third-Party Data Onboarding Business

Experian entered the third-party data onboarder market on Tuesday with a new product based on its Tapad acquisition.

Albertsons Takes Its First Steps Into Non-Endemic Advertising, Retail Media’s Next Frontier

Albertsons is taking that first step into non-endemic advertising next week via a partnership with Rokt to serve ads to people who have already purchased groceries.

Marketecture Buys AdTechGod (No, Really)

Marketecture has acquired AdTechGod – an anonymous ad tech Twitter poster turned one-man content studio – and the AdTech Forum, an information resource hosted by AdTechGod and Jeremy Bloom.