Introduced for Private Browsing sessions in Safari 17.0, Advanced Fingerprinting Protection was also optionally available for regular non-private sessions. With iOS 26, it will be enabled by default. Here’s what that means.
Starting with iOS 26 (as well as iPad 26, and macOS 26), Apple is flipping the switch on Advanced Fingerprinting Protection for all browsing sessions, not just Private Browsing. From Apple’s iOS 26 press release:
“Browsing in Safari gets even more private with advanced fingerprinting protection extending to all browsing by default.”
In practice, that means every time you use Safari, the browser will introduce a little bit of data noise and deploy a couple of other techniques to confuse the trackers that try to follow you around as you browse.
The nerdy bits
There is no shortage of ways that advertisers and data brokers can use to track your activity across the web. And since Apple and a few other browsers started cracking down on cookies and cross-site tracking, techniques like fingerprinting have become more widely used.
Fingerprinting works by combining dozens of small technical clues, like screen size, GPU, audio stack, mouse movements, and even the fonts installed on your device, to build a profile that can uniquely identify you.
To fight this off, Safari 17.0 introduced Advanced Fingerprinting Protection for Private Browsing sessions, which makes the user’s fingerprint less unique, less stable, and less visible to websites.
They achieved that through a few interesting techniques, as explained by Apple:
To make it more difficult to reliably extract details about the user’s configuration, Safari injects noise into various APIs: namely, during 2D canvas and WebGL readback, and when reading AudioBuffer samples using WebAudio. To reduce the overall entropy exposed through other APIs, Safari also overrides the results of certain web APIs related to window or screen metrics to fixed values, such that fingerprinting scripts that call into these APIs for users with different screen or window configurations will get the same results, even if the users’ underlying configurations are different.
In other words, Safari reports confusing and random information that is imperceptible to the user experience, but makes it harder for a data broker to fingerprint the user.
Safari even applies per-site, and per-session fingerprints. So even if a site does try to fingerprint you, the browser gives it a unique ID that changes across tabs and sessions, meaning it can’t track you across the web or remember you after you’ve cleared data.
With iOS 26, Advanced Fingerprinting Protection will be on by default
Up until now, these protections were limited to Private Browsing, or you could manually turn them on in settings for non-private sessions.
With iOS 26, Safari will apply Advanced Fingerprinting Protection across all browsing by default, but users will be able to turn it back on just for Private Browsing, or off entirely.
Importantly, during the beta season, the old defaults still apply: Advanced Fingerprinting Protection is only on for Private Browsing. But if you’d like to get ahead of the official default rollout, here’s what you do:
On macOS, go to Safari Settings > Advanced, and set “Use advanced tracking and fingerprinting protection” to “in all browsing”.
On the iPhone and the iPad, go to Settings > Apps (if you’re running iOS and iPadOS 18 and up) > Safari > Advanced > Advanced Tracking and Fingerprinting Protection, and set it to All Browsing.
Mac deals on Amazon