Over the years, we've seen security breach after security breach, as well as high-profile data scandals where collected personal information was misused by companies. Apple makes customer privacy a priority, so there have been few issues to worry about when it comes to its services on your iPhone. However, there are still plenty of privacy settings to explore and change, especially within Safari.
It should go without saying that privacy and the internet do not mix. As you browse the web, every move you make is logged by your ISP, the site you're visiting, even sites you've visited in the past. But taking the proper precautions can help reduce the data you emit when using Safari.
Apple has a ton of privacy-related features for Safari, many of which are enabled by default, but there are still plenty of settings you should check to make sure you're surfing the web as securely as possible.
While Safari might not require a passcode to access it, your iPhone sure does. If someone with nefarious motives wants in on your Safari data, it won't matter what steps you take below if they can guess your passcode.
Also, some sensitive information found in Safari, such as iCloud Keychain passwords, may be hidden behind Touch ID or Face ID, but if your intruder knows your passcode, it only takes a minute for them to reset your biometric keys to match their own. So much for that deterrent.
You'll want to make sure your passcode is strong enough to keep out the most likely of intruders, while also not being so complicated you lose your mind trying to get into your iPhone. Check out our guide below on creating the ideal passcode for your device so that all of your Safari data remains private.
Siri's integration with Safari may seem more useful outside of Safari, depending on how you use your iPhone, since it looks at your browsing history and searches to include helpful predictions and suggestions in Search, Look Up, News, Photos, Memories, on your lock screen, and even in your keyboard.
While Siri uses "local, on-device processing" to do this, it will send generalized topics to Apple in some instances to give you better search results. Apple claims to use "privacy-friendly techniques to disassociate these topics of interest from you," but if you're ultra-paranoid, this still might not sit right.
If you don't want Siri or Apple getting hold of your browsing history and searches, can easily disable the feature by going to Settings –> Safari –> Siri & Search. Simply tap the switch to disable "Siri & Suggestions."
Once you do, "Allow on Lock Screen" will disappear, with a new option "Show App" in its place. "Show App" will allow Safari to show up in other Search and Siri App Suggestions, which is not as big a deal since you may actually want to see the Safari icon pop up on occasion, like if you can't find it on the home screen and need to perform a search for it. However, if you want to make sure that doesn't happen, disable this setting, too.
Even if you disable Siri & Suggestions as seen above, you might still see Siri Suggestions when typing a search into Safari. That's because of "Safari Suggestions," which recommends sites in predicted search results based on your queries.
While useful, the information is still tailored to you and what Safari thinks interests you most. Think of it like search engine suggestions (there's also a Safari setting for search engines). With it disabled, you may no longer see suggestions when typing, but that doesn't mean any less data is being read by Safari or sent to Apple. Still, it may provide a little peace of mind to see these suggestions gone.
Head over to Settings –> Safari, then tap the slider next to "Safari Suggestions." You'll also see the "Search Engine Suggestions" option there, which can also be toggled off if you really want to limit predictions.
Google may have conquered the search engine market, but that doesn't mean you need to use it. Google is famous for how it collects data on its users, which, if you're reading this, might go against your privacy-minded interests.
If using Google as your default search engine makes you uneasy, try DuckDuckGo instead. DuckDuckGo was created in response to Google's seemingly endless control over your data. The company does not store your information, doesn't show you ads based on your search history, and doesn't track you between public and private browsing modes. Sure beats Google, Yahoo, and Bing.
To switch, head over to Settings –> Safari –> Search Engine –> DuckDuckGo.
Location Services enable your iPhone and Apple Watch (if you have one) and their apps to access your current location based on GPS data and/or local Wi-Fi networks. GPS-dependent apps constantly need to see your location to give you accurate directions, provide weather forecasts and conditions, and more.
The way Safari uses your location comes down to the sites you visit. If a site needs or wants access to your location to provide a service, you'll receive a pop-up asking for your permission. If you accept, the site can use your geolocation as long as you're on it. If you reject it, you'll be asked the next time you check the site.
Obviously, location access is the direct opposite of privacy. But there are options for both types of users, those who don't want Safari to ever give any websites geolocation data and those that will allow it on a case-by-case basis. Those options are "Never" and "While Using the App."
While "Never" is a sturdy option, it's likely you'll run into a site that won't work unless you fork over this personal info. Luckily, with the "While Using the App" option, the site will only see your location while you're using the app and give it access. Once you quit, the access breaks.
What you choose comes down to you, and if you change your mind, switching options is simple and effortless. To find the option, simply go to Settings –> Privacy –> Location Services –> Safari Websites.
AutoFill provides an instant way for you to enter your personal information into web forms, so instead of typing all relevant details by hand, Safari can pull data from your contact card, including your name, address, date of birth, email address, and more. AutoFill also works with credit cards for easy entry.
