If developers want to avoid this, they’ll now need to support the Storage Access API to make things work like they did before as of this writing, I haven’t seen the pop-ups appear on any site I’ve used. And depending on the implementation, I may not be able to log in at all (my experience with Facebook) or I might need to log in again on every third-party site individually (my experience with Disqus). In Safari 12 on Mojave, if I do the exact same thing, I won’t be logged in on those third-party sites. Because I’ve been to Facebook dot com within the last 24 hours, those cookies are still accessible from third-party sites under the rules of ITP 1.x. If that’s all a bit jargony and hard to follow, here’s a real-world example: in Safari 11 (or Firefox, or Chrome), if I log directly into Facebook or Disqus and then immediately go out to a third-party site with a Facebook- or Disqus based comment system, I’ll automatically be logged in. This purely timing-and-behavior-based tracking prevention was tweaked with the addition of the Storage Access API in ITP 1.1, which allows sites to access their partitioned cookies under specific circumstances even if it happens outside of the original 24-hour window in ITP 1.0 (though cookies are still purged at the 30-day mark if the user hasn’t visited the website that originally generated the cookies). For sites accessed infrequently but at least once in that 30-day window (banking and utility sites, for example), cookies are kept but cordoned off from third-party use, so they can still work on the sites that generated them, but they can’t track your activity otherwise. In ITP 1.0, if Site A and Site B each embed a cookie from a third-party, Site C keeps that cookie from being used on third-party sites unless you’ve been to Site C in the last 24 hours and continually purges all of Site C’s cookies if you haven’t visited Site C at all in the last 30 days. ITP uses on-device machine learning models (as opposed to cloud-synced) to determine which cookies are attempting to track your activity across sites, and it’s designed to stop that from happening without breaking any of the actually legitimate uses of cross-site cookies. On the security side the biggest change is probably Intelligent Tracking Prevention (ITP) 2.0, which builds on the original ITP 1.0 introduced in High Sierra and refined this spring with version 1.1. It dovetails nicely with Mojave’s Automatic Strong Passwords feature. You can’t change them from directly within the browser, but Safari will send you to the site in question so you can change it if you want. The Passwords section of the Safari preferences now flags password reuse for all sites that you’ve saved the passwords for. Password reuse auditingĪside from not using two-factor authentication, reusing passwords is one of the most insecure things you can do-if someone CAN get into one of your accounts, they’re pretty likely to try that same password with any other account you have. Enabling tab favicons makes it easier to see what all of your tabs are at a glance. It doesn’t help that the text in Safari’s tabs is sometimes hard to read, depending on your transparency settings and the color of the site you’re browsing. This may seem like a small thing, but when you’re browsing with tons of tabs open, the text label of each tab shrinks until it’s too small to easily convey what site you’re on. You can even toggle them in iOS from the Safari settings page! Every other browser on earth has kept this feature and left it on by default, but even the option to display favicons without resorting to inconsistently maintained third-party extensions is welcome. The biggest functional change is actually off by default, hidden in the Preferences under Tabs: Apple has finally brought back the ability to display website favicons in browser tabs in Safari. Safari 12 isn’t exclusive to Mojave-it has already been released for Sierra and High Sierra, though only Mojave gets all its new features-but it includes a handful of usability and security features that are as significant as anything else that other first-party macOS apps are getting this year.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |