While it's easy enough to ask websites not to track your browsing activity in Safari, they do not have to honor your request. Plus, some of the third-party content providers that websites use can actually invasively track you across other websites. Thankfully, iOS 11 includes a way to minimize companies from tracking you across the web on your iPhone.
Before we get to messing with the settings, let's talk a little about what cross-site scripting actually is. Not all content on a website you visit originates from that website. A lot will come from the website's partners and other third parties such as advertising firms. Those third parties will serve you information or ads from their own websites even though you are not visiting them directly.
These are what third-party cookies are for, but Safari has always blocked them in the past. However, third parties have always been able to get around this restriction by developing first-party cookies, ones meant to be used on the visited site only. The cookie is written using the advertiser's own domain, and they can access the information from that cookie and use it on other sites from a third-party context.
To better explain this, let's say you visit a product on Amazon's website in Safari, a first-party cookie will save your search. Once you close the tab and visit another website, you may see ads for the product you were just looking at on Amazon because advertisers can read that first-party cookie from a third-party context. And those ads could follow you around for weeks until it's believed you're no longer interested.
Apple's new feature in iOS 11, called Intelligent Tracking Prevention in WebKit, puts restrictions on how advertisers can use the data from that originating cookie. While it doesn't block all cross-site scripting, it does do it in an "intelligent" manner by using your browser's history and determining which sites can have access to which cookies and when.
- If you visit example.com, Safari will think that you're interested in the site, obviously, and it will allow cross-site tracking across other domains for 24 hours. Every time you visit example.com, the timer will be reset for another 24 hours.
- If you don't visit example.com again within 24 hours, Safari will believe you're no longer interested, and it will prevent cross-site tracking across other domains. The cookie will still remain on example.com but will be partitioned so it can't be used in a third-party context. This enables a cookie to still contain your login information so if you visit it again later, you can still login easily, without being tracked across websites all of the time.
- If you don't visit example.com again within 30 days, Safari will automatically delete or purge all of the cookies for that domain.
By default, the Intelligent Tracking Prevention feature is already enabled in iOS 11. However, if you or someone else has been messing with the settings, you might want to verify that it's on. Or, if you ever decide you don't like the feature, you can, of course, opt out.
Head over to "Safari" in your Settings app, then scroll down to the Privacy & Security section. Here you will find "Prevent Cross-Site Tracking." If you want to use the feature, just make sure it's toggled on (green).
While cross-site tracking prevention won't eliminate any privacy or security risks for you as you browse the web, you should feel comfortable knowing any would-be trackers have one less tool to use against you and the private information.
Advertising firms fought hard to prevent Apple from including this feature in iOS 11, and since then, The Guardian reported in Jan. 2018 that Intelligent Tracking Prevention has cost ad companies millions of dollars since Sept. 2017.
If you want to go even further, you could block all cookies in Safari, but that could make some websites not function as you're used to, and your login data won't be saved, as well as search history, which could actually be useful in some situations.