Of course, this can pose a security risk. If someone gains access to your AutoFill-enabled iPhone without your consent, they can view your personal information as well as the last four digits of your credit card numbers and sign up for services, all without needing to know your passcode.
Auto-filling credit cards requires either Face ID, Touch ID, or your passcode, so if that's all you're worried about, you might not want to change a thing. If you'd rather not take the risk of anyone seeing anything, jump over to Settings –> Safari –> AutoFill, then disable "Use Contact Info" and/or "Credit Cards."
Speaking of cards, Safari lets you remove any saved cards you have by tapping "Saved Credit Cards," then presenting your passcode, Touch ID, or Face ID. You can delete any or all of your saved cards here by tapping "Edit," selecting the cards you want to remove, then tapping "Delete." You can also just swipe left on each card.
In previous iOS versions, the AutoFill settings for passwords was available in the same settings above, but since iOS 12, they've been moved since Apple has implemented device-wide AutoFill for websites and apps. If you don't like having Safari being able to AutoFill usernames and passwords, or if you just don't like using Apple's iCloud Keychain to do so, you can tweak the settings.
Go to Settings –> Passwords & Accounts –> AutoFill Passwords. From there, you can either toggle off "AutoFill Passwords" as a whole or uncheck iCloud Keychain and use another, possibly more secure password manager such as Keeper, LastPass, Dashlane, or 1Password.
When you tap on the address bar up top or open a new tab, your bookmarked favorites will show up at the top, if you have any. It's pretty handy but not entirely private depending on how you use them.
If someone is using your iPhone or peeking at your screen behind your back, they could see all the sites you have listed in there, including items such as what bank you use, who you have loans with, what social networks you're on, and more. While I'm not against using these favorites, it's better to at least obscure them a bit or have them only show up when you want.
While there is no official way to disable these bookmarks from showing up without deleting them all, you can change the folder in "Favorites" that does show up. Go to Settings –> Safari –> Favorites, then change it to a folder that has nothing in it. This will effectively make your favorited bookmarks never show up when tapping the search/address bar or opening a new tab.
But then you lose the convenience of using those bookmarks? Not really. You can still tap on the "Bookmarks" icon in the bottom menu bar of Safari, which jumps you right to your list of "Favorites." Doing it this way makes sure that they don't show up unless you want them to, reducing exposure to others. From this section, you can also tap "Edit" to remove or create new folders.
Just like with Favorites above, when you tap the address/search bar or open a new tap, a list of frequently visited websites may appear below your favorites (if you have any). These are not your favorite links, just ones you seem to frequent over and over again. However, just like with above, other people may be able to glance at these, effectively knowing what you're viewing in Safari.
Go to Settings –> Safari, then disable "Frequently Visited Sites." You'll notice when you return to Safari that nothing appears under Favorites, so you can rest easy opening Safari around others.
Pop-ups can appear in a new tab or your current tab and include but aren't limited to advertisements, offers, notices, and other alerts. While it may seem more irksome and less of a security concern, these pop-ups could include phishing tactics to trick you into sharing personal information, installing a malicious app, or tapping on a dangerous link.
Some sites require users to have pop-ups enabled for certain features to work, so there may be times when you actually need them. But you can always enable pop-ups when you need them. To disable pop-ups, head over to Settings –> Safari, then make sure "Block Pop-ups" is enabled.
While blocking pop-ups is a good first step to keeping phishing attempts and unwanted advertisers away, you should really install a "Content Blocker."
Content Blockers are apps which act as Safari extensions that tell Safari how to handle your request. This could include hiding elements on a webpage such as unwanted images and auto-playing videos, blocking loads that aren't necessary such pop-ups and scripts, and stripping cookies that site and advertisers would normally be able to see.
One of the main benefits of using a Content Blocker is that page load times are faster since Safari is requesting less content and there are fewer elements to load. Overall, it can improve Safari's performance and memory usage. However, from a privacy perspective, Content Blockers can reduce the amount of information given to websites and advertisers, as well as limit possibly malicious content from appearing.
When you do download a Content Blocker from the App Store, there's not a lot you need to do to get it up and running. A simple tap in Safari's settings can mean the difference between a clean web and a distracting, pop-up filled, auto-playing mess.
You can't trust anyone on the internet, and neither can Safari. With the "Fraudulent Website Warning" option in Safari's settings turned on, you'll get pop-up alerts any time Safari thinks you're visiting a site with malicious intent, usually due to suspected phishing. These sites usually try to steal your usernames, passwords, and other personally identifiable information.
Safari determines whether or a site is fraudulent or not using a variety of factors, including referencing Google Safe Browsing and Tencent Safe Browsing. Without this feature enabled, the sites you're entering personal data into might not be what you think they are.
