Deciding which browser you’ll use has a big impact on your privacy. That’s because every web site (or page) you visit loads code, ads, and other components that are constantly tracking and collecting your data for the site itself, social media companies, advertisers, marketing companies, and analytic companies.
This tracking often follows you around as you jump from site to site and page to page so that by the end of your browsing session, you could have hundreds or even thousands different trackers tied to you from the various sites you visited.
Your browser, however, can reduce, limit, and outright stop much of this tracking, bringing privacy and efficiency benefits (the fewer trackers and ads that load on the site, the faster it is). But not all browsers protect your privacy with the same intensity or efficiency. Some even collect data for their own purposes. And all of them have settings that may not be optimized for privacy by default.
In this article, we’ll consider how well Safari (from Apple) performs in terms of delivering privacy protections and options.
Apple has been pushing privacy and made it a significant part of their marketing and value proposition. So we aren’t surprised to find that Safari is keeping its users’ data and privacy safe while continuing to make significant privacy improvements over the years.
When assessing browsers, we place a value on what they offer users at a default level. Sure, browsers may provide the option to supercharge a users’ privacy, but if the large majority of their users never take the option, it might as well not exist.
We’ll start by covering the default features and settings and mention any additional options you can turn on or have access to.
What it collects
As a browser, Safari makes an effort to collect a minimal amount of data and anonymize or aggregate it whenever possible (as explained in their white paper here.) For example, analytics data collected by Safari is done in a way that preserves users’ privacy while still allowing Apple to gain insights from it.
However, Safari does send other kinds of data to Apple (as explained here). This applies most when users use Safari Suggestions. The data includes search queries, selected Suggestions, usage data, music or video subscriptions services you have access to, and location data when you make a search query (this applies if you have Location Services turned on). Apple maintains that this information is collected only to improve Safari Suggestions functionality – there’s no mention of sharing or selling that data to advertisers.
Intelligent Tracking Prevention (ITP)
ITP is Safari’s core privacy feature. It uses machine learning to block tracking as you browse the internet. The feature processes data on the device itself so your browsing history isn’t sent to Apple. It’s not a completely comprehensive feature, however. While it does block third-party party cookies and other forms of tracking, it won’t block all advertisements and may allow some amount of tracking in order to keep the website you’re on from breaking or misbehaving.
With Safari’s upcoming iOS14, ITP will build in additional tracking with help from DuckDuckGo to identify even more trackers and will provide a real-time tracking report of the webpages you visit.
Permissions give you more control
Safari also blocks certain elements and asks you for permission before giving websites access to parts of your browser, giving you more control over what web pages can and can’t do on Safari. This includes camera, location, and microphone access as well as embedded social elements.
For example, a Facebook like, share, or comment element on a webpage will track visitors whether or not they click on the element, are logged into Facebook, or even have a Facebook account. This tracking persists even after you leave the page—it’s one of the ways social media is able to collect so much information about you. Safari blocks this tracking by default and will ask your permission to let the element track you if you interact with the element.
Searching is more private
When you make a search query on Google, the search engine will collect a lot of information from your browser like associated cookies, location, and more. If you use Safari’s Smart Search field, the information that’s passed along to search engines is limited—location data and cookies are not shared with the search engine. However, Safari Suggestions is turned on by default and is part of Safari’s Smart Search, meaning some data will be passed along to Apple. However, you can turn off Safari Suggestions and still use Smart Search.
Safari also gives you the option to switch your default browser to DuckDuckGo, a Google alternative that collects much less information from you.
Fingerprinting refers to a method of tracking that sites and companies use to take various pieces of information from your browser and device to create a “fingerprint” of you – a collection of data points that, taken together, is identifiable and can be used to follow you around.
To combat this, Safari presents more generic system information and doesn’t share tracking headers or web identifiers, making it more difficult for companies to identify you specifically and making devices look like other ones.
A lot of online tracking is facilitated by the advertising industry—advertisers want to know what ads are effective and that’s often measured by tracking that looks at a multitude of data points. With time, the attempts to measure ad performance have become more and more invasive, unnecessarily so.
In order to preserve users’ privacy while still allowing advertisers to measure the effectiveness of their ads, Safari employs the Private Click Measurement, a way of measuring ad campaigns without enabling cross-site tracking. Neither Apple, the advertiser, or an involved merchant sees ads or resulting purchases (the data is kept on the browser)—only the site sees that data. This keeps ad performance measurement from drilling down to the user-level and tracking them as they jump from site to site.
