In 2024, the average person’s web browsing session generated data collected by 6.7 different third-party trackers per page load, according to a study by the University of Pennsylvania’s Annenberg School. Over the course of a year, that adds up to hundreds of thousands of data points — your interests, your location patterns, your purchasing intent, your health concerns, your political leanings, your relationship status — assembled into profiles that are bought and sold by a data broker industry worth $240 billion annually (Interactive Advertising Bureau estimates).
Most privacy guidance focuses on the obvious: use a VPN, install an ad blocker, clear your cookies. These are fine starting points, but they address only the most visible layer of web tracking. The deeper privacy threats — browser fingerprinting, cross-site tracking via embedded content, data leakage through extension permissions, and the surveillance architecture of social media feeds — require a more thoughtful approach.
Safari is already the most privacy-respecting major browser. But even Safari’s strong defaults have gaps, and the extensions you install can either enhance your privacy or undermine it. This guide covers both: how to use Safari extensions to strengthen your privacy posture, and how to evaluate extensions themselves as potential privacy risks.
Safari’s Built-In Privacy: What You Already Have
Before adding extensions, it is worth understanding the privacy features Safari provides natively. Many users are not aware of just how much Safari does by default.
Intelligent Tracking Prevention (ITP)
Safari’s ITP, introduced in 2017 and continuously refined since, is the most aggressive anti-tracking system in any major browser. ITP uses on-device machine learning to identify cross-site tracking resources and restricts their capabilities:
- Third-party cookies are blocked by default. Since Safari 13.1 (2020), third-party cookies — the primary mechanism for cross-site tracking — are completely blocked. Chrome did not begin phasing these out until 2024, and even then with significant exceptions for Google’s own properties.
- First-party cookies from tracking domains are capped at 7 days. If you visit a site that sets a first-party cookie but the cookie’s domain is classified as a tracker, it expires after 7 days. This prevents the accumulation of long-term tracking identifiers.
- Link decoration tracking is mitigated. When you click a link that contains tracking parameters (the
?fbclid=,?gclid=, or?utm_parameters appended to URLs), Safari strips or limits the storage duration of these identifiers. - CNAME cloaking detection. Some trackers disguise themselves as first-party resources by using CNAME DNS records to make their tracking domain appear to be a subdomain of the site you are visiting. Safari detects this technique and applies third-party restrictions regardless.
Private Relay (iCloud+ subscribers)
Apple’s Private Relay routes your Safari traffic through two separate internet relays — one operated by Apple, one by a third-party partner — so that no single entity (including Apple) can see both who you are and what sites you visit. This is more privacy-preserving than a traditional VPN, which requires trusting the VPN provider with your complete browsing history.
Hide My Email
For creating accounts on websites where you do not want to provide your real email address, Hide My Email generates unique, random addresses that forward to your real inbox. Each site gets a different address, preventing email-based cross-site tracking.
What Safari Does NOT Do
Safari does not block all ads (only tracking-related elements). It does not prevent IP-based geolocation. It does not stop browser fingerprinting entirely — it reduces fingerprinting surface area but cannot eliminate it without breaking website functionality. And it cannot protect you from the data you voluntarily provide to websites when you fill out forms, create accounts, or make purchases.
This is where a considered set of extensions fills the gaps.
Reducing Screen Fingerprinting Surface
Browser fingerprinting is a tracking technique that identifies users based on their browser’s unique characteristics: screen resolution, installed fonts, WebGL rendering patterns, audio processing behavior, time zone, language settings, and dozens of other attributes. A 2024 study by KU Leuven researchers found that 94% of browsers could be uniquely identified through fingerprinting alone — no cookies required.
Here is the counterintuitive privacy insight about browser extensions: every extension you install potentially changes your fingerprint. Extensions that modify page content (ad blockers, dark mode tools, reader mode tools) create detectable modifications that fingerprinting scripts can measure. A browser with Extension A and Extension B has a different fingerprint than one with only Extension A.
This means the privacy-optimal strategy is not “install every privacy extension available.” It is “install the minimum set of extensions that provides the maximum privacy benefit, and be strategic about which extensions modify page content.”
Make It Dark Mode is one extension where the privacy trade-off is clearly favorable. It modifies page CSS — which is technically detectable — but it does so in a way that is common (dark mode is extremely popular) and uniform (the modifications are consistent across users of the same extension). The privacy cost is minimal; the practical benefit of reduced eye strain during long browsing sessions is significant.
Strategic Extension Usage
Fewer extensions, each well-chosen. Five carefully selected extensions create a smaller fingerprint surface than fifteen overlapping ones. Each extension adds to your browser’s unique characteristics, so avoid redundancy.
Prefer extensions that work at the browser level rather than injecting content. Extensions that modify browser behavior (new tab replacements, toolbar tools) leave fewer fingerprinting traces than extensions that inject CSS or JavaScript into every page.
Regularly audit your installed extensions. Safari Settings > Extensions shows every installed extension and its permissions. Remove any extension you have not used in the past month. Dormant extensions still affect your fingerprint and may still have active permissions.
RSS: The Tracker-Free Reading Alternative
Social media feeds and news aggregators are surveillance architectures. Every article you click, every headline you hover over, every piece of content you linger on is tracked, analyzed, and fed back into recommendation algorithms that optimize for engagement — not for your genuine information needs. Facebook’s internal research, revealed during the 2021 Congressional hearings, showed that the platform’s algorithm systematically amplified divisive content because it generated more engagement. Twitter/X’s recommendation algorithm, analyzed by researchers at UC Berkeley in 2024, showed similar engagement-optimization patterns.
RSS Reader provides a fundamentally different model: you subscribe to the feeds of specific websites, and new content is delivered to you in chronological order with no algorithmic manipulation, no tracking, and no ads.
How RSS Protects Your Privacy
No behavioral tracking. When you read articles through RSS, the content is fetched by your RSS reader. The publisher knows an RSS client accessed the feed, but they do not see your browsing history, your location, your device fingerprint, or your reading patterns. Compare this to visiting the same site in a browser, where analytics scripts, social widgets, and ad networks track every page view.
No cross-site profiling. Social media platforms track your activity across every site that embeds their widgets (which is the majority of the web, thanks to share buttons and comment systems). RSS bypasses these embedded trackers entirely because you read the content in the RSS reader interface, not on the publisher’s tracked page.
No algorithmic manipulation. You see what you subscribed to, in the order it was published. No one is deciding what you should read based on what will keep you engaged longest or what will generate the most ad revenue.
No email address required. Unlike newsletter subscriptions — which provide the publisher with your email address for tracking and monetization — RSS subscriptions are anonymous. You subscribe to a feed URL. The publisher does not know you subscribed.
Building a Privacy-Respecting Information Diet
Replace your social media news consumption with RSS feeds from the same publishers. Instead of reading The New York Times through Facebook links (giving both Facebook and the NYT your data), subscribe to the NYT’s RSS feed. You get the same articles without the tracking overhead.
For a detailed guide to setting up RSS feeds, including technical sources like Hacker News, see our guide to keeping up with tech news via Hacker News and RSS.
Checking Site Status Without Exposing Your Data
When a website is not loading, the natural instinct is to search “is [site name] down?” on Google or to visit a third-party status-checking service. Both approaches leak information: Google now knows you are trying to visit that specific site at this specific time, and the status-checking service logs your IP address, your browser fingerprint, and the site you are checking.
Is It Down checks website availability directly from your browser, providing status information without routing your query through a search engine or a third-party service.
Privacy-Preserving Status Checks
Avoid search engine queries about site availability. Every search you make is logged and attributed to your profile. “Is Gmail down” tells Google that you are a Gmail user experiencing issues at this specific time and location. “Is [medical site] down” reveals health-related browsing interests. These queries seem trivial in isolation but contribute to the detailed behavioral profile search engines build.
Reduce third-party service exposure. Status-checking websites (downdetector.com, isitdownrightnow.com, etc.) operate advertising-supported models. Visiting them to check a single site’s status exposes you to the site’s own tracking infrastructure — ad networks, analytics scripts, and fingerprinting services — for a 5-second interaction.
Quick connectivity troubleshooting. When working remotely from unfamiliar networks (hotel Wi-Fi, airport lounges, co-working spaces), Is It Down helps you determine whether a loading failure is caused by the remote site or by your local network — without broadcasting your connectivity issues to third parties.
For more on checking website status and accessing cached content when sites are unavailable, see our guide to checking if a website is down and finding cached versions.
Overcoming Copy Restrictions Without Third-Party Tools
When a website blocks text selection and copying, the typical workaround is to use a third-party web service: paste the URL into a text-extraction site, use a “reader mode” service, or route the page through a web proxy. Every one of these workarounds sends the URL — and sometimes the page content — to a third-party server. That server now knows what you are reading, when you are reading it, and what content you are interested in.
