We got rid of RECAPTCHA. We're officially de-googled! Learn More

How to Configure Safari for Privacy on iOS Devices (UPDATED FOR iOS 14)

Out of the "big" and "mainstream" browsers, which include the likes of Google Chrome and Microsoft Edge, Safari is slightly more secure.

This how-to guide will show you how to increase your data privacy and security while using Safari.

I'll also be sure to keep in mind the delicate balance of security versus convenience. I am balancing enabling/disabling features in the name of privacy here.

You'll see "points of decision," where you pretty much choose between security/privacy or convenience at your own discretion, throughout this guide.

Note: Keep in mind you'll get way better privacy from other privacy-focused mobile browsers such as Firefox Focus or DuckDuckGo.

iOS 14 Update

Apple made some decent tweaks to Safari in the September 2020 iOS 14 update.

Not a ton changed for the existing settings found in this guide, but there are now some new privacy and security focused features included for Safari in the update.

Privacy Reports

Privacy reports shows you a good amount of information on what known trackers Safari has blocked, what tracker network blocked trackers came from, and from what website Safari blocked these trackers.

privacy report info in safari

It can be accessed by tapping the icon in the far left section of Safari's address bar, and then tapping "Privacy Report."

privacy report in Safari

While this is a much needed and much appreciated feature, there are privacy browsers that do this better.

Password monitoring

This is indirectly related to Safari because your iDevice will use Safari to fetch lists of passwords leaked in data bases.

It will also tell you if you are reusing passwords across accounts saved in your Keychain and whether these passwords contain "common words" that be easily guessed.

passwording monitoring ios 14

This feature can be found and enabled from the "Passwords" section of the general page of your Settings app.

While this is a very useful and friendly feature, it doesn't replace using a good password manager.

Before getting started...

Keep in mind that I am on iOS 14 and using one of the later builds of Safari in this post.

Also, if you're newer to the iOS environment, the settings for Safari are found under the Settings app.

That's where we're going to be adjusting Safari's settings in this guide.

Update everything!

One of the best ways to maintain both data privacy and security while using Safari is to keep it updated.

It seems trivial, and I guess in a way it is.

But keeping the Safari app updated is seriously the easiest way to make sure you're at least protected from the latest known exploits.

With that said, if your installed version of Safari is outdated, then just go ahead and update it. Right now.

Everything will take a couple of seconds to download and install on your device. At the end you'll benefit from the bug fix and/or security patch.

Plus, it's one less thing you have to worry about.

If you don't have automatic updates turned on, then I highly suggest you enable them so that future updates can be downloaded and installed ASAP.

I know we're still at the start of this guide, but we're already at a key "point of decision" when it comes to setting Safari up with privacy in mind on iOS devices.

Siri is as useful as it can be invasive. Apple has found itself in hot water over Siri.

In 2019, Apple confirmed that Siri was recording confidential information from users. That information was made readily available to the company's contractors.

Now, Apple has since apologized and addressed those concerns with Siri, but the damage is done. We can only think what might be next.

So, it's ultimately up to you to decide just how much you want Siri to be in on your web habits. These settings govern how Siri gathers information related to your search history, both online and off.

If you're super security conscious, you might want to disable everything. If you're not, keep some of the toggles enabled so that Siri can give you a more "personalized" approach.

siri and search safari settings

Always keep in mind that you're feeding information straight to Apple and potentially other 3rd parties, though.

In any case, you'll want to read up on Apple's "Safari Search & Privacy."

Search

The biggest thing here is choosing which search engine you want Safari to use as a default.

For most people, this is probably going to be Google. Google Search is far from the best choice when it comes to your data privacy, but I understand that it's good at finding a lot of stuff. So people use it.

Despite this, I suggest using a more privacy-focused search engine such as DuckDuckGo as your default search engine.

safari search settings

In the cases where you find yourself really needing to google something, then just visit the google homepage as opposed to having it as your default search engine.

The second biggest thing here are all the search suggestions. Do yourself a favor and turn them off.

Turning off Safari and search suggestions helps limit the data sent to the search engine your using and Apple.

This also limits the chances for third parties to use this information to create a shadow profile of your search habits. Then send you creepily hyper-targeted ads.

Keep in mind you'll probably still get some targeted ads based on your search history, especially if you use Google Search. But turning off search suggestions helps curb a portion of your data freely sent.

General

Make sure you block pop ups, even if just for your own sanity.

Additionally, you're better off keeping downloaded files to be stored on your iOS device.

safari general settings screen

Autofill

Turn off autofill for your contact information.

If you have any saved credit cards (that aren't saved specifically in Apple Pay) on Safari, delete them.

safari autofill settings screen

While autofill is a very convenient feature, it's also a very unsecure one. This isn't much unlike the clipboard (copy and paste) function.

