It’s one of the most discussed new features in High Sierra: Safari’s new Intelligent Tracking Prevention. Advertisers are upset about it, claiming it’s “bad for the ad-supported online content and services consumers love.” Apple is undeterred by the rhetoric. But what does the feature actually do?
RELATED: What’s New in macOS 10.13 High Sierra, Available Now
Basically, Intelligent Tracking Prevention changes which sites can and can’t use particular cookies, and in some cases deletes cookies that aren’t doing anything useful for you. To quote the official explanation, from Apple’s High Sierra feature list:
This sounds good in the abstract, but how does it actually work? Apple’s official explanation on Webkit.org outlines the technology in language intended for developers; here’s what users need to care about.
What Is Cross-Site Tracking?
Intelligent Tracking Prevention works to prevent what’s called cross-site tracking, a feature where a cookie served up by one website can track you across the wider web.
It’s part of how modern websites are built, and it’s not a problem in and of itself. In some cases these third party services may access cookies stored by your browser, which also isn’t a problem in and of itself.
In fact, many features useful rely on this. If you’ve ever used your Google or Facebook account to log into another site, you’ve used cross site cookies in a tangible way that makes your life easier.
That’s why this is complicated: the cross site ads are creepy, but other cross site functionality makes the web a better place. How is a browser supposed to tell the difference?
What Will Intelligent Tracking Prevention Actually Do?
So how will Intelligent Tracking Prevention actually work? Ironically, by tracking you—though all information stays on your machine, meaning nothing is uploaded to Apple. Safari will use your browsing history to work out which sites you’re interested in, and use that information to save, partition, or delete cookies depending on context.
To Safari, domains you’re interested in are domains you yourself visit on a regular basis. Domains you never visit directly, but regularly use cross site resources from, are deemed things you’re not interested in. To quote the Webkit page again:
The behavior is relatively simple, so let’s break it down:
If you visit a domain directly, Safari will assume you’re interested in the site, and will allow cross site tracking for the domain for 24 hours. If you then don’t visit that domain for 24 hours, Safari will assume you’ve lost interest, and stop allowing cross site tracking for that domain. If you don’t visit that domain for 30 days, Safari will delete the cookies for that domain entirely.
It’s a little weird, so let’s explore a concrete example. Let’s say you’re not a Facebook user, but occasionally click a Facebook link and read a public post. Under this scheme Facebook would be able to track your activity online using cookies for 24 hours, thanks to those “Like” buttons embedded on so many pages. After 24 hours Facebook would no longer be able to access these cookies, assuming you don’t head to Facebook.com again. After 30 days of not visiting Facebook the cookie will be deleted completely.
Facebook is just one example of a site that uses cross site tracking, and this tracking is something regular Facebook users have learned to live with (if not love.) Ad networks aren’t the same: they run completely in the background, and most people never visit their domains directly. Safari’s Intelligent Tracking Prevention stops them from tracking you without breaking cookies for sites you actually use.
It makes sense when you think about it. Safari will keep cookies around for sites you regularly use, but quarantines and delete the cookies left there by advertisers and other tracking services. It’s a compromise between functionality and privacy.
It’s worth noting that Apple is uniquely positioned to offer such a feature. Google, for example, makes liberal use of cross-site tracking for its own ad network—Chrome users shouldn’t hold their breath waiting for something similar on that browser.
How to Turn Off Intelligent Tracking Prevention
Not sure you’re a fan of this feature, or wonder if it’s breaking a site you use regularly? It’s easy enough to turn off. Open Safari, then click Safari > Preferences in the menu bar.
RELATED: How to Block Third-Party Cookies in Every Web Browser
Uncheck the top option, “Prevent cross-site tracking,” and you’re done. The feature is still turned off. You could block third party cookies in every browser instead, but know that this is far more likely to break sites than Safari’s default method.
Photo Credit: Alejandro Escamilla, Jens Kreuter