"Intelligent Tracking Prevention" to prevent cross-site tracking using user's cookie is introduced to Safari

For the purpose of preventing new tracking (tracking) of the desktop version Safari by AppleIntelligent Tracking Prevention (ITP)To add functionality likeWWDC 2017I made it clear.

Intelligent Tracking Prevention | WebKit
https://webkit.org/blog/7675/intelligent-tracking-prevention/

The open source HTML rendering engine "WebKit" developed mainly by Apple includes functions to reduce privacy by reducing user tracking, for example, the ability to block third party cookies It is implemented by default in desktop version Safari. In addition to this, Apple announced at WWDC 2017, adding a new function called Intelligent Tracking Prevention (ITP) from the viewpoint of privacy protection of users.

The WEB site can acquire images, scripts, resources such as scripts from sites other than the same domain, which is a powerful web called "cross-origin" (cross-site loading) It is one of functions. However, Apple believes that this feature is a problem from the point of view of privacy protection of users, as this feature allows cross-site tracking to track users across sites.

For example, consider a case where a user who visited a site called example-products.com to refer to a new terminal accesses example-recipies.com trying to find dinner. If both sites load the resource at example-tracker.com and example-tracker.com saves the cookie in the user's browser, example-tracker.com will allow the user to browse the product's website and recipe You can know that you visited both sites. Cross-site tracking that wraps up multiple users' browsing behaviors of such users has been regarded as a problem by privacy-sensitive users, and Apple is collecting user data by famous websites with more than 70 trackers It states that it is grasping the actual condition.


In the ITP, not only the user's operation such as inputting click, tap, text, but also statistical information on the load of the resource are collected, and the collected statistical information is collected at the chip level TLD + 1 bucket It is stored in. Then, based on the statistical information, we classify which top domains are capable of cross-site tracking of users into the machine learning model. The collected statistical information is characterized by being stored and managed by users such as terminals and web browsers.

For example, if the ITP classifies "example.com has cross-site tracking capability", the ITP analyzes the "frequency" of the interaction between the user and example.com, and if the ITP has not accessed the site, 30 days elapsed We will delete the site's cookie automatically afterward. After that, even if new data is added, the state in which the cookie is deleted again is maintained.


However, if the user treats example.com as the top domain (the first party domain), the ITP temporarily adjusts its behavior by judging that example.com is interested in the website by the user. Specifically, if a user interacts with example.com within 24 hours, the cookie will be available. In this case, example.com holds the cookie, but the cookie is stored in a separate partitioned storage. According to Apple, a single sign-on system that uses another account to log in to another site such as "Log in using a Google ID to a certain site" while preventing the use of cookies by cross site tracking by this mechanism It will be possible to use the problem without problems as before.


In WWDC 2017, Craig Federigi, Software Engineering Corp., "(Desktop Version)" ITP introduced in Safari is not an ad block, but the web browser itself behaves the same as usual, but the privacy of the user is protected "I said.