July 16th, 2024

Private Browsing 2.0

Private Browsing 2.0 in Safari introduces enhanced privacy features like Link Tracking Protection and Advanced Fingerprinting Protection. iCloud+ subscribers gain extra privacy options. Extensions now have improved privacy measures. The update aims to establish a new industry standard for Private Browsing.

Read original articleLink Icon
Private Browsing 2.0

Private Browsing 2.0 in Safari has been enhanced to provide users with increased privacy protections beyond the traditional browsing experience. These enhancements include Link Tracking Protection, Advanced Fingerprinting Protection, and Web AdAttributionKit. The update also introduces network privacy enhancements like Encrypted DNS and Proxying unencrypted HTTP. For iCloud+ subscribers, additional features such as separate sessions per tab and geolocation privacy by default are available. Extensions in Private Browsing now have improved privacy measures, with access to website data and browsing history turned off by default. The update addresses various types of fingerprinting methods used for tracking users across websites and implements solutions to mitigate these privacy concerns. Users can adjust privacy settings on a per-site basis to balance privacy protection with website compatibility. Overall, the goal is to set a new industry standard for Private Browsing by offering comprehensive privacy safeguards while ensuring a seamless browsing experience.

Related

Apple Disables WebKit's JIT in Lockdown Mode

Apple Disables WebKit's JIT in Lockdown Mode

Apple disables WebKit's JIT in Lockdown Mode for security, affecting web browsing speed. BrowserEngineKit complies with EU's DMA, allowing third-party engines while ensuring security. Apple balances compliance, security, and performance.

Turn off advertising features in Firefox

Turn off advertising features in Firefox

Mozilla enhances Firefox with advertising features to reduce reliance on Google. New Privacy-preserving attribution (PPA) raises privacy concerns but can be disabled. Firefox offers Global Privacy Control and blocks scam ad blockers. Users urged to verify ad blocker effectiveness for privacy.

"Privacy-Preserving" Attribution: Mozilla Disappoints Us yet Again

"Privacy-Preserving" Attribution: Mozilla Disappoints Us yet Again

Mozilla introduced the "Privacy-Preserving Attribution" feature in Firefox 128 with Meta, enabling more tracking for advertisers. Users must manually opt out, sparking privacy and consent concerns. Critics view this as a departure from Mozilla's privacy mission, urging users to disable the feature or switch browsers.

Misconceptions about Firefox's Privacy Preserving Ad Measurement

Misconceptions about Firefox's Privacy Preserving Ad Measurement

Mozilla introduces Privacy Preserving Attribution API in Firefox 128.0 to combat invasive tracking by AdTech companies. The feature shifts tracking to ad campaigns, ensuring privacy while allowing advertisers to measure success.

For advertising: Firefox now collects user data by default

For advertising: Firefox now collects user data by default

Firefox 128 introduces controversial default data collection for advertisers through Privacy-Preserving Attribution (PPA). Users must manually opt out, raising transparency and trust issues. Critics question Mozilla's commitment to user privacy.

Link Icon 16 comments
By @kccqzy - 5 months
> Staying with the 2005 definition of private mode as only being ephemeral, such as Chrome’s Incognito Mode, simply doesn’t cut it anymore.

Yes I cannot agree more. Personally this shift in people's expectations of Private Browsing or Incognito Browsing came in a way that felt sudden. The recent lawsuit about Google tracking you in Incognito mode was absolutely dumbfounding to me: of course websites can still track you! If only people still remembered the origins of this feature in 2005 (or 2008 in Chrome's case). But even on HN the opinion was pretty split. It is indeed clear that it is now time to change what private browsing means.

However, I don't think this is going to stay this way for long. The word "private" when it comes to computing has many varied definitions and it all depends on who the information is made private to. In the extreme case, if your threat model is privacy from eavesdroppers on the network or the ISP, then a browser can easily claim any HTTPS connection is private enough; the majority of browsing is already private browsing. If it is privacy from others using the same machine, then this older private browsing already works. But I cannot help but feel that a few years down the road people are going to consciously or subconsciously substitute yet another definition of privacy.

