Apple Safari Security And Privacy Guide 2020

Last Updated on

Apple’s hardware and software protects user privacy more than Google’s. That applies to Apple’s browser, Safari, compared to Google’s Chrome. However, that doesn’t mean that you should simply accept the default Safari settings on your Mac, iPhone, or iPad. There are changes you can make to increase the security and privacy of the Safari browser.

This guide covers the full, desktop version of the Safari browser. The settings and steps are similar to the Safari mobile app.

For some settings, I don’t have a recommendation related to security or privacy, so I don’t describe them in this guide. For those, feel free to keep the default, or choose based on your preferences.

This guide was last updated for Safari 13.0 on a MacBook Pro. The settings and steps may differ based on the version of macOS, iOS, and device.

Note: this page contains affiliate links. Please see Affiliate Disclosure.

Improve Safari Security And Privacy Using Safari Settings

From the macOS menu bar, click Safari, then Preferences. The Preferences screen will appear, with several tabs of settings. We’ll go through the settings in the order they appear. You can click the question mark button in the bottom right corner of any screen to learn more about the settings on that screen.

Autofill

I recommend disabling (unchecking) all the options on this tab. I recommend using a password manager such as LastPass instead.

LastPass: Secure Password Management
Free

LastPass helps you remember and manage your secure passwords all in one place. Never forget a password again.

We may earn a commission if you click this link and make a purchase at no additional cost to you.

Search

Search engine: You can consider using a search engine that respects user privacy, such as DuckDuckGo. Unfortunately, in my experience, none of the privacy-respecting alternatives provides results as good as Google.

Include search engine suggestions: “Ask the search engine for search suggestions based on search terms you enter. The search engine may record your search terms.” I recommend disabling, to give the search engine less of your data. But, if you’re using DuckDuckGo, you can leave this checked, because DuckDuckGo doesn’t collect user data anyway.

Include Safari Suggestions: “Get Safari Suggestions as you type in the Smart Search field. Safari search includes suggestions from the Internet, Music, the App Store, movie showtimes, locations nearby, and more.” I recommend disabling, to give Apple less of your data.

Enable Quick Website Search: “Record information about your searches within a website to expedite later searches on that site.” I recommend disabling, so that less of your search activity is stored.

Preload Top Hit in the background: “Start to load a webpage as soon as it’s determined to be a top search hit based on your bookmarks and browsing history.” I recommend disabling, so that you have more control over what pages are loaded.

Safari Preferences Search

Security

Warn when visiting a fraudulent website: I recommend enabling, because the security benefit outweighs the minimal data that’s shared. Apple says, “Before visiting a website, Safari may send information calculated from the website address to Safe Browsing providers to check if the website is fraudulent.”

Privacy

Prevent cross-site tracking: “Some websites use third-party content providers. A third-party content provider can track you across websites to advertise products and services. With this option turned on, tracking data is periodically deleted unless you visit the third-party content provider.” I highly recommend enabling.

Manage Website Data: clicking this shows all the sites that are storing cookies, cache, or local storage. To remove any, select one or several and then click Remove, or click Remove All to delete stored data from all sites.

Allow websites to check if Apple Pay is set up: “When you are on a website that uses Apple Pay, the website can check if you have Apple Pay set up on that device. If you are using a Mac to which a card cannot be added, the website can check if you have Apple Pay set up on an iPhone or Apple Watch.” If you don’t use Apple Pay, you may as well disable this. If you use Apple Pay, you can decide if you like this convenience.

Websites

On the left side, click through Camera and Microphone. For each, review the sites that are allowed to use these. Change the settings for any that shouldn’t have access.

Click Location. In the bottom right, set When visiting other websites to Deny. Review the list of websites above that, and change them as necessary.

Safari Preferences Websites

Extensions

Review the installed extensions. For any that you don’t truly need, click Uninstall.

Safari Privacy And Security: Using Apple Safari Safely

Safari’s address bar (which it calls the “Smart Search Field”) will display “Not Secure” warn you when the site you’re on isn’t using an encrypted HTTPS connection. Don’t enter sensitive info (financial, medical, personally-identifiable) in pages that show “Not Secure” rather than the padlock icon.

However, not all sites that use HTTPS are legitimate! Malicious sites, such as phishing and scam sites, frequently use HTTPS. So you should still ensure that the site you’re on is legitimate, regardless of whether it uses HTTPS.

Safari address bar HTTPS padlock
Safari address bar Not Secure

Install extensions only from the Safari Extensions in the App Store, and only install extensions from outside it if you truly trust them. Before installing any extension, check its ratings and reviews, and search online for reviews from reputable tech sites.

Safari 13 added support for FIDO2-compliant USB security keys with the Web Authentication standard, so you can finally use hardware tokens like Yubikey for two-factor authentication!

Private Browsing

Like many browsers, Safari has a private browsing mode that limits the amount of data the browser stores about the browsing you do in that mode. From the macOS menu bar, click File, then New Private Window. Safari briefly explains that “Safari will keep your browsing history private for all tabs in this window. After you close this window, Safari won’t remember the pages you visited, your search history, or your AutoFill information.” Learn more about private browsing.

Safari Security & Privacy Extensions

There aren’t as many security and privacy extensions available for Safari as for Firefox and Chrome.

If you use a password manager, such as LastPass (my favorite), install it.

I use DuckDuckGo Privacy Essentials, an extension that blocks third-party trackers and shows a privacy grade for websites. If you notice that it prevents a website from working properly, you can whitelist that site, temporarily or permanently.

DuckDuckGo Privacy Essentials dashboard

Another option is Ghostery Lite, which lets you block trackers in 8 categories. I check all the boxes except Advertising because I don’t want to hurt sites that rely on ad revenue. You can also individually trust websites, to allow all trackers from a particular site to load.

Ghostery Lite Settings
Ghostery Lite Settings

4 thoughts on “Apple Safari Security And Privacy Guide 2020”

  1. It’s a great day!! Safari 13 (Late Sep 2019) now supports Fido2 and WebAuthn! Now I don’t have to switch to Chrome. Please do a how-to for a YubiKey in Safari.

    Reply
  2. Safari for me is good enough not to consider another browser. I was considering Brave as a option, but decided Safari offered me enough in privacy and security. I do use Brave on my Windows PC and agree Chad none of the alternative more private search engines work well enough for me yet. But I keep trying DDG on occasion to see how they are doing.

    Reply
    • JohnIL, I’m glad for the steps Apple has taken to increase Safari’s security and privacy, especially because it’s the default browser for Apple devices, which many people use. For search, I’ve been pretty happy with Startpage, which delivers Google search results in a private way. The results aren’t quite as good as Google.com, and it lacks some features, but it’s the best alternative I’ve found.

      Reply

Leave a Comment