6.3.4 Ensure Prevent Cross-site Tracking in Safari Is Enabled

Information

There is a vast network of groups that collect, use, and sell user data. One method used to collect user data is pay and provide content and services for website owners. Along with that "assistance," the site owners also push tracking cookies on visitors. In many cases the help allows a content owner to keep the site up. The tracking cookies allow information brokers to track web users across visited sites. For better privacy and to provide some resistance to data brokers, prevent cross-tracking.

Cross-tracking allows data-brokers to follow you across the Internet to enable their business model of selling personal data. Users should protect their data and not volunteer it to marketing companies.

Solution

Profile Method:

Create or edit a configuration profile with the following information:

- The PayloadType string is com.apple.Safari
- The key to include is BlockStoragePolicy
- The key must be set to: 2
- The key to also include is WebKitPreferences.storageBlockingPolicy
- The key must be set to: 1
- The key to also include is WebKitStorageBlockingPolicy
- The key must be set to: 1

Impact:

Marketing companies will be unable to target you as effectively.

See Also

https://workbench.cisecurity.org/benchmarks/18634

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-18, CSCv7|7.1

Plugin: Unix

Control ID: 0a2206f720c86431e7268fb389452c1272799e6b2f3c6dc9b953553157ca7158