Privacy Features in WebKit

by John Wilander

• WebKit Tracking Prevention Policy
  • ​http://webkit.org/privay-prevention-policy
• Privacy Defaults Timeline
  • 2003 Third-parties without pre-existing cookies cannot set cookies
  • 2013 Caches and HTML5 storage partitioned per website
  • 2017 Intelligent Tracking Prevention deletes tracking cookies
  • 2018 The Storage Access API asks for user permission
  • 2019 Private Click Measurement (proposed standard)
• How to Enable ITP
  • “Resource Load Statistics”
  • Classification there for all ports
  • Cocoa-specific:
    • Public Suffix List
    • Cookie blocking (HTTP and JS)
    • HTTP referrer downgrade
    • HSTS restrictions
• The Storage Access API
  • Prompt: Do you want to allow “third party video.example” to use cookies and website date while browsing news.example
• What is Ad Click Attribution?
  • You buy something, where did the purchase come from, an ad?
  • Search for something click and ad
    • If you add the item to shopping cart
    • Cookie is set and read by search provider
    • ITP prevents this, no matching
• ​Private Click Measurement
  • 1. Store Ad Clicks internally
  • 2. Match conversions against stored clicks
  • 3. Send out attribution data
  • Provides aggregate measurement of ad clicks
• Next Up
  • isLoggedIn API
    • Differentiate between logged in and casual visits
    • Proposed at W3C TPAC