Home » Security Bloggers Network » How to Configure Safari for Privacy on iOS Devices (UPDATED FOR iOS 16.2)

How to Configure Safari for Privacy on iOS Devices (UPDATED FOR iOS 16.2)

by Avoid The Hack! on March 14, 2023

This post was originally published on 2 OCT 2020; it has since been updated and revised.

Though Safari is a closed-source browser, some users may wish to use with their Apple devices.

This how-to guide will show you how to increase your data privacy and security while using Safari. This guide tries to balance of privacy and security versus convenience.

“Points of decision,” exist in this guide, where users should choose between security/privacy and convenience at their own discretion. where you pretty much choose between security/privacy or convenience at your own discretion, throughout this guide.

Sponsorships Available

Safari has a privacy “ceiling.” Users seeking the most privacy possible in their browsers should consider installing and using a privacy-oriented browser for iOS.

TABLE OF CONTENTS

Preface

Update Safari and iOS

One of the best ways to maintain security (and by extension, privacy) is to keep software like browsers updated to the latest stable version available.

Keeping Safari and the iOS operating system updated is an “easy” method to make sure you are at least protected from exploits of known vulnerabilities. For most users, it’s highly recommended to turn on automatic updates so future updates and be downloaded and installed when they’re released.

Consider using a different browser

While generally secure, browsers like Edge, Chrome, and Safari have an important matter in common: there’s a “ceiling” to how private you can configure them – especially when compared to privacy-oriented mobile browsers like Brave, Firefox Focus, and SnowHaze.

Therefore, users may want to consider using a privacy-oriented browser over using Safari if privacy is their main concern.

Siri and Search

To keep it short and simple: Siri can be a double-edged sword when it comes to maintaining privacy.

Apple has found itself in hot water of Siri “overstepping,” and consequently violating user privacy. For example, in 2019, Apple confirmed that Siri was recording confidential information from users. This confidential information was made available to the company’s contractors.

Now, Apple has since apologized and addressed those concerns with Siri, but the damage is done.

Ultimately, as the user, it’s up to you to decide how much you want Siri involved in your web habits. The settings here govern how Siri gathers information related to your search history, both online and off. Users should take a look at Apple’s “Safari Search and Privacy.”

Safari uses Google as the default search engine, which is not at all a privacy-friendly search engine.

You should pick a default search engine that is more privacy friendly than Google or Bing. The options on iOS are limited, so users may want to consider bookmarking privacy-friendly search engine options, like Mojeek.

For better privacy, you should disable “Search Engine Suggestions” and “Safari Suggestions,” which helps to limit the data sent to the search engine itself and Apple.

You should also disable “Preload Top Hit.” When enabled, Safari will automatically load the top hit in the the Safari address bar. However, this can cause unwanted and and intended behavior, such as connecting to websites the user hasn’t actively clicked/tapped on.

General

You should enable the pop-up blocker (which is enabled by default.) Pop-ups can be woefully annoying and could cause you to accidentally click on something you did not intend to.

Autofill

Turn off autofill.

If you have any saved contact information or credit cards (that aren’t saved specifically in Apply Pay) on Safari, then you should delete them.

Autofill can easily make mistakes and potentially compromise your privacy in the process. For example, autofill might accidentally captured (and later paste) parts of your social security number, thinking it was part of a credit card number. It may also mistakenly paste saved credit card information into a field not designated for credit card information.

Keep in mind that some websites enable features/include code that can allow them to see what was typed/pasted into a firm field without the user ever hitting “submit.”

Malicious actors can “trick” Safari into divulging stored autofill contents with a variety of methods such as an XSS attack or any variety of phishing attacks. This could put your payment information and other personal identifiable information (PII), like full name and address at risk.

Privacy and Security

Generally, you should enable the fraud website warning and prevention of cross-site tracking here.

Blocking cookies

This is a point of decision.

Blocking cookies rejects “cookies” (bits of information) from being stored in the browser. Websites use cookies for a variety of things, such as session management (login) or as part of tracking mechanisms.

For example, if you enable blocking all cookies, log into a website, then close Safari and subsequently return to that same website, then you will have to login again. This could also apply to sites with personalization options.

If you don’t use Safari often, then it’s recommended to block all cookies so when you do use it, these bits of information are not stored.

Apply Pay

This is another point of decision.

When enabled, websites can check whether you have Apple Pay enabled. Apple Pay is fairly secure (and relatively privacy-friendly to boot), so the issue is not so much unknowingly giving out card/payment details.

The main issue is websites may use this information to fingerprint your device. Websites will now 1) you use Apple Pay (or at least have it enabled) and 2) can use this “known” for fingerprinting and/or tracking purposes.

However, Apply Pay is a more secure alternative to giving your card details directly to an online merchant.

Settings for websites

Most settings in this section are dedicated to accessibility. However, we can also modify content blockers, camera, microphone and location permissions in this section.

If you have any third-party content blockers integrated with Safari, then you should go ahead and enable them for all sites you visit.

Generally, it’s recommended to automatically deny any website access to your device’s camera and microphone by default.

With GPS location, we’ve encountered another point of decision.

More privacy-conscious users may want to err on the side of caution (rightfully so) and always deny location details to any website that asks.

However, some users who want to maintain a little bit of convenience, may want to set this to “ask.” There may be times where the user deems legitimate to grant a website access to their GPS-enabled location.