Safari now blocks all third-party cookies by default

It's the first mainstream web browser to take this step.

Apple's latest flurry of software updates included an important step forward for web privacy. The latest version of Safari for iOS, iPadOS and macOS now blocks all third-party cookies by default -- it's the first mainstream browser to do so, the WebKit team's John Wilander said. The Tor Browser is the only known browser to do so before Safari, while Brave's browser still has a few (if minor) exceptions.

The move should make life more difficult for aggressive advertisers and attackers alike. It should prevent sites from using login fingerprinting or even the state of your anti-tracking prevention to watch your behavior. It should also thwart cross-site request forgery attacks, and prevents the use of auxiliary third-party domains to identify users.

The updated Safari also limits storage for a website's scripts to one week, and includes counters to sites that try to avoid tracking detection by delaying their redirects.

Apple won't be alone in the future. Google aims to achieve the same for Chrome by 2022, as an example. The WebKit team also plans to report the results of this change to the World Wide Web Consortium to give other browser developers some assistance. And yes, you can frequently enable this kind of tracking after the fact. It's still a milestone, though, and could easily force ad creators and site operators to rethink attempts to collect tracking data.