In an update on the WebKit blog, we learned that Apple now blocks third-party cookies by default in Safari. Intelligent Tracking Prevention (ITP) received several improvements.
Third-party cookie blocking enables two main capabilities for Safari:
- Removes Statefulness: In a previous blog post called Preventing Tracking Prevention Tracking, the blocking function could itself be used as a tracking mechanism. But with this latest update, full third-party cooking blocking means that the ITP state can’t be tracked.
- Disables Login Fingerprinting: A technique exists that lets a website detect where you are logged in. Full third-party cookie blocking disables this, since cookies are a “global state.”
The blog post goes into more detail but those two features are the main takeaways for users. Cookie blocking in this manner provides several other benefits, like disabling cross-site request forgery, removing the ability to use an auxiliary third-party domain to identify users, and makes things easier for developers with Safari’s Storage Access API.