ITP, along with how Safari manages cross-site cookies, can cut down on the ability of web-based ad services to track your movements around the web. It’s this tracking ability that leads to focused ads appearing in many different and unrelated websites. For example, after looking for a new winter coat at your favorite clothier’s web site, you might discover that wherever you go on the web, an ad for winter apparel is present.
While Safari and ITP may put an end to many of the annoying ads that follow you around the web, as well as create a bit more personal security, it may also have a few unintended consequences that may result in a favorite website or two not working correctly, until they receive an update to work with ITP.
You may find you need to revert back to the old way that Safari managed cookies when visiting a few sites, including some sites (banking and financial services come to mind) that use a centralized login system that provides sign-in service for multiple related sites. In that case, there’s a good chance that ITP’s machine learning system will mistake the central sign-in service as an ad tracker, forcing you to sign in repeatedly.
With that in mind, we’re going to take a look at how to manage Safari’s new privacy settings, and how you can enable and disable ITP in Safari.
Cookie Management and Cross-Site Tracking
Safari 11 (and later versions) disables cross-site tracking as its default configuration, so out of the box, you should notice less obviously targeted ads appearing in the websites you visit. To be clear, Safari isn’t stripping out ads from websites; the websites you visit will still display ads; they just won’t be explicitly targeted to you, based on other websites and products you’ve viewed.
But, wait; you say you’re seeing targeted ads even though cross-site tracking is enabled? Yup, you may still see targeted ads for one of two reasons: either the web advertisers have implemented new technology to get around ITP, or you’re seeing ads based on a site you routinely access.
ITP uses a 24-hour window that allows for some tracking, mostly in the form of a persistent cookie that can be used to allow you to automatically sign in to a site. But third parties who provide web resources, such as images or ads, to the site can use the same cookie to track the fact that you visited the site. That’s why you may still see some ads tracking you around the web. After 24 hours, the cookie is automatically disabled for tracking functions, but retains its ability to be used for auto sign in to a site.
After 30 days, the ITP system purges the cookie completely, requiring you to manually log in should you return to the site in question.
Because ITP is a new technology involving machine learning, it’s likely that we’ll see updates to Safari that will make some changes in the cookie management system, but when macOS High Sierra is first released, what we described above will be the default ITP behavior.
Enable or Disable Intelligent Tracking Prevention
The ITP feature can be turned on or off from the Safari preferences. There are two areas in the Safari preferences that are used to control the ITP and cookie management system.
- Launch Safari, if it isn’t already open.
- Select Preferences from the Safari menu.
- In the Preferences window, choose the Privacy icon from the toolbar.
If you’re coming from an earlier version of Safari, you may notice that the Privacy section of the preferences seems a bit bare. Older versions of Safari had a good deal more options available to handle how cookies were managed and how a website could make use of location information.
You can still control how location information is used by a website; the controls have just been moved to a new location under the Websites icon on the toolbar. You can find out more in the Rocket Yard guide: How to Customize Safari Website Preferences in macOS High Sierra.
The old cookie options:
- Allow from current website only
- Allow from websites I visit
- Always allow
Have been replaced with the following ITP options:
- Prevent cross-site tracking: Placing a check mark here enables the ITP system.
- Ask websites not to track me: A check mark here will allow Safari to send a request not to be tracked whenever you access a site. Websites are under no obligation to honor a do not track request. How well this works depends on the type of sites you visit.
- Block all cookies; This is the ultimate solution to tracking based on cookies; placing a checkmark here disables Safari from storing any cookies for any website. It will also likely lead to many websites not working correctly, since cookie technology is such an integrated part of website design.
- Manage Website Data: When pressed, this button brings up a list of websites that have set cookies and caches in Safari. You can use the list to remove all cookies, or select specific websites from the list and have only their cookies removed.
Safari 11 and Pop-Up Windows
The last part of the ITP system involves pop-up windows that some websites make use of. Many times pop-ups provide a method for a site to offer additional services or information without site visitors having to leave the currently loaded page. However, they’re also well known as an intrusive means to serve up ads, or in the worst case, generate an excess of pop-up windows in an attempt to affect performance on compromised websites, or to offer malware in various forms.
The use of pop-up windows can be controlled from Safari’s Preferences by selecting the Security icon in the preferences toolbar.
Block pop-up windows: Placing a checkmark here will enable Safari to attempt to block pop-up windows automatically generated by a website. Pop-ups that are the direct result of user actions will likely still be displayed. Some sites won’t work correctly if pop-ups are blocked.
Cookies and ITP Wrap-up
Apple’s newest venture into web privacy and security has a few holes, and it will be interesting to see how Apple responds to any issues that may develop.
The chief issue is the 24-hour window in which cookies and third-party tracking remains in effect. Should you continue to visit a popular website every day, that 24-hour window will keep getting reset, allowing any third-party trackers that are used by that website to continue to monitor your behavior on the web.
That means some of the biggest ad-based companies, including Google and Facebook, will likely be able to continue to generate targeted ads, since many people visit these sites every day.
Along with the 24-hour exposure, there’s also the likelihood that some websites will no longer work as intended, and the possibility that web developers won’t be willing to put the time into modifying their sites to work with Safari.
Here’s hoping we won’t be returning to a time when having multiple browsers was a requirement to ensure we could interact with all websites.
Even with the possible issues, I’ll be glad to see a reduction in the ability of third parties to track my behavior on the web. And with any luck, I’ll have new ads showing up every day, instead of the same reptile hawking insurance at me everywhere I go.