Apple Update Blocks Safari Third Party Cookies By Default

April 4, 2020

Written by wukovits

In May of 2019, a Google blog post encouraged all web browsers to adopt the approach of blocking third-party cookies by default. Google announced their own plans to do so, outlining a development strategy that would see Chrome and all Chromium-based browsers defaulting to that by 2022.

The TOR browser was the first to make the switch, and now, Apple’s Safari browser is the second with the release of Safari 13.1.

Although the change has raised a few eyebrows in the user community, in general, privacy groups and security analysists regard it as the right move.

As Apple software engineer John Wilander explains:

This update takes several important steps to fight cross-site tracking and makes it more safe to browse the web.

First of all, it paves the way. We will report on our experiences of full third-party cookie blocking to the privacy groups in W3C to help other browsers take the leap. 

Second, full third-party cookie blocking removes the statefulness in cookie blocking.

Third, full third-party cookie blocking fully disables login fingerprinting, a problem on the web described already 12 years ago. Without protection, trackers can figure out which websites you’re logged in to and use it as a fingerprint. 

Fourth, full third-party cookie blocking solves cross-site request forgeries. This is one of the web’s original security vulnerabilities and discussed in communities like OWASP for well over a decade. Those vulnerabilities are now gone in Safari.”

All true, and if third-party cookies is something you’ve been concerned about, be sure to download Safari 13.1 today. Chrome users, sorry, but you’ll have to wait. While Google is still forging ahead with their plans to block third-party cookies by default, they are quite some distance from actually rolling anything out to end users.

Used with permission from Article Aggregator

Bayou Tech

We provide solutions for your business. Find out how we can help.

Related Articles

Some Amazon Device Features May Have Security Risks

Have you heard of Amazon Sidewalk? If not, it's definitely something you should be aware of. Depending on your point of view, the new feature, which was enabled by default on a wide range of Amazon devices by default on June 8 of this year (2021) is either...

Email Unsubscribe Scam Can Easily Fool Any User

Scammers are increasingly relying on a tried and true bit of social engineering to fool unsuspecting users into unwittingly signing up to receive a flood of additional spam email. They accomplish this by blasting out an email asking recipients if they wish to...

Update VMWare Software Immediately To Avoid Possible Attack

The US Cybersecurity and Infrastructure Security Agency recently issued a warning to all companies running VMware Vcenter Server and VMware Cloud Foundation. They are asking them to download and apply the latest security patches as soon as possible because attackers...

Send us a message

Your message was sent.