What’s New in Safari. Discover how to take advantage of new features including Desktop-class browsing on iPad, new APIs for Safari Extensions and Content Blockers, and enhancements to make link following on macOS a great experience. Safari uses machine learning to identify advertisers and others who track your online behavior, and removes the cross‑site tracking data they leave behind. So your browsing stays your business. And Safari keeps embedded content such as Like buttons, Share buttons, and comment widgets from tracking you without your permission.
Freeware
macOS
63.9 MB
108,224
The best browser for your Mac is the one that comes with your Mac. Safari is faster and more energy efficient than other browsers, so sites are more responsive and your notebook battery lasts longer between charges. Built-in privacy features are stronger than ever. It works with iCloud to let you browse seamlessly across all your devices. And it gives you great ways to find and share your favorites. Put it all together, and no other browser offers such a rich web experience.
Other download links:
What's New:
Safari 14.0 introduces new features, even faster performance, and improved security.
- New tab bar design shows more tabs on screen and displays favicons by default
- Customizable start page allows you to set a background image and add new sections
- Privacy Report shows cross-site trackers that are being blocked by Intelligent Tracking Prevention
- Removes support for Adobe Flash for improved security
New Safari 2020
Longer battery life and faster performance.
With a blazing-fast JavaScript engine and energy-saving technologies, Safari is a faster, more enjoyable way to explore the web.
Browse longer. Watch more.
Safari is engineered specifically for Mac, so it takes advantage of the powerful technologies built into every one. Ummy video downloader 1 52 – the simplest video downloader. And Safari now offers native support for Netflix. So compared with Chrome and Firefox, you can browse for up to two hours longer and watch Netflix videos up to three hours longer.
Faster than Chrome and Firefox.
Browsing with Safari is blazing fast thanks to advanced JavaScript engine optimizations that make websites and web applications feel snappier.
Defending your online privacy and security.
Privacy and security aren’t just something you should hope for — they’re something you should expect. That’s why features to help protect your privacy and keep your Mac secure are built into Safari. For example, it’s the only browser to offer DuckDuckGo — a search engine that doesn’t track you — as a built-in option.
Surf seamlessly across all your devices.
Not only does Safari come on every Mac, it comes on every iPhone, iPad, and iPod touch, too. And thanks to iCloud, your passwords, bookmarks, history, tabs, and Reading List are always up to date no matter which device you're using.
Discover something great. Then share it just as easily.
Safari makes it simple to find and enjoy the best of the web. And we've made it easy to share what you find with others.
Spotlight suggestions.
With Spotlight built into every Mac, you’re never far from the information you want. As you type in the Smart Search field, Spotlight suggestions display results from sources like Wikipedia, news sites, Maps, iTunes, movie listings, and more.
Share menu.
Share anything you come across on the web without leaving Safari. Just click the Share button, then choose how you want to send it off. Use Mail, Messages, or AirDrop. Tweet or post to Facebook. And even add comments and locations. A single sign-on sets up sharing to Facebook and Twitter, so you only need to log in once.
Shared Links.
Shared Links is the best way to see what’s up on the web. When you’re in the mood to read something new, quirky, or cool, open Shared Links in the Safari Sidebar, where you can view links from people you follow on Twitter and LinkedIn. You can scroll seamlessly from one story to the next, no clicking required.
What's New:
General
New Features
- Added Desktop-class Browsing to Safari for iPad. Safari for iPad displays the same desktop websites as Safari for macOS, and provides the same capabilities. In addition it has more keyboard shortcuts, a download manager with background downloads, and support for top productivity websites.
- Added opt-in dark mode support for websites in Safari for iOS.
- Added support for aborting Fetch requests.
Authentication and Passwords
New Features
- Updated Safari to prompt the user to change weak passwords when signing into a website. Requesting a password change uses the well-known URL for changing passwords, enabling websites to specify the page to open for updating a password.
- Added support for FIDO2-compliant USB security keys with the Web Authentication standard in Safari on macOS.
