Apple has updated its Safari browser so that now it will block all third-party cookies by default. This was done in response to a report that revealed flaws in the browser’s security features.
Cupertino tech giant Apple has added a few enhancements to the Safari browser’s Intelligent Tracking Prevention (ITP) feature so as to allow it to block all third-party cookies by default, The Verge reported. With this update, Safari now sits at the top of the list alongside Tor and Brave for being the safest browsers to use against trackers.
In a blog, WebKit engineer John Wilander explained that “cookies for cross-site resources are now blocked by default across the board.” This enhancement allows Safari to completely block third-party cookies without any exception.
The engineer indicated that this latest enhancement comes as the newest to be added to the slew of restrictions that Safari’s ITP already had since it was launched in 2017. Previous restrictions didn’t completely block all third-party cookies, but the new restriction does.
The WebKit engineer explained that “full third-party cookie blocking” means that malicious people won’t be able to determine the internal state of the ITP, or how it blocks cookies, so they won’t be able to use that state as a tracking vector. In other words, effective cookie blocking means being able to prevent tracking prevention from working or succeeding.
Wilander said he is grateful to Google for helping them discover the flaws in the ITP so they can work on it. Earlier this year, Google released a report where it explained the serious flaws that it found inside Safari’s ITP feature. The Alphabet-owned tech giant said it shared its findings with Apple before releasing the report to the public. This report helped Cupertino improve Safari’s security features.
With these improvements, Safari has become the first mainstream browser to full block third-party cookies. Wilander added that Safari’s improvements in this area “paves the way for privacy on the web.” It also means that Safari is at least two years ahead of Google’s Chrome which previously announced that it wants such a feature, but won’t be releasing it until 2022.