Apple has quietly revealed that it will implement an anti-tracking policy for its WebKit browser engine that’s based on Mozilla’s.

“We are publishing the WebKit Tracking Prevention Policy, covering what types of tracking WebKit will prevent when other tracking countermeasures come into play such as limiting capabilities and informed user consent, and how WebKit handles unintended impact of our tracking prevention,” Apple’s Jonathan David announced. “We’d like to thank Mozilla for their anti-tracking policy which served as inspiration for ours.”

Mozilla began offering what it calls Enhanced Tracking Protection in Firefox 63 last October. This blocked the most common form of cross-site tracking, meaning cookies and storage access from third-party trackers. This past summer, it expanded this technology into Enhanced Privacy Protection, and it’s now enabled by default for new users and will be auto-enabled for all Firefox users soon.

Basically, Apple picked the right policy to copy, and given its focus on customer privacy, this change makes a lot of sense.

“WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert),” Apple’s new policy reads. “If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique … If even limiting the capability of a technique is not possible without undue user harm, WebKit will ask for the user’s informed consent to potential tracking.”

Apple says it will treat any attempt at circumventing its anti-tracking functionality with the same severity as it does the exploitation of security vulnerabilities. And that it will grant no exceptions to its tracking prevention; should sites not behave properly because of the changes—something that happens occasionally with Firefox now as well—that’s the site’s problem, Apple says. “We will typically prioritize user benefits over preserving current website practices,” the policy explains. “We believe that that is the role of a web browser, also known as the user agent.”

This is the right approach to tracking. And a model for Google, Microsoft, and all other web browser makers to follow.

Tagged with WebKit