- Added support for Sign in With Apple to Safari and to WKWebView.
Security and Privacy
New Features
- Added a permission API on iOS for DeviceMotionEvent and DeviceOrientationEvent.
- Changed the behavior for third party iframes to prevent them automatically navigating the page.
- Updated Intelligent Tracking Prevention to prevent cross-site tracking through referrer and through link decoration.
- Improved the privacy of local WebRTC data connections with mDNS ICE candidates.
- Increased the security for WebKit sandboxes on iOS and macOS.
Layout and Rendering
New Features
- Added support for one-finger accelerated scrolling to all frames and overflow:scrollelements eliminating the need to set-webkit-overflow-scrolling: touch.
- Changed the default behavior on iPad for wide web pages with responsive meta-tags that require horizontal scrolling. Pages are scaled to prevent horizontal scrolling and any text is resized to preserve legibility.
- Added support for CSS conic gradients.
Performance
New Features
- Reduced the initial rendering time for webpages on iOS.
- Added automatic support for Fast Tap to desktop websites on iPad.
- Reduced load time up to 50% for webpages on watchOS.
- Reduced the amount of memory used by JavaScript, including for non-web clients.
- Improved the MotionMark graphics performance benchmark score by 10%.
Web API
New Features
- Added support for the __Secure- and __Host- cookie prefixes in beta 3.
- Improved iPad hardware keyboard support for websites including focus navigation and scrolling with the arrow keys.
- Added support for the Pointer Events API enabling consistent access to mouse, trackpad, touch, and Apple Pencil events.
- Added support for the Visual Viewport API for adjusting web content to avoid overlays, such as the onscreen keyboard.
- Added support for programmatic paste with user consent to Safari for iOS.
- Updated editing callouts to avoid in-page controls.
- Added intelligent whitespace to editable WebViews and editable areas of webpages.
Payment Request API
New Features
- Added support for Apple Pay on the Web to WKWebView. Note that using script injection APIs, such as WKUserScript or evaluateJavaScript(_:completionHandler:)disables Apple Pay for that view.
Media
New Features
- Added support for the decodingInfo() method of the Media Capabilities API for checking supported codecs, efficiently supported codecs, and optional codec features including alpha.
- Added the ability to Safari for macOS to share your screen with others using only web technologies. Plug-ins are no longer required.
- Updated Safari for iPad to support Media Source Extensions.
- Added support for the navigator.mediaDevices property of the Media Capture and Streams API to SFSafariViewController.
Resolved Issues
- Transparency in video with an alpha channel now works correctly for all supported video formats.
- Safari App Extension API
New Features
- Added an API for page navigation notifications.
- Added support for associated Safari App Extensions receiving blocked content notifications from Content Blocker Safari Extensions.
Web Inspector and Tools
New Features
- Added Safari WebDriver to iOS.
- Added importing and exporting of recorded timeline data.
- Added the CPU Usage Timeline for analyzing and improving the power efficiency of websites.
- Added the Audit tab for running tests against web content including a built-in accessibility audit, importing and exporting results, and creating custom audits.
- Added the Changes sidebar in the Elements tab to track CSS changes in the Styles sidebar.
- Added the Device Settings menu to override developer-related Safari settings when Web Inspector is connected to an iOS device.
- Added a Security tab to the resources view of the Network tab to review certificates and TLS settings.
- Increased the performance of Web Inspector for large sites.
Removed Features
- Removed support for WebSQL.
- Removed support for Legacy Safari Extensions.
- Disabled -webkit-overflow-scrolling: touch on iPad. All frames and scrollable overflow areas now use accelerated one-finger scrolling without changing stacking.
- Disabled frame flattening on iOS. Frames now render in the same way as a desktop browser.
AuthenticationServices Framework
New Features
- Added ASAuthorizationController to implement Sign In with Apple and to use a system-provided sign-in account picker for accounts stored in iCloud Keychain.
- Added ASWebAuthenticationSession to the SDK for macOS.
