Achieving Great Privacy with Safari
68 comments
·March 23, 2025jeff_tyrrill
Two little-appreciated privacy features in Safari not mentioned in the article:
Each private browsing tab has its own cookie / data bucket[1]; and
Private browsing tabs and windows are preserved across restarts. (This is optional and can be configured to forget them upon restart.)
These make it practical to use private browsing for nearly all browsing, which isn't really the case in other browsers, where private browsing is clearly designed as an occasional-use thing. (And of course if you use private browsing for most things, you can still open regular windows for sites where you want to stay logged in.)
[1] If a link or script in a tab opens a new tab or window, then they share the same cookie bucket. This preserves compatibility with sites that require such a flow.
b5
Private browsing tabs and windows are preserved across restarts. (This is optional and can be configured to forget them upon restart.)
I am totally stumped – how do you enable this on the Mac? I can’t find the option at all, and Google is no help.
jeff_tyrrill
In Settings, on the General tab, for "Safari opens with", select either "All windows from last session" or "All non-private windows from last session".
gjsman-1000
Not only that, but every private tab has its own proxy connection. You can see this if you turn off the iCloud Relay’s default setting of trying to find servers near your area - one tab will be in Texas, another in Tennessee.
1oooqooq
> each private tab is isolated
google relations with Firefox always prevented this.
they explained to users that having 4 containers was good enough and screwed up every step of the ui implementation.
botanical
If I'm not mistaken, all Firefox tabs are cookie isolated:
https://support.mozilla.org/en-US/kb/introducing-total-cooki...
Containers are no longer necessary unless you're logging into the same site with multiple accounts.
jeff_tyrrill
They're isolated by website but the tabs are not isolated from each other, like in Safari (in private browsing).
This distinction matters, if you primarily use private browsing, and have lots of tabs open from a site (say, Wikipedia, or Reddit, or pick a social networking service you don't want to track you by cookie[1]) - that particular website will know all the different tabs are from the same user potentially over a long stretch of time if at least one of those tabs remains open.
[1] Ad networks also track by IP address, so you need to take measures there too.
freeone3000
I think the author might be misunderstanding the fingerprint test — having a unique fingerprint is bad, as it allows tracking of you by fingerprinting, without the need for cookies.
lapcat
> having a unique fingerprint is bad, as it allows tracking of you by fingerprinting, without the need for cookies.
Correct.
FWIW (disclaimer: I'm the developer of StopTheMadness Pro, mentioned in the article) I just ran two tests in Mac Safari, with StopTheMadness Pro enabled and disabled, and the results were exactly the same each time: "at least 18.06 bits of identifying information". Alas, that's a unique fingerprint, but apparently my extension doesn't make anything worse. If you look at the detailed results, the identifiers are things like User-Agent, screen size, time zone, and language.
cassianoleal
Thank you for the extension. I’ve been a Pro user for quite a while now. I wish it existed for Linux as well, as I really miss it when I’m not on the Mac.
One relatively small complaint if you don’t mind me hijacking this thread. The update process could be a lot better! Especially on Firefox. I’m used to it now, so it’s become just a bit of an annoyance but the first few times were tense moments, and especially panic inducing a couple times when I was pressed for time and couldn’t use the browser before updating the extension.
In any case, it’s an awesome extension and I recommend it to others frequently!
saagarjha
I don't really trust the EFF site. I'm not trying to be an annoying contrarian but as far as I can tell it always reports a unique result and nobody has explained to me yet why a freshly set up iPhone should look unique to them. Everyone talks about canvas fingerprinting or whatever but I mean it is literally the same GPU and screen size and font stack and colorspace as a million other iPhones. What are they getting? My time zone, maybe? IP? What do I actually do to reduce the number of bits?
uni_baconcat
https://amiunique.org/ provides more detailed information about fingerprinting.
selykg
StopTheMadness is my favorite extension. So awesome thanks for making it!
Etheryte
That's the same amount of bits I got with every browser I tried (Safari, Chrome, Firefox). Not sure what the takeaway is, but at least for me, all browsers seem to leak roughly the same amount.
drcongo
I got exactly 18.06 too, seems fishy.
