Skip to main content
X

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

Learn How to Manage Cookies in Safari for High Sierra

Safari 11, included with macOS High Sierra, has a number of new features. It’s also one of the fastest browsers, at least when it comes to rendering and running JavaScript. But one feature that’s turning heads in the web-marketing arena is Safari’s new ability to prevent cross-site tracking using ITP (Intelligent Tracking Prevention).

ITP, along with how Safari manages cross-site cookies, can cut down on the ability of web-based ad services to track your movements around the web. It’s this tracking ability that leads to focused ads appearing in many different and unrelated websites. For example, after looking for a new winter coat at your favorite clothier’s web site, you might discover that wherever you go on the web, an ad for winter apparel is present.

While Safari and ITP may put an end to many of the annoying ads that follow you around the web, as well as create a bit more personal security, it may also have a few unintended consequences that may result in a favorite website or two not working correctly, until they receive an update to work with ITP.

You may find you need to revert back to the old way that Safari managed cookies when visiting a few sites, including some sites (banking and financial services come to mind) that use a centralized login system that provides sign-in service for multiple related sites. In that case, there’s a good chance that ITP’s machine learning system will mistake the central sign-in service as an ad tracker, forcing you to sign in repeatedly.

With that in mind, we’re going to take a look at how to manage Safari’s new privacy settings, and how you can enable and disable ITP in Safari.

Cookie Management and Cross-Site Tracking
Safari 11 (and later versions) disables cross-site tracking as its default configuration, so out of the box, you should notice less obviously targeted ads appearing in the websites you visit. To be clear, Safari isn’t stripping out ads from websites; the websites you visit will still display ads; they just won’t be explicitly targeted to you, based on other websites and products you’ve viewed.

(ITP may reduce the number or type of ads you see.)

But, wait; you say you’re seeing targeted ads even though cross-site tracking is enabled? Yup, you may still see targeted ads for one of two reasons: either the web advertisers have implemented new technology to get around ITP, or you’re seeing ads based on a site you routinely access.

ITP uses a 24-hour window that allows for some tracking, mostly in the form of a persistent cookie that can be used to allow you to automatically sign in to a site. But third parties who provide web resources, such as images or ads, to the site can use the same cookie to track the fact that you visited the site. That’s why you may still see some ads tracking you around the web. After 24 hours, the cookie is automatically disabled for tracking functions, but retains its ability to be used for auto sign in to a site.

After 30 days, the ITP system purges the cookie completely, requiring you to manually log in should you return to the site in question.

Because ITP is a new technology involving machine learning, it’s likely that we’ll see updates to Safari that will make some changes in the cookie management system, but when macOS High Sierra is first released, what we described above will be the default ITP behavior.

(The ITP system that prevents cross-site tracking can be turned off from the Privacy section of Safari’s preferences.)

Enable or Disable Intelligent Tracking Prevention
The ITP feature can be turned on or off from the Safari preferences. There are two areas in the Safari preferences that are used to control the ITP and cookie management system.

  • Launch Safari, if it isn’t already open.
  • Select Preferences from the Safari menu.
  • In the Preferences window, choose the Privacy icon from the toolbar.

If you’re coming from an earlier version of Safari, you may notice that the Privacy section of the preferences seems a bit bare. Older versions of Safari had a good deal more options available to handle how cookies were managed and how a website could make use of location information.

(The controls for managing how a website uses location information have been moved to the Websites preferences.)

You can still control how location information is used by a website; the controls have just been moved to a new location under the Websites icon on the toolbar. You can find out more in the Rocket Yard guide: How to Customize Safari Website Preferences in macOS High Sierra.

The old cookie options:

  • Allow from current website only
  • Allow from websites I visit
  • Always allow

Have been replaced with the following ITP options:

  • Prevent cross-site tracking: Placing a check mark here enables the ITP system.
  • Ask websites not to track me: A check mark here will allow Safari to send a request not to be tracked whenever you access a site. Websites are under no obligation to honor a do not track request. How well this works depends on the type of sites you visit.
  • Block all cookies; This is the ultimate solution to tracking based on cookies; placing a checkmark here disables Safari from storing any cookies for any website. It will also likely lead to many websites not working correctly, since cookie technology is such an integrated part of website design.
  • Manage Website Data: When pressed, this button brings up a list of websites that have set cookies and caches in Safari. You can use the list to remove all cookies, or select specific websites from the list and have only their cookies removed.
(You can still remove individual cookies from Safari using the Manage Website Data option.)