By @mappu - 5 months
Alternative take on the same news: ""Safari already contains ad tracking technology, and they’re now adding it to Safari’s Private Browsing mode, too"" -

https://www.osnews.com/story/140252/safari-already-contains-...

By @JumpCrisscross - 5 months
My most-wanted feature in Safari (and Orion) is first-party website-data whitelisting. I have a limited number of sites whom I trust to store data. Everyone else should be a tabula rasa each visit.
By @akersten - 5 months
> We also expanded Web AdAttributionKit (formerly Private Click Measurement) as a replacement for tracking parameters in URL to help developers understand the performance of their marketing campaigns even under Private Browsing.

Without fail, the knee bends. This also just got quietly enabled by default in Firefox 128, go check and turn it off if you are so inclined.

By @flumpcakes - 5 months
I moved from Android to Apple for only two reasons:

1. They started using USB Type C.

2. They are the only major manufacturer that appears to actually take privacy seriously. Even their AI endeavours look the most privacy focused that exists.

I'm sure I could go buy some no-name brick and flash my own security focused OS and run my own relays and ... I don't want to do that. I want to buy something that everyone else uses and for it to respect me.

So as much hate as Apple gets, they have my trust in good faith, for now.

By @dash2 - 5 months
My impression is:

* These guys are truly working very hard at guaranteeing privacy;

* That will probably break some websites (I'm trying out the advanced tracking protection in normal mode, we'll see).

* It will also put them on collision with Google, which is essentially an advertising shop with a free browser frontend.

By @nashashmi - 5 months
> Block known trackers

Is this a cat and mouse game?

> Fingerprinting

Does this prevent Google's cookieless tracking technology?

By @ku1ik - 5 months
You know what’s also cool about this announcement? How clean, lightweight and unobtrusive that blog page is.
By @wild_pointer - 5 months
That's good progress. How do these features compare to Brave, which has Brave Shields and [copy clean link](https://github.com/brave/brave-browser/wiki/Copy-clean-link)?
By @Jiahang - 5 months
I using private browsing in iPad all time. It is great to see update !
By @Aachen - 5 months
TL;DR:

- Blocking requests to known trackers

- Remove utm_ and other such parameters from URLs

- Fingerprinting resistance

- Extension disabling

- Cap third-party cookie lifetimes

- Partitioning for sessionStorage and blob URLs

- Proxying encrypted-to-the-resolver DNS traffic

- Proxying HTTP, but only when it's unencrypted

With a subscription, you also get per-tab sessions and a VPN

---

The fingerprinting resistance is interesting as it claims to remove user behaviour characteristics like typing speed and how you move the cursor. Does it fire keyboard events with randomised delays and adds random offsets to mouse locations or how could this work? Games would be unplayable with mouse offsets and random input lag, but if that's not it, then the website gets the data so this has to be it right? For canvas specifically, they say there'll be small but probably visible artifacts from noise injections. So no web-based photo editing in private navigation? Curious how this'll work out in practice

Also cool is that they offer an open platform (Mastodon) as a place where you can respond to the author!

By @Vinnl - 5 months
Pretty off-topic, but:

> When we invented Private Browsing back in 2005, our aim was to provide users with an easy way to keep their browsing private from anyone who shared the same device.

I wonder if anyone actually involved 19 years ago was also involved in writing this piece, or if it just sounded reasonable to whoever drafted it up.

By @lapcat - 5 months
Advanced tracking and fingerprinting protection breaks Safari extensions: https://lapcatsoftware.com/articles/2024/6/5.html
By @ranger_danger - 5 months
> Safari also brings a version of Web AdAttributionKit to Private Browsing

This is like a bad dream.

By @yencabulator - 5 months
> to implement ad attribution and click measurement in a privacy-preserving way

What an oxymoron.

By @yupyupyups - 5 months
> Proxying unencrypted HTTP. Any unencrypted HTTP resources loaded in Private Browsing will use the same multi-hop proxy network used to hide IP addresses from trackers. This ensures that attackers in the local network cannot see or modify the content of Private Browsing traffic.

No thanks, Apple!

I trust my ISP more than you. Multi-hop wont matter if all nodes are managed by you.