(also, thanks for StopTheMadness Pro!)
autoexec
> having a unique fingerprint is bad, as it allows tracking of you by fingerprinting, without the need for cookies.
Having a unique fingerprint is ideal, as long as it's unique every time. It's insane to think that you can successfully account for every data point that can be collected from a browser. Fingerprinting techniques are changed and new methods are being discovered even while browsers themselves keep adding new features that can be used (or abused) to identify people.
Rather than praying that you (and some fingerprinting website) are 100% aware of every single technique that's ever been used anywhere and that nothing new will be discovered giving trackers even just a single unique data point which is all they need to tell you apart from everyone else, it's a lot safer to appear to be someone new with every request.
snackernews
Yes, a unique fingerprint allows tracking. But which sites that most of us visit, without logging in, actually have and use that capability to build a unique profile?
I assume ad networks and analytics are the main ones actually fingerprinting based on client-side factors. I could be totally wrong.
Any reasonable adblocker that prevents requests to those services probably neuters 99% of any fingerprinting capability that anyone is going to encounter day to day.
eddyg
https://fingerprint.com/ seems to provide a very resilient way to identify repeat visitors
rafram
Yup. I use a more generic setup (just AdGuard and Hush) and have a less unique fingerprint. At some point, adding more “privacy” extensions will just make you stand out more with very little tangible benefit.
ezfe
Unless it’s been edited, it acknowledges that.
matanabudy
Yep I have edited it because of this comment :) https://news.ycombinator.com/item?id=43454038
null
charcircuit
The uniqueness if the fingerprint doesn't matter nearly as much as whether the fingerprint is stable or if it is constantly changing.
adamtaylor_13
Okay, I came here to ask that. I figured it’s better if my browser appears like 200k other ones; not being unique is the goal in my mind.
matanabudy
Hi! I'm the author, I have indeed misunderstood that (and updated the post text to reflect that better, thanks!), but also - can someone really avoid having a unique fingerprint? Or randomizing it is the only way to go? (Referencing something along the lines of this: https://www.reddit.com/r/browsers/comments/17mp39r/does_it_m...).
friedtofu
This would be a good read for you - https://tb-manual.torproject.org/anti-fingerprinting/. There's also Linux distributions like my current daily driver - https://wiki.cachyos.org/support/faq/#rfp-resist-fingerprint... that implement their own forks of Firefox and may add additional sandboxing like bubblewrap or firejail on top of it.
That being said I was a lifelong Windows user up until 5-6 years ago, and while everyone else in my family uses apple devices I was never interested in using one(since I like building my own PCs :p)
havaloc
Safari is too good in this regard, it deletes first party cookies after 7 days, so any site you haven't used in a week it acts like it's never seen you before and is completely signed out.
As far as I know, you can't change this setting.
lapcat
> it deletes first party cookies after 7 days
Technically, all script-writable storage.
> you can't change this setting.
Settings, Feature Flags, Disable Removal of Non-Cookie Data After 7 Days of No User Interaction
havaloc
That's new, thank you for that. I worry that since it's "developer" it may not be supported in future releases.
Edit: it resets that setting after Safari updates apparently.
lapcat
defaults write -g WebKitExperimentalIsFirstPartyWebsiteDataRemovalDisabled -bool true
If you set it in the global defaults, then Safari won't touch it.
crossroadsguy
What I liked about this article were these points:
> I try to stay positive about my choices
> As someone deeply embedded in the Apple ecosystem
author clearly mentioned these and that is nice. But then that is what it is. This post is "how to do few of X things in Safari browser". There are no comparisons, none - nothing at all. Because something like privacy stands nowhere until we know what else is out there, how better you can be protected. Because I am pretty sure Internet Explorer (current name is Edge, right?) must have been saying from the day 1 "we take your privacy very seriously", just like good old Zuck's toys say.
But then the author happily turns to the browser wars (something they explicitly said they are not into; repeatedly) and brings Firefox in the conversation. "For fun" of course :)
But still all good. Eventually it boils to that and author kinda says it - they just want to be happy about their setup and that is all. That is what this blog post is - a "so called" happiness post. That is nice. Very nice.