The World Wide Web Consortium, in describing Privacy Click Measurement, says they “believe these restrictions avoid general cross-site tracking while still providing useful ad click attribution at web scale.” However, as advertisers adapt, there may be ways they can still track users on the internet in a way that circumvents Safari’s abilities.
Many browsers offer Private or Incognito Modes with the promise of more private browsing. However, in some cases, the privacy is only extended to the browser itself and does little to make your browsing more private in the eyes of sites and traditional tracking methods.
Safari’s private browsing doesn’t add much – no data is kept on browsers so there’s no history of it and the only additional privacy benefit outside of the browser is that windows on each tab are treated separately. This means sites can’t see what you’re doing on other tabs, something that is possible if you’re not in private browsing mode.
Additional Features and Integrations
When it comes to customizing Safari there are settings, integrations, and extensions. The settings are sparse, including only the ability to disable Cross Site Tracking (recommended) and Block All Cookies (not recommended). There are, however, a number of integrations that add to your overall privacy and security.
Apple Pay Integration
Safari automatically detects when you can use Apple Pay to complete an online transaction. Apple Pay has several security and privacy features. One of the most important is how they prevent your credit card details from being shared with the merchant or the website, making online payments much more secure.
Safari also integrates with iCloud Keychain, Apple’s password manager that can help store passwords (as well as other sensitive information like log-in details and credit card numbers) and allow you to autofill login and payment fields with the respective information. The information is end-to-end encrypted so Apple can’t see what information you’re storing.
However, we should note that this isn’t a fully-featured password manager. While it’s convenient, there are much better third-party options available, like Dashlane or 1Password.
Sign in with Apple
Sign in with Apple is a feature Apple recently released that allows you to use an alternative email whenever signing up for a service, newsletter, app, or website. If you use the feature, Apple uses an anonymized email that is forwarded to your existing Apple ID email address so you can still receive important emails without having to give your personal email address.
Safari supports Sign in with Apple on certain websites but it’s not a feature that’s widely available for all sites via Safari.
Autofill 2FA Codes
If you’ve enabled 2FA on your account, Safari can autofill any 2FA codes sent to your iPhone, making it even easier to log-in while still keeping your accounts secure. Just set up text message forwarding to your MacOS device and Safari will detect any 2FA code sent to your phone and ask you if you want to enter it into the site you’re logging on. You just click to confirm and you’re logged in.
Extensions We Like
Extensions and plug-ins expand browsers’ capabilities and, for the purposes of our discussion, shore up gaps in Safari’s privacy offerings. These are available in the MacOS app store and you can search for them directly by going to Safari > Extensions in the dropdown menu. To start off, we recommend using tracker blockers like:
- DuckDuckGo’s Privacy Essentials
- Better Blocker
- Magic Lasso
- Ghostery Lite
These extensions will provide more comprehensive blocking while giving you more control over what you want blocked and whether you want to turn off blocking for any sites that are giving you trouble.
If you like the Keychain feature, we’d also recommend 1Password or Dashlane, dedicated password managers that sync with your mobile, desktop, and browsers to create, store, and autofill passwords for you. To learn more about password managers, check out our article here or our overviews on 1Password and Dashlane.
We think Safari is a solid choice for users desiring Basic Privacy (see our post covering privacy levels). Safari does a lot to preserve your privacy as you browse online. Integrations with iCloud Keychain, ApplePay, TouchID, Autofill iMessage Security Code are helpful additions and overall contribute to a more private life online. We would, however, recommend getting a Tracker Blocker (named Content Blocker in Safari settings) like DuckDuckGo or one of the others to extend the default tracker blocking.
For users who want or need more privacy—specifically our ‘Strong Privacy’ or ‘Maximum privacy’ levels—we recommend installing Brave or FireFox and using that for most or all of your browsing needs. Those browsers have implemented more fundamental privacy protections into their design, and support more privacy-protecting optional settings and extensions.
Overall, we’re impressed with Safari as a user and privacy-friendly option and as Apple continues to deliver on its brand promise to provide users with more privacy, we may see even more features roll out in iOS 14 that make Safari an even more attractive choice.
More Than One Answer
It’s worth mentioning that many people use more than one browser, sometimes for different purposes. Even when we use Brave as our core browser, we find ourselves using Safari for its broader compatibility, comfortable that, on sites we trust (or need to run), Safari has solid built-in protection even when we need to quickly disable extensions and to ensure there are no compatibility issues. You don’t need to stick with just one browser and you’ll find that certain browsers work better, depending on what you need at the moment.