Safari Un-Intelligent Tracking Prevention: Data Loss by Design (2023)

vilasa1 pts0 comments

Safari UnIntelligent Tracking Prevention: Data loss by design

Safari Un-Intelligent Tracking Prevention: Data loss by design

August 30 2023

I want to use Safari, but sometimes it frustrates the hell out of me, and in some ways it's vastly inferior to Chrome and Firefox. One of my biggest pet peeves is Safari "Intelligent Tracking Prevention" (ITP). This feature is enabled by default and called "Prevent cross-site tracking" in Safari Privacy Settings. Of course I want to prevent cross-site tracking, but the way that Safari implements it leaves a lot to be desired, especially compared to Chrome and Firefox, both of which allow you to set per-website cookies and storage settings. For some strange reason, Safari Website Settings doesn't include cookies and storage (or JavaScript, for that matter).

Apple's WebKit project, the web browser engine underlying Safari, has published documentation of the policies of ITP in Safari. There are two specific policies that I'll highlight here. First:

7-Day Cap on All Script-Writeable Storage

Trackers executing script in the first-party context often make use of first-party storage to save and recall cross-site tracking information. Therefore, ITP deletes all cookies created in JavaScript and all other script-writeable storage after 7 days of no user interaction with the website. The latter storage forms are:

IndexedDB

LocalStorage

Media keys

SessionStorage

Service Worker registrations and cache

I've written about the 7-day cap before. When I still used Twitter and was logged into Twitter on many of my various Apple devices, Safari ITP automatically deleted Twitter's IndexedDB storage after 7 days, which caused my Twitter timeline to switch from reverse chronological to "the algorithm", which I never wanted.

You can temporarily "Disable Removal of Non-Cookie Data After 7 Days of No User Interaction (ITP)" in the "Experimental Features" submenu of Safari's "Develop" menu, but unfortunately your Experimental Features get reset after Safari software updates, so there's no permanent solution except for disabling ITP entirely.

Today I was hit (yet again) by another ITP policy:

Action Taken Against Classified Domains

All website data is deleted for classified domains which have not received user interaction as first-party or been granted storage access as third party through the Storage Access API (see below) in the last 30 days of browser use. Such website deletion happens at an interval so as to not cause too much disk I/O.

This is what "classified" means to ITP:

Classification as Having Cross-Site Tracking Capabilities

Beyond across-the-board blocking of third-party cookies and downgrades of third-party referrers, ITP collects statistics on resource loads and matches it with known patterns of cross-site tracking. If a registrable domain matches at least one such pattern, it is classified as having cross-site tracking capabilities.

The domain in this case was a Mastodon instance, so I'm not sure why it was "classified" by ITP. I was able to determine that ITP was the culprit in deleting my website data by checking my backups and looking inside Safari's "container" (this may require giving Full Disk Access to Terminal app:

% sqlite3 ~/Library/Containers/com.apple.Safari/Data/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db .dump

The file is a SQLite database, which is essentially a table with columns and rows.

CREATE TABLE ObservedDomains (domainID INTEGER PRIMARY KEY, registrableDomain TEXT NOT NULL UNIQUE ON CONFLICT FAIL, lastSeen REAL NOT NULL, hadUserInteraction INTEGER NOT NULL, mostRecentUserInteractionTime REAL NOT NULL, grandfathered INTEGER NOT NULL, isPrevalent INTEGER NOT NULL, isVeryPrevalent INTEGER NOT NULL, dataRecordsRemoved INTEGER NOT NULL,timesAccessedAsFirstPartyDueToUserInteraction INTEGER NOT NULL, timesAccessedAsFirstPartyDueToStorageAccessAPI INTEGER NOT NULL,isScheduledForAllButCookieDataRemoval INTEGER NOT NULL, mostRecentWebPushInteractionTime REAL NOT NULL);

Here's an example row:

INSERT INTO ObservedDomains VALUES(504, 'twitter.com', 1692130495.0, 1, 1692130496.3106480911, 0, 0, 0, 15, 0, 0, 0, 0.0);

You can see that the registrableDomain is twitter.com, lastSeen is 1692130495.0, hadUserInteraction is 1, which means yes, and mostRecentUserInteractionTime is 1692130496.3106480911. The time values are Unix timestamps, which you can translate into dates with the date command (after rounding to the nearest second):

% date -r 1692130495

Tue Aug 15 15:14:55 CDT 2023

% date -r 1692130496

Tue Aug 15 15:14:56 CDT 2023

I'm logged in permanently to a number of different websites that I use only occasionally, which makes ITP's 30-day policy quite problematic for me. When Safari deletes all storage data for a site, you are thereby logged out of the site and need to login again. If Two-Factor Authentication (2FA) is involved, this is egregious, because you have to jump through extra hoops every time you need to...

safari null tracking storage integer data

Related Articles