PS. And god, Hush never works. At least it doesn't work for me :D
ementally
Not a good article with a lot of privacy theatre
adblock testing websites http://brave.com/blog/adblocker-testing-websites-harm-users/
fingerprinting test websites https://github.com/orgs/privacyguides/discussions/7#discussi...
Used useless extensions[1] for example "Privacy Badger"[2]
[1] https://github.com/arkenfox/user.js/wiki/4.1-Extensions
[2] https://github.com/arkenfox/user.js/wiki/4.1-Extensions#-don...
scyzoryk_xyz
Oh great and here i was convinced my setup is private ಠ_ಠ
ghostwords
That wiki page is nonsense.
>Redundant with Total Cookie Protection (dFPI)
https://privacybadger.org/#Is-Privacy-Badger-compatible-with...
morelandjs
How to avoid fingerprinting? In general, and is there anything for Safari?
akimbostrawman
You can't avoid fingerprinting. Drawing a real life comparison: Even having no finger at all is a identifiable characteristic in itself.
The only thing you can do is minimize and standardize the amount of identifiable characteristics shared like the tor browser does.
layo
I achieved the same score by simply using Pi-hole.
Tested on Chrome for Android and Firefox with (and without) ublock Origin.
mjlee
I recently stopped using Pi-hole. I honestly think it’s great, but it just breaks too many websites in really subtle ways. With DNS caching it’s tricky to troubleshoot too.
rekabis
I am curious if Wipr protects against all four major fingerprinting types, or if it only protects against canvas fingerprinting.
BenFranklin100
The article misses the probably one of the biggest advantage Firefox offers privacy-wise versus other browsers: Firefox Multi-Account Containers. Containers allow you to isolate different websites into separate browsing environments.
Recently Mozilla integrated their VPN service directly into the browser too and it is Container aware.
https://support.mozilla.org/en-US/kb/protect-your-container-...
st3fan
"Starting with Safari 17, you can use profiles to keep your browsing separate for topics like work, personal, or school. Each profile has separate history, cookies, website data, extensions, Tab Groups, and favorites."
jshier
You can create profiles, but as I understand it, Firefox containers allow you to scope profile-like containment to specific websites, which is not possible with Safari containers. In fact, I abandoned my look at Safari profiles because you can't bind particular sites to particular profiles, nor can you open sites using a specific profile within a particular tab, it must always be a window.
mnot
You can bind sites to containers in safari.
BenFranklin100
That is exactly how Firefox containers work. That’s much more powerful than what the person you are responding to implied.
Etheryte
For context, Safari 17 was released September 18, 2023.
cosmic_cheese
Additionally, installed PWAs on macOS and iOS live in their own little detached universes which can be helpful.
hnburnsy
Love Apple, profiles for MacOS and Safari, but not iOS.
ttepasse
iOS got profiles the same time. They sync.
https://support.apple.com/en-ca/guide/iphone/iphd27a9ff22/io...
BiteCode_dev
Containers work at the tab level, making them usable IMO. And firefox has profiles too.
BenFranklin100
I did not know that. Thanks.
Edit: see jshier’s response.
snackernews
What do Firefox Containers mitigate that isn’t already covered by simply disabling third party cookies in any browser?
BenFranklin100
snackernews
Thanks. Isolating Google products from one another is a legit use case.
isodev
The post conveniently forgetting Apple has at least two “helps us improve” toggles on by default, using content from Safari and Spotlight searches to “improve their services”. Privacy is really “redefined” here.
Hahaha holy moly they are linking to https://adblock.turtlecute.org/index.html to prove how great their adblocking is.
That site then says:
I found that the uBlock Origin extension breaks the final result. To fix it, add adblock.turtlecute.org as an exception in uBlock rules.
Exactly the kind of belly laugh I needed right now. That side also falsely "measures" that my ad blocker lets all kinds of sites through when in fact my setup lets absolute zero third party sites through. Hilarious!
I wonder how many people fall for sites like that.