Video: How Apple's Intelligent Tracking Protection in Safari works

By Vadim Yuryev

Have you ever shopped for something on Amazon, and then noticed that other websites and even apps like Facebook are flooded with ads concerning that product? AppleInsider explains how this happens, and how Apple's implementation of Intelligent Tracking Protection in Safari works.

For example, I once searched Amazon and Googles shopping results for a new pair of Adidas shoes, and it led to over a week of Adidas shoe ads in Facebook, Instagram, and practically any website I visited.

Apple has been hard at work to prevent this, and their new solution is already hitting ad firms hard, with online advertising businesses reportedly losing out on hundreds of millions of dollars!

The solution is Safari's new Intelligent Tracking Prevention feature, which came to mobile devices with iOS 11, and also to the Mac with the macOS 10.13 update. Many users are still reluctant to update to iOS 11. But, besides security, I think this feature alone makes updating to iOS 11, totally worth it.

To understand how this new cross-tracking prevention feature works, let me first explain how cookies work. In short, cookies are bits of data from websites you visit, that are saved onto your device. The biggest example of this is a website saving your login information so you dont have to type it in with every visit.

These cookies, called first-party cookies, make total sense and are completely safe and in the clear, since websites can only write or create them when a consumer is visiting their website.

Now comes third-party cookies, where you are being served information or ads from a certain website, while you are on a completely different website. These third-party cookies have always been blocked by Safari, with one exception: if they were originally written as a first-party cookie from a visit to a website.

This exception for first-party cookies was exploited by some ad tech vendors who developed solutions that wrote cookies using the advertisers domain. An example of this is when you visit a site like Amazon and search for a pair of shoes. A first-party cookie will be created to save your search history.

Once you leave that site, advertisers could access that first-party cookie in a third-party context, in other words, while youre not on the original website where the cookie was created. They could then read that cookie and serve you ads based on what you searched for, and you end up seeing ads for shoes all over the web.

Safaris new Intelligent Tracking Prevention feature puts restrictions on whether or not any business can continue to read or update first-party cookies when the user is not directly on the businesss site.

Apples solution was to only provide third parties looking to use that cookie data with a 24-hour window from when a cookie was last accessed from the originating site. Every time you hit the originating site, the access timer is reset. After 24 hours from the last visit to the site, the time is up, and access is denied.

This is why you may have still noticed third-party ads on other websites, even after updating to iOS 11.

For example, last night I was searching for honeymoon packages on Safari, and this morning Ive been seeing Honeymoon ads all over Instagram. Thankfully, with Safaris new cross-site tracking prevention feature, those honeymoon ads should disappear about 9 hours from now, assuming I dont keep searching.

Otherwise, Id be stuck staring at honeymoon ads for a couple of weeks until the advertising sites and algorithms realized Im not interested in that anymore. This is exactly why this new feature is hitting advertisers hard, and so why so many of them have been protesting Apples Safari tracking changes.

Getting back to how the new feature works, like we said, access to first-party cookies from a third-party context will only be regained when you visit the primary website again, and in that case, the 24-hour timer will restart.

If the user doesnt return to the primary website within the next 29 days, the first-party cookie will be entirely deleted.

The only downside to this is that if you dont log into a website for a whole month, certain information like your login credentials stored in a cookie and not stored in your Keychain can be lost, and youll have to reenter them like it was your first time ever using that website.

This new feature is not only useful for avoiding those annoying ads, but it also protects your privacy and security.