- Added support for using web browsers other than Safari to ASWebAuthenticationSession on macOS. For more information, see ASWebAuthenticationSessionWebBrowserSessionManager.
Software similar to Safari Browser for Mac 4
- 117 votesOpera GX is a special version of the Opera browser built specifically to complement gaming. The browser includes unique features to help you get the most out of both gaming and browsing.
- Freeware
- Windows/macOS
- 28 votesBringing together all kinds of awesomeness to make browsing better for you.
- Freeware
- macOS
- 30 votesChrome combines a minimal design with sophisticated technology to make the web faster, safer, and easier.
- Freeware
- macOS
Apple’s annual Worldwide Developer Conference in late June this year included a couple of big announcements around Apple’s approach to privacy in their software.
The new Privacy Report in Safari 14 (on all platforms) uses DuckDuckGo’s tracker radar list to detail which of the most prominent tracking-capable domains have been flagged by Intelligent Tracking Prevention (ITP) in the user’s browser.
Apple also announced that the
WKWebView
class, which all iOS and iPadOS (the operating systems for iPhones and iPads, respectively) must use, will include WebKit’s ITP mechanisms on by default. The list of major browsers running on these operating systems includes Brave, Chrome, Edge, Firefox, and Safari.Safari 14 Beta
The release date for iOS 14, iPadOS 14, and Safari 14 was announced at the Apple Event on September 15, 2020, and all developers working on the Apple stack groaned in unison when they learned that the new operating systems would be pushed out the following day, September 16.
Queue a mad scramble to test the app builds against the latest versions of the build tools (released just 24 hours before the operating systems were updated), and the latest set of App Store guidelines (updated a week before).
Maybe a bit longer lead time next time, please Apple?
In this article I’ll go over these changes, exploring their impact especially on analytics and digital marketing.
Also, I recommend you bookmark CookieStatus.com - a community-led initiative to maintain an up-to-date information resource on the current status of browser (and app) tracking protection mechanisms.
The Privacy Report
Let’s tackle the easy one first.
For the first time, WebKit’s tracking prevention measures are exposed to the user (beyond enabling the Intelligent Tracking Prevention debug mode).
You can look at the Privacy Report for any site by clicking the small shield icon next to the address bar. If you want to see more details, click the
(i)
button.The first thing to note is the terminology.
domain.com was prevented from profiling you across N websites.
What does that mean? It means that the Safari browser has detected HTTP requests to the listed domains, and that the listed domains are found in DuckDuckGo’s Tracker Radar lists.
To put it in another way - if the website is making requests to domains in DDG’s Tracker Radar list, then those domains will be listed in the Privacy Report.
The funky thing is that these domains might not actually have been flagged by Intelligent Tracking Prevention yet.
WebKit’s ITP is algorithmic and on-device. The decision of whether or not a domain should be “flagged” as having tracking capabilities is done based on the user’s browsing behavior and not against a domain blocklist.
So the Privacy Report is a bit misleading.
The Privacy Report means, quite simply, that WebKit’s global tracking protections, such as truncating all cross-site referrers and blocking all cookie access in third-party context have been applied to all the cross-site HTTP requests sent from the site, including but not limited to those shown in the Privacy Report.
The purpose of this approach is without a doubt to just show how the biggest trackers on the web have been prevented from cross-site tracking, but the measures are not limited to just these domains. Nor are WebKit’s ITP measures applied to these domains automatically (I repeat: WebKit does not use blocklists - it classifies domains algorithmically).
![Safari Safari](https://cdn.vox-cdn.com/thumbor/-quhWW9ECPSUwxqsZDK_SYttYlI=/0x0:4260x2840/1200x800/filters:focal(1790x1080:2470x1760)/cdn.vox-cdn.com/uploads/chorus_image/image/67421286/safarinew.0.jpg)
If this is difficult to follow, I don’t blame you. I’m worried this Privacy Report only serves to confuddle and obfuscate rather than to illuminate and educate. Case in point: When the release was foreshadowed in WWDC, it led to a tidal wave of misinformation spreading on the web. This prompted me to write an article on the topic in an effort to stem the tide.
