Cross-site tracking is a serious issue on iPhone devices, allowing advertisers and websites to collect your browsing history and track your online activities. This can compromise your online privacy and security.
To prevent cross-site tracking on your iPhone, you can start by turning off third-party cookies in Safari. This can be done by going to Settings > Safari > Block All Cookies.
Limiting the amount of data shared with websites is another effective way to protect your privacy. You can do this by disabling the "Allow All Websites to Track You" option in Settings > Safari > Privacy & Security.
This setting is often enabled by default, so make sure to check and disable it to prevent cross-site tracking.
What is Cross-Site Tracking?
Cross-site tracking refers to the activity of tracking across multiple websites, where websites with enabled third-party trackers share the information they collect about their users with third parties.
Websites owners often add social media widgets to increase shareability and get analytics, but these widgets send information back to platforms like Facebook, Twitter, or LinkedIn.
These social media widgets act like pixel tags, short snippets of code embedded within tiny images, allowing them to track your browsing behavior.
Any user browsing the web often has trackers pursuing them, keeping a log of every activity, achieved with the help of widgets, scripts, or minuscule images embedded on any website user visits.
What It Is and How It Works
Cross-site tracking is a real thing, and it's happening more often than you think. Websites that have enabled third-party trackers can share the information they collect about their users with third parties.
Websites owners add social media widgets to increase the shareability of their content, but these widgets also send back information to platforms like Facebook, Twitter, or LinkedIn. They act like pixel tags, short snippets of code embedded within tiny images.
These trackers are not limited to a specific page or website; they can follow you as you switch tabs. You might have noticed that when you visit certain websites, they have multiple share toggles such as the Facebook logo.
When you choose to share content to Facebook or any other social media platform from another website, it allows that particular website as well as the social media platform you have chosen to store your information. They usually claim to record only relevant data.
What is Website?
A website is simply a collection of related web pages that are identified by a common domain name and are accessed via the internet.
Websites can be thought of as virtual storefronts or hubs where users can find and access information, products, or services.
Cross website tracking primarily occurs on websites, but third-party apps can also gather and access user data.
Websites engage in cross-site tracking to improve products, provide personalized user experiences, and deliver targeted advertising.
Some websites remember basic information, such as language preferences, to ease user experiences and make browsing easier.
However, very few websites clearly explain in simple terms how they will use the collected user data.
The GDPR
The GDPR is a crucial aspect of online privacy in the European Union. It's a regulation that affects how websites and apps collect and process personal data, including data collected through trackers.
The GDPR requires record-keeping of personal data, which applies to trackers that process personal data in most cases. This means that companies must be transparent about how they collect and use user data.
Data Protection Authorities across the EU have aligned their rules about trackers and cookies to GDPR requirements. This ensures a unified approach to online privacy in the region.
Prevention on iOS Devices
The good news is that Apple has taken significant steps to prevent cross-site tracking on iOS devices. All iOS and iPad browsers, including Safari, have implemented WebKit's Intelligent Tracking Prevention mechanisms by default.
To view the privacy report for the current website, tap on the Reader icon in the address bar and select Privacy Report. This will show you how many trackers have been prevented from tracking you across the web.
The "Allow Cross-Website Tracking" toggle is turned off by default in all iOS and iPadOS browsers, which means that cross-site tracking is prevented. However, there seems to be a bug with the implementation, and not all tracking prevention mechanisms are in effect.
Here are the steps to disable cross-site tracking on iOS devices:
- Open the Settings app.
- Select Safari.
- Disable the switch for Prevent Cross-Site Tracking.
Additionally, you can disable the option for Allow Apps to Request to Track in the Settings app under Privacy | Tracking. This will prevent individual apps from using cross-site tracking to follow you around online.
First-Party Analytics, Optimization, Personalization
First-party analytics, optimization, and personalization can have an impact on your online experience, especially when it comes to tracking your behavior across multiple websites.
WebKit restricts the lifetime of JavaScript cookies to a maximum of 7 days, with the limit set to 24 hours in some instances. This can affect the ratio of "new" and "returning" users in analytics tools.
