Posted on August 16, 2019 at 6:42 AM
WebKit Will Put Privacy At the Same Level as Security Thanks to Renewed Anti-Tracking Policy
As the world evolves and people’s need for privacy are acknowledge and attended, WebKit has recently made a positive announcement: the open source engine known for powering staple names regarding web browsers – including Safari – unveiled that it will implement a new tracking prevention policy.
The policy aims to prevent tracking and will be extremely strict when it comes to background and cross-site tracking habits, technologies and practices used to snoop on people’s traffic when they go to the web.
Trackers: Privacy’s Worst Enemy
Web browsers and engines implement what is known as trackers. They are invisible to the average netizen, but these technologies are designed to see what the user visits online and what he does there. Trackers are originally designed with advertising purposes, but there is much more to them.
Trackers can have an impact on the person’s web experience, including the products, goods, and services showed as well as the prices. However, they often serve as tools that help hackers inject more than attach to the person’s system. Usually, cybercriminals take advantage of them to spread malware.
We are currently living in the era of information: having specific data about users is extremely valuable because it usually leads to profit, and often, it is not obtained legally. Hackers can engage in pixels tracking, device fingerprinting, and also navigation tracking, just to name a couple of methods.
Privacy is not what it used to be: it is much more valuable now, and that is why each day, there are more and more agents looking to take advantage of every exploit or vulnerability. However, WebKit is, basically, putting a halt to that.
However, the institution is also stating that it will treat any privacy breach attempt, or any agent trying to get around its policy, as a malicious hacking attack, and it will develop privacy patches and other technical resources and measures to stay on course with its main objective, which is to avoid tracking.
The organization itself went a little further and explained itself in a statement. It says that it will do its best to prevent tracking in all of its forms, including cross-site tracking and other known and unknown practices and techniques.
Further Expanding the Policy
Speaking about the last sentence, WebKit observed that in the event of discovering a new, or unknown, tracking technique, they would expand their policy to include it and they will further implement actions to avoid them.
Regarding patches, WebKit stated that it will review them in accordance with the recently announced policy, putting them in context with new and existing web standards. The organization also informed the community that it will come up with new technologies to activate particular harmless practices without needing to reintroduce any tracking capability.
WebKit also talked about possible circumventions to its policy. It said that they will treat any attempt to avoid or dodge the anti-tracking measures with the same seriousness and aplomb as they were dealing with a security vulnerability. It even clarified that if an entity tries to circumvent the tracking prevention methods, additional restrictions will apply, and with no previous notice.
In the event in which WebKit can’t fully prevent a specific tracking technique or measure from causing some functions of the page to work differently, it will limit the time window for tracking and reduce the available bits of entropy.
Mozilla Was an Inspiration
Per WebKit, Mozilla’s top anti-tracking policy was an inspiration at the moment of defining its approach towards privacy and tracking management. The fact that privacy is beginning to receive a similar treatment as security at the browser level is ground-breaking, according to Dr. Lukasz Olejnik, who is a research associate at the Center for Technology and Global Affairs Oxford University.
He says that the renewed focus in privacy sends a serious message of warning not only to potentially dangerous entities but also, to the average user.