Editor’s note: This article is from the micro-channel public number “InfoQ” (ID: infoqchina), Author: Ash, 36 krypton authorized release.The Apple WebKit blog shares the latest advances in Intelligent Tracking Prevention Technology (ITP): completely block third-party cookies, clear local storage in seven days, and simplify developer work.But some developers sang the anti-consideration, feeling that Apple just talked about it, but it was actually for business reasons.Why?Apple completely bans third-party cookies On March 24th, the Apple WebKit blog published an article entitled “Full Third-Party Cookie Blocking and More”, officially announcing that it started to completely block third-party cookies by default.Apple said, “This is a major improvement in privacy because it eliminates any anomalies or allows for a little cross-site tracking.” This update covers Safari 13.1 on iOS, iPad OS 13.4, and macOS.The technology for Intelligent Tracking Prevention (ITP) was first released in 2017, from the ban on most third-party cookies at that time to the complete ban on third-party cookies today.It is understood that Safari is the first mainstream browser on the market to completely ban third-party cookies by default. Except for Safari, only the Tor browser is the default setting, which has a small market share.Coincidentally, Chrome, the absolute dominant player in the browser market, also announced in January this year that third-party cookies will be phased out in the next 2 years.In February, the top 10 browser models in the global browser market, Apple said it would share relevant experiences with the W3C’s privacy group to help other browsers make a leap.What are the benefits of complete shielding?WebKit shares the benefits of completely blocking third-party cookies in a blog, specifically in the following areas.Eliminates statefulness in cookie blocking; makes cross-site disclosure of user information (such as login fingerprints) no longer feasible; disables cross-site forgery attacks on websites through third-party requests; and removes the ability to identify users using assisted third-party domainsOtherwise, even if the user deletes the first-party website data, such settings may retain the ID; it simplifies the developer ’s work. If cookies are needed, Apple recommends using the Storage Access API.Given that most third-party scripts have been moved to a first-party storage method similar to LocalStorage, Apple also announced that all script-writable storage is retained for only 7 days, and data stored locally after 7 days will be automatically deleted.Affected storage formats include Indexed DB, LocalStorage, Media keys, SessionStorage, and Service Worker registrations.Developers can address the inconveniences of this protocol during the transition period based on OAuth 2.0 authorization, Storage Access APIs, or temporary compatibility fixes.Apple’s blog post states that global browser status has become a key part of the privacy protection of the Web community.Since the EU ’s strictest data protection regulation, the GDPR, came into effect in 2018, major manufacturers have swallowed huge fines under the hammer of privacy protection: Google was fined 50 million euros, and large companies such as British Airways and Marriott also suffered dataThe breach was fined at the level of tens of millions.Third-party cookies have become the hardest hit area for data leakage due to their characteristics of collecting large amounts of user information over time.Experts said, “Before the advent of HTML5 local storage-related technologies, cookies were the only way to save user data on the client, but cookies themselves had many problems, such as size restrictions, plain text storage, etc. However, the biggest problem was security.Many security vulnerabilities stem from the theft of cookies.”After the” GDPR “came into effect, many websites began to add cookie notifications, but this did not have a good effect on privacy protection. Therefore, companies such as Apple and Google began to ban third-party cookies from the source to solve this problem. FromDifferent voices of developers A developer named Aral Balkan wrote an article on his blog titled “Apple just killed Offline Web Apps while purporting to protect your privacy: why that’s A Bad Thing and whyyou should care “. The radical point of view can be seen from the title, and the content is actually the same. In his opinion, it is only beautiful to completely block third-party cookies to protect privacy, and clear the local storage in 7 daysThe rules completely prevent any future decentralized application from using the browser (client) as a trusted replication node in the peer-to-peer network. Furthermore, he believes that Apple appears to be concerned about privacy on the surface, in fact becauseMany vendors’ practices violate the core purpose of privacy as a business model. “You can almostAs they will be doing something with the App Store.Although Balkan’s views are radical, they are not completely unreasonable. In fact, this is the place where Apple has been criticized for a long time. Before that, developers on Hacker News had extensively discussed Apple’s Web technology on its platform.Layers of obstacles. The software technology behind the programming language used to build the app allows developers to “reuse” the code they write for web applications when developing products that support operating systems such as Linux, Android, Windows, and macOS. ButApple doesn’t like this kind of web technology recycling. It wants the Mac App Store to be full of applications you can’t find anywhere else. It doesn’t want to flood the App Store with applications that can be seen on all platforms.For example, Apple ’s Mac App Store ban on Electron: these applications “try to hide the use of private APIs.” Apple ’s reason is that these private APIs are potentially risky, and this reason is not a problem in itself, but considering that Electron has beenThe use of privatized APIs has nothing to do with, and has even significantly improved power consumption, as well as tools recommended by AppleThe fact that the user experience has deteriorated has to be thought-provoking. Apple also hinders the implementation of progressive web applications (PWAs), a technology that, like Electron, allows developers to build native applications for desktop and mobileApple’s approach is to implement only a part of the standard, and as a result it is far from the full standard, making it difficult for developers to rely on. If users can launch PWA applications in Chrome or Firefox, these problems will not occur, but iPhone and iPadUsers cannot install third-party browsers, and Apple Corporation has closed the way for users to use PWA-based technology. In China, applets and Apple ’s love and hatred are more known to developers, so I wo n’t repeat them here. Reference:Applet: Attempt to jailbreak. As far as things are concerned, Apple’s move is commendable. But can disabling third-party cookies protect user privacy? Not necessarily. Some people say that the Internet is becoming insecure because of people who are safeComing out. This statement is sincere to me.
Apple completely blocks third-party cookies and clears local storage in seven days
36 氪 starterAutopilotBlack technologycapital marketcareducationEntrepreneurshipForefrontFrontlinegameGo publicInformationInternet of ThingsinvestmentNet red economyNew businessNew economyOccupationreal estatestockTechnologyTelematicsthe Internetunmanned