Apple (Hacker News, MacRumors):
As with ITP 2.1, partitioned cookies are no longer supported, and third parties classified with tracking features across the site must now use the storage access API to access cookies.[…]
Cookies can either be set in HTTP responses or through the API.cookie API, the latter is sometimes called cake-side cookies. With ITP 2.1, all persistent client-side cookies, ie, persistent cookies created through document.cookie, are truncated to a seven-day expiration.[…]
WebKit implemented partitioned caches over five years ago. A partitioned cache means third-party cache entries are double-keyed to the origin and the first part-eTLD + 1. This prohibits cross-site trackers using the cache to track users. Nevertheless, our research has shown that trackers, to keep their practices alive during ITP, have used partitioned cache abuse. Therefore, we have developed the verified partitioned cache.
All this sounds good, but in practice ITP seems to get in the way of websites that I want to remember me. Someone I visit only once or twice a month (for example, paying a bill) that now processes my Mac as a whole new device (requiring additional authentication via SMS or SMS) each time. As far as I know, there is no way to tell Safari to rely on a particular site and always remember their cookies.
Previous: Apple removes "Don't Track" from Safari.
Stay updated by subscribing to comments RSS feed for this post.