I am looking into using webapps on Safari on iOS in place of native apps where possible (Spotify for example).
This got me thinking about how Safari isolates websites or webapps and their associated cookies and data from another (in general, and as it applies to webapps/PWAs).
Firefox built “Total Cookie Protection” which essentially compartmentalizes each site and it’s data from the others. There are also Firefox ‘containers’ which extends this isolation even further.
Brave has a related featured called Ephemeral Storage
Does Safari have comparable protections? If so what is the feature called, where can we read more?
Yes, Safari has cross-site protections, as well as cross-tab in Private Browsing mode. This should answer your questions.
this should answer your question
It is useful information but it doesn’t address my question directly. I believe that the linked page is speaking specifically about private browsing mode only.
It is good to know this exists in private browsing mode, but I am interested in protections that apply in the non-private browsing as well. Both Total Cookie Protection and Ephemeral Storage can be applied to the normal browsing mode.
Yes, This is called prevent Intelligent Tracking Prevention (ITP). ITP uses on-device machine learning to block cross-site tracking, while still allowing websites to function normally.
Safari White Paper (2019)
ITP works by learning which domains are used to track a user and then immediately isolating and purging the tracking data that they attempt to store on the user’s device. The process
of learning about domains uses machine learning and happens on device, so
it doesn’t share the user’s browsing history information with Apple. This on- device approach applies the same high standard to every website that is visited. And because ITP is turned on by default, there is no need to change anything in Settings or Safari preferences to receive tracking protection.
Brave even credits Safari for this feature.
In many ways, our “ephemeral site storage” proposal is most similar to how Safari manages third-party storage. Safari deserves enormous credit for popularizing partitioning third-party storage as a defense against third-party tracking.
@root is talking about ephemeral tabs, it is similar to containers in firefox. Each tab is completely isolated from each other in private browsing mode.
When in Private Browsing mode, browsing initiated in one tab is isolated from browsing initiated in other tabs, so websites can’t track browsing across multiple sessions.
In the context of web apps, each web app is completely isolated from each other and from Safari.