Let’s recap this feature as clearly as possible:
- The Privacy Report is available in the Safari 14 browser across Apple’s operating systems (macOS, iOS, iPadOS).
- It uses DuckDuckGo’s Tracker Radar list to enumerate which known tracking-capable domains have been receiving HTTP requests from the sites the user has visited.
- The report highlights how some of the most prominent tracking domains (e.g.
facebook.com
anddoubleclick.net
) have been prevented from accessing the user’s browser storage, among other things. - Since WebKit blocks all access to cookies in third-party context, the full list of “prevented” domains comprises all the cross-site requests done from the sites the user visits, not just those listed in the Privacy Report.
- If a domain is listed in the report, it does not mean that the domain has been flagged by WebKit’s Intelligent Tracking Prevention. This classification is still algorithmic and still based on the sites the user visits, and what types of cross-site requests these sites do.
- Finally, Safari does not block requests - it strips them of the capability to access cookies or parse referrer headers, etc.
I recommend you visit the Safari page on CookieStatus.com for a more detailed walkthrough of what WebKit does by default, and what is behind Intelligent Tracking Prevention’s flags.
Safari 14.0 Problems
Tracking prevention in all iOS and iPad browsers
The more interesting, and perhaps more convoluted, update was that Apple is updating the
WKWebView
class. Per the App Store guidelines, all web browsers running on iOS must implement this class, though officially there’s a transition period from the deprecated UIWebView
to WKWebView
which lasts until December 2020.And what’s the update? Well, nothing more and nothing less than that all WebKit’s Intelligent Tracking Preventions are on by default in all browsers running
WKWebView
in iOS 14 and iPad 14.At the time of writing this, all browsers apart from Brave have updated to the latest OS requirements, and Brave should follow up with a new build very shortly.
The main change can be found in Settings for each browser app. This is what Firefox looks like:
Across all iOS and iPadOS browsers, the new setting “Allow Cross-Website Tracking” is toggled off. This means that all these browsers are now implementing the full scale of WebKit’s Intelligent Tracking Prevention mechanisms.
These include, among others:
- Full third-party cookie blocking. All cookie access in third-party context is blocked. There are no exceptions. Storage access can only be granted through the Storage Access API.
- All cross-site referrers are downgraded to just the origin by default (
https://www.domain.com
). - All cookies written with JavaScript will have their expiration capped at a maximum of 7 days from the time the cookie is (re)written.
- Algorithmic classification of domains the browser communicates with. The classifier detects if the sites the user visits communicate with cross-site origins to a point where the classifier deems these domains to have cross-site tracking capabilities. At this point, additional restrictions that apply to classified domains kick in:4.1. All storage on these domains is purged after 30 days of the user not directly interacting (i.e. in first-party context) with the classified domain.4.2. If the classified domain sends traffic to other sites, appending parameters into the URLs (such as a Google ad click), then any JavaScript cookies written on the sites the links lead to will have their expiration capped at 24 hours.4.3. If the classified domain sends traffic to other sites, and the classified domain has URL parameters (or fragments) in the URL, the
document.referrer
string on the target site will be truncated to just eTLD+1 (sohttps://www.simoahava.com/some-page
becomeshttps://simoahava.com/
).
Note! At the time of writing, there seems to be a bug with the implementation across iOS browsers, and not all these mechanisms are in effect even if the “Allow Cross-Website Tracking” toggle is left to its default position of OFF.
This is … pretty big. The development of these web browsers is now intrinsically linked to the evolution of WebKit’s tracking prevention mechanisms. For example, when the upcoming CNAME cloaking mitigation sees daylight, it will be applied to all iOS / iPadOS browsers, and not just Safari as before.
Impact #1: Cross-site targeting and profiling
As third-party cookies are now flushed out of the mobile operating systems, it means that any cross-site tracking scheme that relies exclusively on these is dead in the water. Google’s DoubleClick network, for example, will no longer be able to build a cross-site profile of web users based on the sites they visit, as they will no longer be able to associate a cookie identifier to these hits.
