Privacy: Apple now treats WebKit tracking circumvention as a security issue

Apple logo in squares

Apple has updated its WebKit policy, increasing the company's focus on privacy. The new WebKit Tracking Prevention Policy now states that any circumvention of its anti-tracking feature is treated in the same way, and as seriously, as security issues.

The aim is to prevent web tracking completely because "these practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them". Apple says it wants "to see a healthy web ecosystem, with privacy by design".

See also:

Apple goes into some detail about the types of tracking it aims to prevent with WebKit. The company explains: "WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it's not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us".

It goes on to say:

If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy -- unique data points that may be used to identify a user or a user's behavior.

If even limiting the capability of a technique is not possible without undue user harm, WebKit will ask for the user's informed consent to potential tracking.

But is the way in which the company now views circumvention of these policies that is particularly interesting:

We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.

If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.

Apple says that there are absolutely no exceptions to the rules, giving the reason that "WebKit often has no technical means to distinguish valid uses from tracking, and doesn’t know what the parties involved will do with the collected data, either now or in the future".

Image credit: Lori Butcher / Shutterstock

© 1998-2019 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.