Safari 11 and Pop-Up Windows
The last part of the ITP system involves pop-up windows that some websites make use of. Many times pop-ups provide a method for a site to offer additional services or information without site visitors having to leave the currently loaded page. However, they’re also well known as an intrusive means to serve up ads, or in the worst case, generate an excess of pop-up windows in an attempt to affect performance on compromised websites, or to offer malware in various forms.

The use of pop-up windows can be controlled from Safari’s Preferences by selecting the Security icon in the preferences toolbar.

Block pop-up windows: Placing a checkmark here will enable Safari to attempt to block pop-up windows automatically generated by a website. Pop-ups that are the direct result of user actions will likely still be displayed. Some sites won’t work correctly if pop-ups are blocked.

(You may need to disable Safari’s pop-up blocker to ensure that a favorite website works correctly.)

Cookies and ITP Wrap-up
Apple’s newest venture into web privacy and security has a few holes, and it will be interesting to see how Apple responds to any issues that may develop.

The chief issue is the 24-hour window in which cookies and third-party tracking remains in effect. Should you continue to visit a popular website every day, that 24-hour window will keep getting reset, allowing any third-party trackers that are used by that website to continue to monitor your behavior on the web.

That means some of the biggest ad-based companies, including Google and Facebook, will likely be able to continue to generate targeted ads, since many people visit these sites every day.

Along with the 24-hour exposure, there’s also the likelihood that some websites will no longer work as intended, and the possibility that web developers won’t be willing to put the time into modifying their sites to work with Safari.

Here’s hoping we won’t be returning to a time when having multiple browsers was a requirement to ensure we could interact with all websites.

Even with the possible issues, I’ll be glad to see a reduction in the ability of third parties to track my behavior on the web. And with any luck, I’ll have new ads showing up every day, instead of the same reptile hawking insurance at me everywhere I go.

Tom Nelson
the authorTom Nelson
Writer
Tom has been an enthusiastic Mac user since the Mac Plus. He’s also been known to dabble in the dark side, otherwise known as Windows, and has a well-deserved reputation for being able to explain almost anything to anybody. Tom’s background includes more than 30 years as an engineer, programmer, network manager, software tester, software reviewer, database designer, and computer network and systems designer. His online experience includes working as a sysop, forum leader, writer, and software library manager.
Be Sociable, Share This Post!

Leave a Reply

11 Comments

  • need to be able to choose the time instead of a fixed 24 hrs. For every site, if desired.

  • Yes, thank you Tom.

    Once more, Apple supplies a “solution” that is not a solution, but rather makes the problem potentially worse. Firefox, ad-blockers, and TOR are the answer.

    For those who don’t know: There is no right to privacy except within your own home. When you leave your home, physically or electronically, any expectation of privacy vanishes, at least in the U.S.

  • So the only setting for how to deal with cookies is now “Block all” or “allow all” (by virtue of unchecking the checkbox)? Is there no choice to “allow from websites I visit”? That’s the setting I currently use since I don’t necessarily object to cookies from sites that I explicity visit.

  • When??????? will this behavior be defined as MALWARE ????
    Making your system do something you do not want it to do that takes time and process is the definition of Malware.
    Instead it is called an “Ad”.
    The number one path for harmful code is advertising.
    Hmmmm.
    QUOTE… web advertisers have implemented new technology to get around ITP… END QUOTE.
    That IS malicious intent.

  • The Manage Website Data for removing cookies is useless. I can remove cookies ad nauseum and they keep popping back up — what the story?

  • Despite having all cookies blocked I have three cookies that are very persistent. One of them is Ikea.
    On the other hand the shortcuts to my favourite TV show sometimes do not work and I have to restart to get to the site. All in all changing to High Sierra wasn’t so great for me. The on/off cookie choice makes the cookie control non-existent while banking. Hopefully Apple will remove all these. I regret to changing to High Sierra so early. With my settings in previous OS somehow I managed to avoid adverts. For everybody who still has a choice I would recommend to wait and see with High Sierra.

  • This is why I use Firefox for 95% of my browsing. I deleted cookies at least daily and also run Ghostery in the back round. I do not use Flash Player and have found it is almost never needed. I have very few issues with ads and zero issues with sites following me. A dedicated browser for surfing with a good ad blocker is the only way to go. When I pause my ad blocker it sometimes takes 20seconds for all the cookies to load before the website functions. I save Safari for personal stuff.

  • This is why I use Firefox for 95% of my browsing. I deleted cookies at least daily and also run Ghostery in the back round. I do not use Flash Player and have found it is almost never needed. I have very few issues with ads and zero issues with sites following me. A dedicated browser for surfing with a good ad blocker is the only way to go. When I pause my ad blocker it sometimes takes 20seconds for all the cookies to load before the website functions. I save Safari for personal stuff.