Bonus: Safari in iOS 12.2 introduces a new feature to shame websites that aren't using HTTPS which encrypts data sent and received. When visiting an HTTP website, it will say "Not Secure" in the address bar. There is no toggle for this one — it's one of Safari's mandatory security features going forward.
There's a new setting in iOS 12.2 that helps protect your iPhone's motion and orientation data from malicious websites. The setting, appropriately called "Motion & Orientation Access," lets you decide whether or not to allow sites to use your iPhone's gyroscope and accelerometer. With it disabled, you can prevent bad actors from recording this data.
The flipside to this added security is that motion-based sites will no longer work. Instead, moving images will become static, and any AR-based content will be rendered useless. This setting is straightforward to toggle on or off, however, so if you need to use a site with motion, you can fix any issues quickly.
You'll find that some websites you visit in Safari will require access to your iPhone's camera and microphone to function properly. If you want to use these sites, there's no other way around it — you'll have to leave "Camera & Microphone Access" enabled.
If you know you don't visit any sites that require access, or you don't need to use the functions on sites that do, you can disable this setting. While you won't be able to use certain features of websites that need your camera and microphone, it's better to be safe than sorry, especially since some websites can abuse the privilege to use your camera or mic without warning.
When enabled, "Check for Apple Pay" allows websites to see if you've enabled Apple Pay on your iPhone. In turn, these sites can better highlight Apple Pay options for you if you have Apple Pay setup.
While it can be a convenient way to access Apple Pay when making a purchase, this setting isn't necessary for using the payment option in Safari. You can still pay for items with Apple Pay, even with "Check for Apple Pay" disabled, so there's little benefit in handing over extraneous control to any site that wants it.
This feature works just like it sounds, at least, when it does work. When enabled, "Ask Websites Not to Track Me" tasks Safari with asking each site you visit not to track you. It sounds silly, but if the website in question complies, you won't be tracked.
Of course, the fatal flaw here is that it's up to each site to honor your request. Sites can ignore Safari and track you all the same. In fact, the standard itself is no longer up for consideration by the World Wide Web Consortium. That's why Apple has retired the feature in iOS 12.2. On the bright side, there are plenty of other excellent security features packed into Safari.
Cross-site tracking is when one website you visit can target your activity even after you've left the original site entirely. It's how you end up with ads for shoes after looking at one pair on Amazon; You leave that webpage with a cookie, which allows advertisers to watch and target you on other sites for weeks at a time.
While Safari won't stop this activity from happening altogether, enabling "Prevent Cross-Site Tracking" tells Safari to periodically delete this tracking data, unless you revisit the site where the tracker originates. It's not a perfect system, but it'll help cut down on third parties following your every move.
Cookies aren't tasty on the internet. Instead, they're nuggets of data stored by websites on your iPhone so the site that they can remember certain preferences and activities the next time you come back. And just like discussed about with cross-site tracking, these cookies can be used by advertisers to follow along with your browsing activity.
You can choose "Block All Cookies" in the Safari setting to prevent any cookies from working when you're browsing the web, and this will also delete all cookies that have been stored already. And since this is directly related to cross-site tracking, it will automatically enable that feature since you can't block cookies without also preventing cross-site tracking.
However, many sites and functions won't work correctly unless you have cookies enabled. For instance, you'll be logged out of any sites you visit as soon as you close the tab. You might not even be able to sign in to certain websites. Websites can even block you from accessing content without cookies enabled. So you may need to turn it back on. In that case, we suggest preventing cross-site tracking and clearing your cookies every once in a while.
If you don't want to block all cookies since it could make using Safari pretty inconvenient at times, it's at least worth deleting cookies every now and then. You can delete them for sites individually or on a mass scale.
Tap "Advanced" in Safari's settings, then "Website Data." Here, you can see all the cookies stored on your iPhone, as well as how much space each takes up. You can delete entries by swiping left on each or by tapping "Edit," tapping the red button next to an entry, then tapping "Delete." To delete all cookies, select "Remove All Website Data."
When you don't want sites to track your browsing activity or don't want friends and family members to see what you've been up to, simply clear your history. On any Safari tab, tap the "Bookmarks" icon in the bottom menu, then the clock icon to access your history. From here, you can left-swipe on any entry to delete it. To get rid of all of it, tap "Clear" at the bottom, then choose your desired timeframe for deletion.
If you don't want to save either your browsing history or the cookies stored on your iPhone, as well as the cache, there's a delete-all switch available. From the Safari settings, tap "Clear History and Website Data." This option will clear all browsing data. While this won't clear your saved passwords or bookmarks, you won't have to worry about most remnants of your web activity being accessible to anyone else.
This article was produced during Gadget Hacks' special coverage on smartphone privacy and security. Check out the whole Privacy and Security series.