The Apple WebKit team has shared their “WebKit Tracking Prevention Policy,” which details the team’s anti-tracking measures and the types of “harmful” tracking practices it works to prevent.
The document, which was posted to the WebKit blog, offers a close look into the anti-tracking features built into Apple’s Safari browser.
This document describes the web tracking practices that WebKit believes, as a matter of policy, should be prevented by default by web browsers. These practices are harmful to users because they infringe on a user’s privacy without giving users the ability to identify, understand, consent to, or control them.
Apple debuted Intelligent Tracking Prevention in iOS 11 and Safari 11 in macOS High Sierra 10.13, and has worked to improve ITP ever since. iOS 12 and macOS Mojave 10.14 offer enhancements.
Apple lays out how it works to target all forms of cross-site tracking behavior:
WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert). These goals apply to all types of tracking listed above, as well as tracking techniques currently unknown to us.
If a particular tracking technique cannot be completely prevented without undue user harm, WebKit will limit the capability of using the technique. For example, limiting the time window for tracking or reducing the available bits of entropy — unique data points that may be used to identify a user or a user’s behavior.
The page also outlines Apple’s stance against bad actors and others attempting to circumvent anti-tracking measures:
We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities.
If a party attempts to circumvent our tracking prevention methods, we may add additional restrictions without prior notice. These restrictions may apply universally; to algorithmically classified targets; or to specific parties engaging in circumvention.
Apple’s full WebKit Tracking Prevention Policy is available for reading on the WebKit blog.