Thursday, September 7, 2023

Intelligent Tracking Prevention Deleting Data

Jeff Johnson:

To put it simply, if you haven’t visited Twitter in the past 7 days, then Safari will automatically delete your Twitter settings, including your font size, color scheme, and timeline behavior!

[…]

On macOS, enable “Show Develop menu in menu bar” at the bottom of the Advanced pane in Safari Preferences, then open the Develop menu, the Experimental Features submenu, and select “Disable Removal of Non-Cookie Data After 7 Days of No User Interaction (ITP)”. On iOS, the same Experimental Features submenu is in the Advanced menu at the bottom of the Safari section in Settings.

But this setting is reset with each software update.

Jeff Johnson:

Of course I want to prevent cross-site tracking, but the way that Safari implements it leaves a lot to be desired, especially compared to Chrome and Firefox, both of which allow you to set per-website cookies and storage settings. For some strange reason, Safari Website Settings doesn’t include cookies and storage (or JavaScript, for that matter).

Per-site JavaScript settings would be great.

Today I was hit (yet again) by another ITP policy[…] The domain in this case was a Mastodon instance, so I’m not sure why it was “classified” by ITP. I was able to determine that ITP was the culprit in deleting my website data by checking my backups and looking inside Safari’s “container”[…]

[…]

I’m logged in permanently to a number of different websites that I use only occasionally, which makes ITP’s 30-day policy quite problematic for me. When Safari deletes all storage data for a site, you are thereby logged out of the site and need to login again. If Two-Factor Authentication (2FA) is involved, this is egregious, because you have to jump through extra hoops every time you need to login again with 2FA.

I’ve been running Safari without ITP for quite a while now, but even then it seems to forget a lot. Despite asking to be remembered, I have to enter my Amazon password multiple times per day to view order information.

9 Comments RSS · Twitter · Mastodon


It's time to open-source Safari.


To be fair, I haven't been an iOS nor Mac user for years at this point. I think around 2016ish was when I took my last Mac and installed Linux on it (still works to this day because I abandoned Mac OS on Mac hardware, weird I know), but even back then, I simply didn't use Safari. Every time I tried, it was by far the worst browser, limited settings, only got updates with OS updates. As I tended to stay on the last major OS release for as long as possible, it just wasn't fun always chasing system updates just to get meaningful browser changes. I by far preferred Opera back in the day (RIP old Presto Opera), or iCab (might still be my favorite Mac browser), or Camino (yeah, RIP) or Firefox or… well you get the picture. I mostly use Firefox now on Linux and a bunch of different Webview Android browsers (and non Google Chromium browers), but any reason noto to just use something other than Safari at this point? Even on iOS, you can have alternative browsers now, yes?


O. M. G. this is why getting into the banking site has been such a mess. It's always a mess, but made so much very worse when the cookie is trashed (which is what I figured was happening but couldn't figure out why or where or how to stop it) and by phone authentication since regular 2FA is too much of a bother and the 'email me' option wouldn't stick. Last time it took 10 requests and 7 worldwide calls to my cell to get an 8 digit code to log in. I hope ticking this off (and re-ticking it with each update) puts everything back the way it was.


@Nathan I’m seriously thinking about switching to Chrome, but I like Safari as a Mac app, and I like SMS security code auto-fill and Apple Passwords. I guess there is an extension to make that work with Chrome, but it sounded like it wasn’t very good.


Corentin Cras-Méneur

I'd add that the cross-site tracking prevention feature is an all or nothing option.
I have a couple of portal website that federate different "stores" within the webpage. If I disable cross-site tracking, the stores fail to see I'm coming from the federated site and lack any kind of integration. I know it's not a common situation, but I'd love to be able to exclude that portal from the "disable cross-site tracking" option for instance, but without a site-specific preference for that, I have to allow cross-site tracking everywhere :-\

Corentin


Firefox is my daily driver on macOS. Tracking prevention does not cause me any issues so far. But on the iPhone and the iPad I have to use Safari.

I have one local Web App that I use as an PWA with a homescreen icon. Safari regularly will log me out of that app, which is very annoying. Now I'm wondering if ITP might be to blame.


I guess i'm in the minority for actually loving this feature, for privacy reasons.

It protects everyone and their grandmother, who are not aware they are being tracked and fingerprinted.

Resetting it with a software update, should be fixed of course.
And in advanced setting an option to disable the feature would be welcome too.


> I have to enter my Amazon password multiple
> times per day to view order information

Do you also open the Web Inspector several times a day? (on any site, not just Amazon)

The past few months I've had to put up with a Safari bug where I will intermittently be logged out of some (but not all) sites, after opening Web Inspector on any site.

It is always the same sites that I am being logged out of when the bug occurs: For example, Github, Google, Twitter, and Facebook will always be logged out after the bug occurs. Other sites are entirely unaffected by the bug and remain logged in, such as Bing, Hulu, Netflix, an internal company portal, etc.

It's so bad now (and I use web inspector frequently) that I have started using Firefox for the affected sites, so I don't have to keep logging in over and over again.


@Mike No, I use the Web Inspector less than once per day. I do frequently run a script to get the page’s source, though.

Leave a Comment