Tuesday, April 30, 2019

Intelligent Tracking Prevention 2.2

John Wilander:

As of ITP 2.2, persistent cookies set through document.cookie are capped to one day of storage when both of the following conditions are met:

  1. A domain classified with cross-site tracking capabilities was responsible for navigating the user to the current webpage.
  2. The final URL of the navigation mentioned above has a query string and/or a fragment identifier.

The rest of this blog post explores this in detail.

I’m not using the beta, but I wonder whether ITP is the source of some problems I’ve been having. I recently tried to update my billing information with GoDaddy, but got a blank white pane instead of the reCAPTCHA. This happened again after restarting Safari, but it worked when I unchecked “Prevent cross-site tracking” (and also worked in Firefox and Chrome).

I continue to have problems with bank and credit card sites (not to mention Apple’s iCloud and developer sites) not remembering that I have previously logged in.


6 Comments RSS · Twitter

I find myself periodically logged out of a variety of sites in Safari too, and have been suspecting ITP. I’m generally for what Apple is doing with ITP, but this is quite a user-hostile side effect.

George McKinlay

CapitalOne's banking site has been getting flakier when using the "bill pay" component, sometimes it does work. Theirr first response line is "we've been having trouble with Safari, could you use Chrome…" What is broken, ITP is probably part of it, but it remains broken when turning it off in this case. The only way to get around the issue is to start a "New Private Window" and then away we go...

So verified.capitalone.com goes to myaccounts.capitalone.com which goes to secure.capitalone360.com for bill pay, that is where the authentication breaks. SO Its a cookie setting issue and clear the specific cookie capitalone.com and bingo you're in.

I have a cookie set with my own secure server for an additional layer of security. It is set with a 365 day timeout, but in the last month or two I have had to reset the cookie on multiple occasions, so something has clearly changed in Safari.

Neither 1 or 2 above are applicable, but maybe there is some other factors I am not aware of.

[…] Previously: Intelligent Tracking Prevention 2.2. […]

Leave a Comment