Detections
Analytics

7.2.5 Ensure Prevent Cross-site Tracking in Safari Is Enabled - WebKitPreferences.storageBlockingPolicy

Information

There is a vast network of groups that collect, use and sell user data. One method used to collect user data is pay and provide contented and services for website owners, along with that 'assistance' the site owners push tracking cookies on visitors. In many cases the help allows a content owner to keep the site up. The tracking cookies allow information brokers to track web users across visited sites. For better privacy and to provide some resistance to data brokers prevent cross-tracking.

Rationale:

Cross-tracking allows data-brokers to follow you across the Internet to enable their business model of selling personal data. Users should protect their data and not volunteer it to marketing companies.

Impact:

Marketing companies will be unable to target you as effectively.

Solution

Graphical Method:
Perform the following steps to set prevent cross-site tracking in Safari to enabled:

Open Safari

Select Safari from the menu bar

Select Preferences

Select Privacy

Set Prevent cross-site tracking is enable

Terminal Method:
Run the following command to enable Safari to prevent cross-site tracking:

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari BlockStoragePolicy -int 2

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitPreferences.storageBlockingPolicy -int 1

$ /usr/bin/sudo -u <username> /usr/bin/defaults write /Users/<username>/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitStorageBlockingPolicy -int 1

example:

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari BlockStoragePolicy -int 2

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitPreferences.storageBlockingPolicy -int 1

$ /usr/bin/sudo -u firstuser /usr/bin/defaults write /Users/firstuser/Library/Containers/com.apple.Safari/Data/Library/Preferences/com.apple.Safari WebKitStorageBlockingPolicy -int 1

Note: To run the Terminal commands, Terminal must be granted Full Disk Access in the Security & Privacy pane in System Preferences.
Profile Method:
Create or edit a configuration profile with the following information:

The PayloadType string is com.apple.Safari

The key to include is BlockStoragePolicy

The key must be set to: 2

The key to also include is WebKitPreferences.storageBlockingPolicy

The key must be set to: 1

The key to also include is WebKitStorageBlockingPolicy

The key must be set to: 1

Note: Since the profile method sets a system-wide setting and not a user-level one, the profile method is the preferred method. It is always better to set system-wide than per user.

See Also

https://workbench.cisecurity.org/files/4176

Item Details

Category: CONFIGURATION MANAGEMENT, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|CM-10, 800-53|SC-18, CSCv7|7.1

Plugin: Unix

Control ID: bb5797fb6fa754a65d94aec4dc8a927ce6ae9c02779dcaedba9f6bcb179d6d00