Last week, we hosted a webinar featuring our CTO and Co-founder, Valentin Vasilyev, who discussed the recent browser privacy changes introduced by Apple and Google. These changes will impact businesses and developers who rely on device identification for fraud prevention and website functionality.
As Valentin pointed out, these changes pose significant challenges: "Browser capabilities, browser intelligence, and device intelligence have been very hard, and it's getting increasingly harder and harder." From Apple, we see changes aimed at obfuscating and randomizing the outputs from commonly used identification sources such as the canvas and audio.
On the other hand, Google has taken a completely different approach to privacy, introducing new APIs that allow ad publishers to operate without compromising your privacy.
In the dynamic world of web development, it is crucial to stay updated on the latest browser technologies and ensure that your web application remains functional in this evolving privacy landscape. Below, we will highlight the key takeaways from our webinar and provide the information you need about recent browser changes.
Apple's Privacy Changes in Safari 17
Apple has always emphasized its dedication to user privacy, and its recent updates in Safari continue to uphold this commitment. With the launch of Safari 17 on iOS 17 and iPadOS 17, Apple introduced several significant enhancements focused on enhancing user privacy. Valentin went into detail about the three main changes that primarily revolve around new advanced privacy protection measures for their Private Browsing mode.
Audio Buffer Noise Injection
Audio buffer noise injection introduces random "noise" to audio outputs. It works by slightly altering the data each time it is accessed, making it more challenging to identify and track users based on the consistency of that data.
Canvas and WebGL Data Serialization Poisoning
Apple introduced techniques to modify how data is serialized in Canvas and WebGL rather than simply adding noise. The canvas API now includes random bits when converting images into byte streams. This makes it much more challenging for trackers to use these outputs for fingerprinting.
Screen Resolution Hiding
Screen Resolution Hiding prevents websites from easily accessing the exact screen resolution of users, which is a common attribute used in device fingerprinting. This change directly affects the "letterboxing" technique, where browsers add padding to the content to standardize different screen resolutions. As a result, users become more uniform and harder to identify individually.
This trend is familiar to Apple, as we have seen a significant shift towards privacy being a focus, starting with the release of iOS 12 and its Intelligent Tracking Prevention features. However, despite these improvements, Apple's primary motivation appears to be reactionary. Their efforts have somewhat diminished, and other companies like Google and Brave Software have emerged as leaders in privacy protection. Apple wants to reinvigorate these initiatives, but these changes are tactical responses to specific privacy concerns rather than a strategic overhaul.
Google Expands Their Privacy Sandbox
Google's Privacy Sandbox initiative, which began in 2020, represents a pivotal shift towards an internet that respects user privacy while maintaining the vitality of digital business.
As Valentin shared, Google is “trying to make the browser the authority in deciding what kind of content you see rather than some kind of third-party company that can track user movement across the internet and perform cross-site tracking.”
At its heart, this initiative is about balancing user needs and business requirements, allowing companies to measure ad accuracy while respecting users’ privacy.
Eradicating Third-Party Cookies
As user privacy becomes more important, third-party cookies are under scrutiny. These cookies track users across websites, collecting browsing behavior without their consent. Google is gradually phasing out support for third-party cookies as they exist today as part of the Privacy Sandbox project. It proposes new APIs to support legitimate use cases while protecting user privacy.
Privacy-Focused Methods for Showing Content
New APIs simplify targeted advertising while maintaining user privacy. For example, the Topics API enables interest-based advertising without the need for cookies or tracking behavior across different websites. Instead of sharing detailed browsing histories, the browser categorizes user interests into general topics, allowing advertisers to target their ads broadly.
Safer Shared Storage
With new cookie features like Cookies Having Independent Partitioned State (CHIPS), Google will now partition third-party cookies and associate them with the top-level site where they were originally set. This means that cookies set by a third-party service can only be accessed within the same embedded context of the top-level site where they were set. To support legitimate use cases that depend on unpartitioned storage, the Shared Storage API enables websites to store and retrieve specific cross-site data securely but can only read the shared storage values in a secure environment.
Reducing Information in the User Agent
User agents no longer include minor or patch update version information to reduce the amount of data that can be used for fingerprinting. The simplified User-Agent still provides basic browser and platform information, but certain existing code that parses the UA string will now only retrieve the major version information. This change aims to make each user less distinguishable.
Google's Privacy Sandbox isn't just about adding restrictions; it's about reinventing the tools available to businesses, ensuring they remain effective in a more private web environment. This move by Google underscores the future of web browsing, one that respects user privacy while still delivering value to online businesses.
Implications for Device Identification
The privacy-related feature changes are unlikely to impact the average user. However, developers must understand the finer details of these modifications. As Valentin stated, "It now is increasingly more complex to understand if your website or web application will continue to work in this changing privacy landscape." To ensure the continued functionality of your websites, it is important to grasp their broader implications, especially in terms of device identification.
Staying Up to Date with Evolving Technologies
With the advancements in browser technologies, developers face the challenge of keeping their web applications functional. New browser capabilities require developers to update their knowledge to navigate this evolving landscape. Staying up to date with the latest developments is crucial for developers to adapt to changes and provide a smooth web app experience.
Increasing Importance of Advanced Identification Tools
As legacy techniques become less reliable, advanced tools like Fingerprint Identification, which utilize modern techniques such as machine learning and fuzzy matching, will become increasingly relevant. Unlike deterministic hashing methods affected by the recent privacy changes, Fingerprint's browser identification remains unaffected and maintains its accuracy rate of 99.5%, even in Incognito mode. By leveraging advanced algorithms and robust research efforts, Fingerprint continues to provide reliable and precise identification in the ever-evolving landscape of browser privacy.
Conclusion
These changes present opportunities for a more private internet in the future. However, they also bring challenges for developers, particularly in terms of device identification. As Valentin explained, “Adopting all the new APIs is hard; you need to learn all the new capabilities [and] there will be changes that will require a lot of work. So going [into the] device identity space with a specialized company like Fingerprint can be helpful in dealing with all the complexity in a reliable and predictable manner.”
To view the complete webinar, please refer to our recording. To learn more about Fingerprint Pro's Visitor Identification and our 99.5% accuracy rate, you can explore our documentation or contact our support team for further assistance.