Privacy: Apple now treats WebKit tracking circumvention as a security issue
Apple has updated its WebKit policy, increasing the company's focus on privacy. The new WebKit Tracking Prevention Policy now states that any circumvention of its anti-tracking feature is treated in the same way, and as seriously, as security issues.
The aim is to prevent web tracking completely because "these practices are harmful to users because they infringe on a user's privacy without giving users the ability to identify, understand, consent to, or control them". Apple says it wants "to see a healthy web ecosystem, with privacy by design".
- Privacy: Google stops transcribing Assistant recordings and Apple stops listening to Siri recordings
- Privacy: Apple workers may well hear all of your sordid secrets via Siri
- Privacy concerns raised that SmartScreen in Edge shares browsing history with Microsoft
Apple goes into some detail about the types of tracking it aims to prevent with WebKit. The company explains: "WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it's not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us".
It goes on to say:
If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy -- unique data points that may be used to identify a user or a user's behavior.
If even limiting the capability of a technique is not possible without undue user harm, WebKit will ask for the user's informed consent to potential tracking.
But is the way in which the company now views circumvention of these policies that is particularly interesting:
We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.
If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.
Apple says that there are absolutely no exceptions to the rules, giving the reason that "WebKit often has no technical means to distinguish valid uses from tracking, and doesn’t know what the parties involved will do with the collected data, either now or in the future".