Allow Copy for Safari restores text selection and copying directly in your browser, without sending any data to external services.
Why Local Processing Matters for Privacy
The distinction between “processed locally on your device” and “sent to a server for processing” is the most important privacy consideration in any tool you use. Local processing means your data never leaves your device — there is no server to be breached, no database to be sold, no API logs to be subpoenaed, and no third-party employee who can access your information.
Allow Copy processes everything locally. The extension modifies the page’s CSS and JavaScript in your browser to remove copy restrictions. No data is transmitted anywhere. The site you are visiting does not even know the restriction was bypassed.
Practical privacy scenarios:
- Reading medical information you do not want a third-party service to know about
- Copying text from financial or legal documents with sensitive personal data
- Extracting information from work-related pages covered by confidentiality agreements
- Saving content from sites you prefer not to have associated with your identity in any third-party logs
Extension Permission Auditing: Trust, but Verify
Every Safari extension requests permissions that determine what it can access. Understanding these permissions is essential for privacy-conscious users. Safari’s extension permission model is more restrictive than Chrome’s, but it still requires attention.
Common Extension Permissions and What They Mean
“Read and alter web page content on [specific sites]” — The extension can see and modify the content of pages on the listed sites. This is necessary for extensions that change page appearance (dark mode, readability) or extract information (SEO tools, color extractors). The privacy implication depends on the scope: “all websites” is very different from “only example.com.”
“Read and alter web page content on all websites” — The broadest content permission. The extension can see everything you do on every page. Extensions that need this permission (dark mode, copy on select, plain paste) typically justify it because they need to work on every site. But a calculator extension requesting this permission would be a red flag.
“Access browsing history” — The extension can see your past browsing activity. Very few extensions legitimately need this. If an extension requests history access without a clear functional reason, do not install it.
“Access information about your tabs” — The extension can see which pages are open in your tabs. Tab management extensions need this; most other extensions do not.
How to Audit Your Extensions
- Open Safari Settings > Extensions. Review each installed extension.
- Check permissions. For each extension, note what it can access.
- Evaluate necessity. Does the extension need those permissions for its stated function?
- Check update frequency. Extensions that are actively maintained receive regular updates. Abandoned extensions may have unpatched security vulnerabilities.
- Prefer App Store extensions. Safari extensions distributed through the App Store undergo Apple’s review process, which checks for privacy policy compliance and malicious behavior. Extensions sideloaded from outside the App Store bypass these protections.
The Privacy-Conscious Browser Configuration
The goal is not perfect anonymity — that requires Tor and significant usability sacrifices. The goal is a reasonable privacy posture that protects against the most common and most profitable forms of tracking without making your daily browsing experience miserable.
Layer 1: Safari Defaults (Already Active)
- Intelligent Tracking Prevention blocks cross-site tracking
- Third-party cookies are blocked
- Private Relay (if you have iCloud+) masks your IP from sites
Layer 2: Behavioral Changes (No Extensions Required)
- Use Private Browsing windows for sensitive searches
- Use Hide My Email for account creation on untrusted sites
- Clear website data periodically (Safari Settings > Privacy > Manage Website Data)
- Use DuckDuckGo or another non-tracking search engine as your default
Layer 3: Strategic Extensions
- RSS Reader replaces social media as your primary news source, eliminating the tracking infrastructure of algorithmic feeds
- Make It Dark Mode provides ergonomic benefit with minimal fingerprinting cost
- Is It Down replaces tracker-laden status-checking services and search engine queries
- Allow Copy replaces text-extraction web services that log your URL and content
Layer 4: Regular Maintenance
- Audit installed extensions quarterly
- Remove extensions you no longer use
- Review extension permissions after updates
- Monitor Apple’s privacy reports (Safari > Privacy Report) to see how many trackers were blocked
For a comprehensive guide to privacy and security tools across iPhone and Mac — including password management, encrypted storage, and data hygiene — see our guide to the best privacy and security apps for iPhone and Mac.
The strongest privacy posture is the one you actually maintain. Four well-chosen extensions you keep installed and audited are better than twenty extensions you installed, forgot about, and never updated. Privacy is a practice, not a product — and the practice starts with understanding what your tools are doing with your data, choosing tools that process locally whenever possible, and minimizing the number of third parties in your browsing chain.