Sites can recycle cookies so that they are set in HTTP headers instead, which is a known mitigation that doesn't go against WebKit's policies. This can help minimize the impact on your online experience.
Cookies are the primary tools used by websites in the process of cross-website tracking. They are small packets of data transferred to your device's browser courtesy of your web server.
Canvas Fingerprinting
Canvas Fingerprinting is a sneaky way websites track you. It involves websites directing your browser to draw a hidden image, which varies with your device, graphics card, and hardware settings.
This unique image acts as a digital fingerprint for every user. The image can provide accurate information when combined with other tracking data.
HTML5, the coding language used for animations and graphics, includes canvas fingerprinting. This means it can be used as an effective tracking and fingerprinting tool.
By using canvas fingerprinting, websites can collect information about your device without your knowledge or consent.
Prevention in iOS Browsers
Apple's iOS 14 and iPadOS 14 have made significant updates to web browsing, with all browsers now implementing WebKit's Intelligent Tracking Prevention mechanisms by default.
The "Allow Cross-Website Tracking" toggle is turned off in all iOS and iPadOS browsers, which means that tracking prevention is now on for all of them.
A bug has been reported with the implementation across iOS browsers, and not all Intelligent Tracking Prevention mechanisms are in effect even when the "Allow Cross-Website Tracking" toggle is left to its default position of OFF.
WebKit's Intelligent Tracking Prevention mechanisms include CNAME cloaking mitigation, which will be applied to all iOS and iPadOS browsers, not just Safari.
Here are some of the browsers that have updated to the latest OS requirements:
- Safari
- Other iOS and iPadOS browsers have also updated, except for Brave, which should be releasing a new build shortly.
To view the privacy report for the current website in Safari, tap on the Reader icon in the address bar, then select Privacy Report.
The privacy report will show how many trackers have been prevented from tracking you across the web, and you can toggle between websites responsible for the trackers and the URLs of the trackers themselves.
The privacy report is stored locally on your device for 30 days and then deleted.
You can also view reports in Safari on macOS by tapping on the privacy report button in the toolbar to the left of the address bar.
macOS Safari also enables cross-site tracking prevention by default, but it can be disabled by following these steps:
1. Open the Settings app.
2. Select Safari.
3. For Prevent Cross-Site Tracking, disable the switch.
App Store Review Guidelines
Apple recently updated its App Store review guidelines, which can significantly impact apps that collect user data. These changes are a result of the company's efforts to provide a more transparent and secure environment for users.
Apps will now have to disclose in detail what type of data collection goes on, and provide an opt-in mechanism to the collection of user and usage data. This means developers must be upfront about how they're using user data.
To comply with these new guidelines, apps will need to implement an opt-out mechanism as well, where if the user withdraws consent, their data should be purged. This is a significant change that affects how apps interact with user data.
Here are the key changes to the App Store review guidelines at a glance:
- Disclose in detail what type of data collection goes on.
- Provide an opt-in mechanism to the collection of user and usage data.
- Not put up consent walls (allow the user to access content only if they give consent to tracking).
- Implement an opt-out mechanism as well, where if the user withdraws consent, their data should be purged.
These changes have echoes of GDPR and CCPA, but since Apple is a private company, the impact is likely to be more immediate and significant.
Prevention on macOS Devices
On macOS devices, you can also control cross-site tracking prevention in Safari.
To disable cross-site tracking prevention on a macOS device, open Safari and select Safari | Preferences (or press Command + , ).
In the Preferences window, select the Privacy tab.
Uncheck the option for “Prevent cross-site tracking” to disable the feature.
It's recommended to keep this setting on for better privacy, but you can disable it if you're experiencing issues with certain websites.
Sources
- https://www.iubenda.com/en/help/64325-what-is-cross-site-tracking
- https://testsigma.com/blog/cross-website-tracking/
- https://www.simoahava.com/privacy/intelligent-tracking-prevention-ios-14-ipados-14-safari-14/
- https://www.techrepublic.com/article/safari-for-ios-14-and-macos-11-how-to-prevent-websites-from-tracking-your-moves-online/
- https://fastestvpn.com/blog/safari-cross-site-tracking/
Featured Images: pexels.com