Inspired by Mozilla’s anti-tracking policy, Apple’s WebKit team came up with their own: The WebKit Tracking Prevention Policy.
WebKit Tracking Prevention Policy
Essentially, the policy lays out what kinds of tracking that WebKit will block, when other tracking blocks are used, and how WebKit handles “unintended impact” of its tracking prevention.
- Tracking: The collection of data about a user’s identity or activity across one or more websites.
- First party: A website that a user knowingly and intentionally visits.
- Third party: Any party that doesn’t fall under the definition of first party.
- Privileged third party: A party that has the potential to track a user across different websites without their knowledge or consent.
Types of Tracking
- Cross-site tracking: Tracking across multiple first party websites; tracking between websites and apps; or the retention, use, or sharing of data from that activity with parties other than the first party on which it was collected.
- Stateful tracking: Tracking using storage on the user’s device. Examples: Cookies, DOM storage, IndexedDB, HTTP cache, HSTS, media keys.
- Covert stateful tracking: Stateful tracking using mechanisms not intended for general-purpose storage.
- Navigational tracking: Tracking through information controlled by the source of a top-level navigation or a subresource load, transferred to the destination.
- Stateless tracking: Tracking based on the properties of the user’s behavior and computing environment, without the need for explicit client-side storage.
According to the policy, WebKit will do its best to prevent all covert tracking and cross-site tracking. If it can’t be completely blocked without undue user harm, WebKit will limit the capability of using its techniques. There are no tracking exceptions, so WebKit doesn’t grant special privileges to certain parties.