It’s unlikely that ad tech vendors have the gall to use the Storage Access API to ask permission of the user to track them across sites.
Vendors are, naturally, busy at figuring out workarounds. Those that own an identity platform (e.g. Facebook), have for long been moving cross-site tracking away from third-party context, and others will likely follow suit.
Reliance on fingerprinting will likely increase, even though these measures are addressed by WebKit as well.
The cat-and-mouse game continues.
Impact #2: First-party analytics, optimization, personalization
Services that run in first-party context are not without impact either.
WebKit restricts the lifetime of JavaScript cookies to a maximum of 7 days, with the limit set to 24 hours in some instances.
This can have an impact on the ratio of “new” and “returning” users in analytics tools, and the likelihood of the same individual being included in different experiment groups increases, for example.
There is a known mitigation for this, which does not go against WebKit’s policies: sites can recycle cookies so that they are set in HTTP headers instead.
From https://webkit.org/blog/8613/intelligent-tracking-prevention-2-1/
Impact #3: Referrer truncation
WebKit’s approach to referrers is similar to
strict-origin-when-cross-origin
, except this is not a “default” referrer policy (it’s always on), and it’s more like strict-origin-when-cross-site
.In other words, when the website makes a cross-site request (e.g.
https://www.simoahava.com/some-page/
to https://www.google-analytics.com/collect
), the referrer visible to google-analytics.com
will be just the origin: https://www.simoahava.com/
. Barcode maker 2 23 download free.If the website makes a cross-origin (but same-site) request, the referrer string will be untouched.
Additionally, if the website is classified by ITP as having cross-site tracking capabilities and it has query parameters (or fragments) in its URL, then any site it sends traffic to will have the
document.referrer
string truncated to only eTLD+1 (so https://www.simoahava.com/some-page/?key=value
will show up as https://simoahava.com
if the domain has been classified by ITP).Truncating the referrer like this has obvious impacts for analytics, for example, as understanding what sites and pages send you traffic has been a staple of web analytics for a long time.
New App Store Review guidelines
Apple also updated its App Store review guidelines a week before iOS 14 and iPad 14 were released. I recommend checking out Cory Underwood’s overview of the topic - the changes can be quite impactful for apps that also collect data from users.
Safari 14
Apps will basically have to:
- Disclose in detail what type of data collection goes on.
- Provide an opt-in mechanism to the collection of user and usage data.
- Not put up consent walls (allow the user to access content only if they give consent to tracking).
- Implement an opt-out mechanism as well, where if the user withdraws consent, their data should be purged.
There are echoes of GDPR and CCPA here, with the exception that Apple is a private company and not a legislative body. They have far more coverage than the aforementioned legal frameworks, and as these guidelines have a direct financial impact on organizations (loss of revenue if apps are removed from the store), they will likely inspire far more and faster action than any laws or regulations.
Summary
iOS 14, iPadOS 14, and Safari 14, are major releases at least when it comes to privacy protections in software running on Apple’s operating systems.
Safari 14 Top Sites
Browsers running on iOS and iPadOS now must implement WebKit’s ITP mechanisms, which, given iPhone and iPad market share, can have a resounding impact on organizations relying on data collection and sharing.
What’s imperative now is that each organization starts benchmarking and modeling the impact of third-party cookie blocking and first-party cookie restrictions on their own data. Please try to avoid contributing to the FUD with knee-jerk reactions such as “DATA IS DEAD” or conjuring doomsday predictions based on circular reasoning.
The only thing that panic serves is the rapid spread of misinformation. And the only thing that misinformation feeds is diverting attention away from what WebKit is doing with these tracking prevention policies: eradicating cross-site tracking vectors from software and services running on the Apple stack.
Safari 14 Vp9
Please let me know in the comments if something was unclear. Note that the releases are still quite fresh, and testing them due to bugs might lead to inconsistent results.
Be sure to monitor CookieStatus.com as well. If you have information that’s missing from the service, please submit an issue about it.