Pixel Envy

Written by Nick Heer.

New Privacy Features in iOS 12 and MacOS Mojave

Apple PR:

As with all Apple software updates, enhanced privacy and security remain a top priority in macOS Mojave. In Safari, enhanced Intelligent Tracking Prevention helps block social media “Like” or “Share” buttons and comment widgets from tracking users without permission. Safari now also presents simplified system information when users browse the web, preventing them from being tracked based on their system configuration.

This feature is also in iOS 12, and I could not be happier. As I wrote two months ago, web developers and property owners have a responsibility to not sell out their visitors’ privacy — or, in the wake of GDPR, at least tell visitors how their privacy is being sold out. Due to either ignorance or incompetence, this responsibility is frequently abdicated. This change, like most of the Intelligent Tracking Prevention features in Safari, doesn’t prevent analytics or sharing buttons from working; it simply educates users and allows them to make an informed decision about whether to allow tracking.

One more security and privacy feature, via Lorenzo Franceschi-Bicchierai:

New: Apple put USB Restricted Mode in both iOS 11.4.1 beta and iOS 12 beta. And now it’s triggered after 1 HOUR of phone not being unlocked, not 1 week.

This is the feature that essentially kills iPhone unlocking tools made by Cellebrite and GrayShift.

Again, this is good news — not specifically because it defeats techniques used by law enforcement, but because those same techniques could be used by bad actors, too.

Update: More on Safari’s new privacy features from Apple’s developer site:

Improved Intelligent Tracking Prevention to permanently partition cookie access in third-party contexts, add a user prompt to the Storage Access API, detect bounce trackers and purge their website data, identify tracker collusion, and send origin-only headers for third-party tracker requests.

Users shouldn’t have to think about this stuff. They also shouldn’t worry that browsing the web every day will spool up an ad tech machine that will track them without their permission.