I want to use Safari, but sometimes it frustrates the hell out of me, and in some ways it's vastly inferior to Chrome and Firefox. One of my biggest pet peeves is Safari "Intelligent Tracking Prevention" (ITP). This feature is enabled by default and called "Prevent cross-site tracking" in Safari Privacy Settings. Of course I want to prevent cross-site tracking, but the way that Safari implements it leaves a lot to be desired, especially compared to Chrome and Firefox, both of which allow you to set per-website cookies and storage settings. For some strange reason, Safari Website Settings doesn't include cookies and storage (or JavaScript, for that matter).
Apple's WebKit project, the web browser engine underlying Safari, has published documentation of the policies of ITP in Safari. There are two specific policies that I'll highlight here. First:
7-Day Cap on All Script-Writeable Storage
Trackers executing script in the first-party context often make use of first-party storage to save and recall cross-site tracking information. Therefore, ITP deletes all cookies created in JavaScript and all other script-writeable storage after 7 days of no user interaction with the website. The latter storage forms are:
- IndexedDB
- LocalStorage
- Media keys
- SessionStorage
- Service Worker registrations and cache
I've written about the 7-day cap before. When I still used Twitter and was logged into Twitter on many of my various Apple devices, Safari ITP automatically deleted Twitter's IndexedDB storage after 7 days, which caused my Twitter timeline to switch from reverse chronological to "the algorithm", which I never wanted.
You can temporarily "Disable Removal of Non-Cookie Data After 7 Days of No User Interaction (ITP)" in the "Experimental Features" submenu of Safari's "Develop" menu, but unfortunately your Experimental Features get reset after Safari software updates, so there's no permanent solution except for disabling ITP entirely.
Today I was hit (yet again) by another ITP policy:
Action Taken Against Classified Domains
All website data is deleted for classified domains which have not received user interaction as first-party or been granted storage access as third party through the Storage Access API (see below) in the last 30 days of browser use. Such website deletion happens at an interval so as to not cause too much disk I/O.
This is what "classified" means to ITP:
Classification as Having Cross-Site Tracking Capabilities
Beyond across-the-board blocking of third-party cookies and downgrades of third-party referrers, ITP collects statistics on resource loads and matches it with known patterns of cross-site tracking. If a registrable domain matches at least one such pattern, it is classified as having cross-site tracking capabilities.
The domain in this case was a Mastodon instance, so I'm not sure why it was "classified" by ITP. I was able to determine that ITP was the culprit in deleting my website data by checking my backups and looking inside Safari's "container" (this may require giving Full Disk Access to Terminal app:
% sqlite3 ~/Library/Containers/com.apple.Safari/Data/Library/WebKit/WebsiteData/ResourceLoadStatistics/observations.db .dump The file is a SQLite database, which is essentially a table with columns and rows.
CREATE TABLE ObservedDomains (domainID INTEGER PRIMARY KEY, registrableDomain TEXT NOT NULL UNIQUE ON CONFLICT FAIL, lastSeen REAL NOT NULL, hadUserInteraction INTEGER NOT NULL, mostRecentUserInteractionTime REAL NOT NULL, grandfathered INTEGER NOT NULL, isPrevalent INTEGER NOT NULL, isVeryPrevalent INTEGER NOT NULL, dataRecordsRemoved INTEGER NOT NULL,timesAccessedAsFirstPartyDueToUserInteraction INTEGER NOT NULL, timesAccessedAsFirstPartyDueToStorageAccessAPI INTEGER NOT NULL,isScheduledForAllButCookieDataRemoval INTEGER NOT NULL, mostRecentWebPushInteractionTime REAL NOT NULL);Here's an example row:
INSERT INTO ObservedDomains VALUES(504, 'twitter.com', 1692130495.0, 1, 1692130496.3106480911, 0, 0, 0, 15, 0, 0, 0, 0.0);You can see that the registrableDomain is twitter.com, lastSeen is 1692130495.0, hadUserInteraction is 1, which means yes, and mostRecentUserInteractionTime is 1692130496.3106480911. The time values are Unix timestamps, which you can translate into dates with the date command (after rounding to the nearest second):
% date -r 1692130495
Tue Aug 15 15:14:55 CDT 2023
% date -r 1692130496
Tue Aug 15 15:14:56 CDT 2023
I'm logged in permanently to a number of different websites that I use only occasionally, which makes ITP's 30-day policy quite problematic for me. When Safari deletes all storage data for a site, you are thereby logged out of the site and need to login again. If Two-Factor Authentication (2FA) is involved, this is egregious, because you have to jump through extra hoops every time you need to login again with 2FA.
Checking the Unix timestamps from yesterday's backup of this Mac, I found that I last interacted with the aforementioned Mastodon instance in Safari on July 31. In other words, 30 days ago! And today the website data for that domain is gone, whereas it still exists in yesterday's backup. I rest my case. Guilty as charged. Throw the book at ITP. I call for the death penalty: kill this policy!
As far as I'm aware, there's not even a temporary Safari experimental feature to disable the 30-day deletion policy. And it's not really a viable solution to disable ITP entirely in Safari Settings, because then you lose all of the benefits of ITP, including third-party cookie blocking.
The intentions here may have been good, to prevent cross-site tracking, but the road to Hell (to Google Chrome?) is paved with good intentions. Safari is a nice web browser in many ways, but if users get frustrated with it, if their websites don't work, or if they keep getting logged out of their websites for no good reason, then they'll just switch to another web browser in which things Just Work™, and then Safari's privacy protections end up futile and useless. I urge, even beg Apple to refine or eliminate the unintelligent, self-defeating policies of Intelligent Tracking Protection, for Safari's own good, and the good of Apple customers.
If any Safari/WebKit engineers are reading this, it appears that ITP flagged my Mastodon instance domain as isPrevalent (but not isVeryPrevalent) in the resource load statistics observations database. I have no idea why. Anyway, it looks like that may have been the trigger for ITP to delete the IndexedDB—at 14 days, though, rather than 7 days?—and then the cookies at 30 days.