Autofill attacks are still alive and well, and they're a goldmine for hackers and scammers.

Autofill often stores information you put into forms on webpages; these very commonly include things like your name, phone number, and address.

In some cases, your social security number (or part of it) or credit/debit card information gets stored too.

It's convenient not to have to type all this information into different site forms you visit, but it can be easily accessible for prying eyes too.

In autofill attacks, the bad guys easily get access to all the autofill information stored in a browser. This is because this information, though often sensitive, is stored in plain text and not at all encrypted.

I suggest turning autofill off - especially in Safari on iOS devices.

Privacy & Security

You'll want to definitely make sure you have the fraud website warning and prevention of cross-site tracking enabled here.

privacy and security settings safari

Blocking cookies

This is a point of decision.

Blocking cookies means that websites can't store bits of data to remember you by.

So, if you log into a website, close Safari, and then return to that website, you'll have to login again.

The same thing applies if you visit sites that have personalization options. You'll also have to deal with the GDPR cookies banners every time you visit/revisit sites.

On the flipside, when you block cookies, you're really helping to stop the collection of your information, such as other sites you visit and apps you use.

If you don't use Safari often at all, I recommend blocking all cookies so that when you do use it, nothing gets stored either long-term or short-term.

Apple Pay

Another point of decision.

When this is enabled, websites are free to check whether you have Apple Pay enabled or not.

Now, Apple Pay is decently secure, so the issue is not so much unknowingly giving out card details.

The main issue lies in that sites might probe for more details about your device (fingerprinting), or they might use what leeway to freely give them to send you more targeted ads.

Since Apple Pay is decently secure, you might not want to give up the convenience of sites automatically detecting that you have Apple Pay and going from there.

But again, you run the risk that websites now know that 1) you use Apple Pay and 2) can use this "known" to help create or add to any other data they have on you.

(If you don't use Apple Pay at all, I suggest disabling this.)

Settings for websites

We'll focus on only content blockers, the camera, microphone, and location here.

(The rest of the settings in this section are more for accessibility.)

If you have any 3rd party content blockers integrated with Safari, then I suggest you use them for all sites you visit.

safari content blockers websites

I also recommend denying any website access to your device's camera by default.

safari camera access for websites

Deny access to the microphone as well.

safari website microphone access

Now, when it comes to location, we've encountered another point of decision.

There are certainly times where you'll want to grant a website access to your location details for legitimate reasons. For example, maybe you're ordering a pizza to be delivered to your hotel room.

For this reason, in the interest of maintaining a good balance of security and balance, I recommend setting location to "ask."

This helps to ensure (although, not foolproof) that websites don't pull your precise geo-location automatically and without your knowledge.

safari location setting websites

If you're more security-conscious or just want to err on the side of caution, then feel free to deny your location details outright.

There's nothing wrong with this; you'll just have to manually change this setting if (or when) a website has a reason you deem legitimate for knowing your location.

website settings in safari

Advanced

JavaScript

This is a point of decision.

I've talked quite a bit about JavaScript, especially in the context of web browsers and security.

For starters, JavaScript is executed on the client (read: your) side, on your device.

It can certainly be used for malicious purposes, plus you don't normally get any notification when JavaScript is executed. It can also be executed automatically, without direct user input.

So, disabling JavaScript protects you from a decent amount of threats out there on the web.

But the caveat is that many legit sites that run legit scripts to function will break or not function properly when you visit them.

Ultimately, I suggest disabling JavaScript only if you know you're going to be visiting shadier sites. Otherwise, I suggest keeping it on when you're in a more... "familiar" part of the web.

Experimental Features

Most of the experimental webkit features are for developers.

However, I do suggest enabling "Automatic HTTPS upgrades" if it isn't already enabled.

safari https upgrade webkit

When enabled, this automatically upgrades the websites you visit to HTTPS (from regular HTTP).

The HTTPS protocol protects the integrity of the data your device sends to any given website's server(s) through encryption.

Final thoughts

As I've already mentioned, Safari is more security and privacy conscious than the likes of Google Chrome and other mainstream browsers. This is because when compared to many other tech companies, Apple has a slightly better reputation when it comes to user privacy.

However, if you want a browser that puts your privacy first, then you'll need to download a privacy-focused browser. I've picked out a few solid ones in a separate post.

Unfortunately, we can't uninstall Safari from our iPhones or change the "default" browser to any that we've downloaded.

So hopefully by following this guide, you can fortify Safari as best you can - whether you use it often or almost never.

With that said, I hope you learned something from this.

As always, stay safe out there!

Next Post Previous Post