Apple yesterday released the new iOS 13.4, iPadOS 13.4, and macOS updates to its users. While the changelog mentioned more user-facing things such as new Memoji stickers, bug fixes in Safari and other things, the company also shipped a pretty major update to Safari as far as privacy is concerned.
According to the WebKit blog, Safari in iOS and iPadOS 13.4, and macOS (Safari 13.1) now completely blocks third party cookies by default. This makes Safari the first mainstream browser to take this step. Before Safari, the Tor browser used to block third party cookies, and Brave blocked them with certain exceptions. Safari, on the other hand, does not have any exceptions in cookie blocking. The WebKit blog post says as much: “This is a significant improvement for privacy since it removes any sense of exceptions or ‘a little bit of cross-site tracking is allowed.'”
Third party cookies being blocked should make life difficult for trackers that follow users around the web. It will also disable them from login fingerprinting, and will even prevent trackers from using the state of your anti-tracking settings to, ironically, track you.
The change should also prevent cross site forgery attacks while also making it easier for developers, thanks to the new Storage Access API that Apple has submitted to the W3C Privacy Community Group for standardisation.
