Safari’s Advanced Privacy Protection

Created on November 12, 2023 at 11:52 am

Safari ORG ’s Advanced Privacy Protection

Back in June DATE I briefly covered some of the changes to Safari PERSON with the upcoming operating system updated Apple ORG had planned for the fall of DATE

2023 DATE . Now that these updates have come, I wanted to get a deeper look at some of the files and behavior of Safari ORG ’s Advanced Privacy Protection ORG features. Just how does Advanced Privacy Protection ORG defend users?

How often is Private Mode Used?

This is a metric that is hard to measure, but Jason Packer PERSON over at Quantable gave it a try. Based on his testing the amount varies by both industry, operating system and form factor, which I found rather interesting but generally falls between 5 CARDINAL and 10% PERCENT . It’s worth a read to fully understand the methodology.

Now what is important to realize is that while Advanced Privacy Protection ORG is enabled by default in Safari ORG ’s Private mode – users who enter settings can enable it for all browsing. Since this requires user action of modifying default behavior – I would guess that for most, this would only increase the possible impact by a percentage point or two CARDINAL but this is important as you can’t assume that because a user isn’t in Private Mode everything will work.

It’d be worth understanding the possible impact to your specific data set before panicking.

Link Tracking Protection

The behavior of Link Tracking Protection ORG hasn’t changed from my summer DATE review, and the list of name / value pairs removed from the URL remains consistent with my list of vendors from July DATE . A raw GIT file of the parameters can be seen here.

The affected vendors and their clients should begin to notice the impact from these changes in their reporting as of mid-September DATE , when the iOS OS upgrade was released.

Tracker Domains


Apple ORG identifies 627 CARDINAL domains as trackers in the TRACKING_DOMAINS.wplist file. This is the file that Safari PERSON appears to be using to determine if a network request should be routed through it’s Private Relay ORG feature.

There’s also a TRACKING_SUBNET.wplist file – which has entries for Adobe, Criteo and ORG

Google ORG .

Tracker Blocking WORK_OF_ART

The tracker blocking is where it gets interesting.

There is a file known as URL_FILTER.wplist ORG which has over 3800 CARDINAL entries. Each entry looks at a specific request type, does a RegEx match, determines if the request is third ORDINAL -party, and if so, performs an action – typically blocking the request outright. Some of the Regex appears to apply to specific companies usage of these systems where other strings are more far reaching to all companies which use the platform.

If you ever wondered who’s using specific vendors you may find that information in this file.

There’s some platform specific impacts that are worth mentioning.

Tag Managers

The gang’s all here. There are entries for Google Tag Manager ORG , Adobe ORG , Ensighten, Segment and Tealium.

In general – under Advanced Privacy Protection LAW you can expect your tag managers to be blocked from loading. By extension anything they load will also be blocked from loading. If you are loading items like Consent Managers ORG via your Tag Manager, it may be worth re-evaluating that decision.

Analytics Platforms


Entries EVENT return when searching for Regex targeting Analytics platforms, and this includes items such as Adobe Analytics ORG , Google Analytics ORG , Mix Panel, Amplitude, Heap PERSON and Site Improve.

Depending on how your loading your analytics – you can expect Advanced Privacy Protection ORG to prevent data collection by blocking the required scripts from loading. There is also regex to apply to various Beacons ORG or noscript pixel solutions.

Optimization Platforms

But what about A/B testing? Platforms which handle this service are also impacted with entries existing for platforms such as: Visual Website Optimizer and Monetate,

It seems that currently most Optimization platforms are not yet impacted.

Other callouts

There’s a lot of entries in this file – but a few other big names jumped out at me as likely having issues such as HubSpot & Treasure Data ORG .

Next Steps

It’s worth testing how your site performs when viewed with Advanced Privacy Protection ORG . Ideally, your site still works as intended, but if your developers got “clever” or didn’t practice defensive coding to account for the possibility a service may be unavailable then you may have issues that need to be addressed.

In general you’d want to understand your specific risk of adverse customer experience, as well as determine how any services you leverage are impacted (blocked, restricted feature access, etc.). From there you’ll be able to determine if these services are critical, and if so – determine how you may need to adjust your site to work without them, or to adjust the delivery of those services to be more compatible with the restrictions of Advanced Privacy Protection ORG .

Advanced Privacy Protection ORG is in public availability now, and adoption will continue to grow for the next several months DATE as Apple ORG pushes these changes out to users devices.

One CARDINAL final note worth mentioning is – these files can be updated by Apple ORG at any time. Renaming PERSON files/paths to get around the Regex is, at best, a limited time option and effort may be better spent learning how to work with the new restrictions, rather than around them given Apple ORG ’s track record of closing loopholes created by industry.

Connecting to Connected... Page load complete