Background
We are investigating Safari’s Prevent Cross‑Site Tracking feature (part of Intelligent Tracking Prevention / Link Tracking Protection) on iOS and macOS (latest versions).
We fully understand and respect Safari’s privacy objectives and are not requesting any whitelisting or relaxation of protections.
Our goal is to understand how Safari determines when and where query parameter stripping is applied, so we can design a compliant and predictable implementation.
Based on public WebKit and privacy documentation,
it is understood that Safari’s tracking prevention behavior may be influenced by:
Tracker classification sources such as:
DuckDuckGo Tracker Radar
https://github.com/duckduckgo/tracker-radar
EasyList / EasyPrivacy
https://easylist.to/easylist/easyprivacy.txt
WebKit privacy architecture and heuristics, including behavior described in:
WebKit “Private Browsing 2.0” / Link Tracking Protection documentation
https://webkit.org/blog/15697/private-browsing-2-0/
Request for Guidance
To help us align fully with Safari’s privacy model, we respectfully request guidance on:
How Safari determines, at a domain or subdomain level, when to apply query parameter stripping under Prevent Cross‑Site Tracking.
Whether evaluation may be influenced by: Tracker classification sources (e.g., domain reputation or known tracking endpoints) Runtime network behavior (such as cross‑site analytics requests) Subdomain‑specific context or historical behavior
Whether Prevent Cross‑Site Tracking is evaluated: Per navigation event Per domain or subdomain Based on cumulative or runtime signals
Whether Apple recommends specific design patterns or alternatives for handling essential, non‑tracking URL data in a way that is compatible with Safari’s privacy protections.
Our objective is to design a solution that respects Safari’s intent and avoids reliance on fragile or unpredictable URL‑based behavior.
0
0
51