Intelligent Tracking Prevention 2.2 Changes Cookie Storage Duration

Intelligent Tracking Prevention (ITP) is a Safari feature that helps prevent advertisers from tracking you across the web. And it’s getting an update.

[Google Finds a Workaround for Apple’s Intelligent Tracking Prevention]

ITP 2.2

ITP 2.2 is included in the beta releases of iOS 12.3 and macOS Mojave 10.14.5. The biggest change it brings involves cookies. Persistent cookies set through document.cookie are now limited to one day of storage when two conditions are met:

  1. A domain classified with cross-site tracking capabilities was responsible for navigating the user to the current webpage.
  2. The final URL of the navigation mentioned above has a query string and/or a fragment identifier.
ITP 2.2: A website adding a click ID that can be associated with a person’s user ID
A website adding a click ID that can be associated with a person’s user ID

Example

  1. ITP identifies website.example has having cross-site tracking capabilities.
  2. A user clicks a link on website.example.
  3. This click brings the user to website2.example, and now the URL contains a query string and/or a fragment identifier.
  4. Website2.example sets a persistent cookie through document.cookie. That cookie is automatically set to expire in one day.

Users won’t notice the change, and in some cases, developers weren’t aware that their websites could be used for cross-site tracking.

[There’s a New Privacy Safari API Coming Called Storage Access API]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.