Update on Winston Safari Extension

Many of our users have requested a Winston web extension for Safari. While we have been working on this effort since late 2019, after considerable investment of time and effort we unfortunately regret to announce that this project is being placed on hold.

tldr: Apple has crippled support for web extensions. While Winston works effectively as an ad blocker for Safari, it is not possible to selectively whitelist websites due to the restrictions described below. Please note that this was a design decision made by Apple and Winston has no control over it.

Screenshot of the unreleased Winston Safari extension

How Safari differs from other browsers

Firefox and Chrome (for the moment anyway) both adhere to a widely supported cross-browser API for web extensions. This API enables developers to create extensions that largely work in all major browsers.

In 2018 however, Apple decided to break from this standard and released a new "Content Blocker" model. While this approach is faster for software based ad blockers, it breaks necessary support for privacy protection tools.

The major limitations which we encountered while developing our Safari extension were:

1. No ability to selectively re-route requests

By default, tracking requests made on a Winston network are filtered. If you want to enable advertising or tracking (such as when searching for local restaurants), Winston enables users to bypass filtering by re-routing these requests through unfiltered proxy services.

However, Apple has decided not to support request rerouting or other modifications within Safari, so this effectively disables whitelisting.

2. No ability to inject Javascript into web pages

Browser fingerprinting is a technique that many websites use to track users who block cookies or use incognito mode. To disable malevolent fingerprinting, Winston utilizes a wrapper around the native Javascript library which adds random noise to the API calls trackers use to uniquely identify users.

Again, Apple has disabled this functionality which means that you will be unprotected against fingerprinting technologies while using the Safari browser.

3. Limited ability to modify cookies

Simply blocking cookies is not a viable solution for most users, as this renders many websites non-functional. Winston uses more sophisticated techniques to enable certain cookies to work temporarily but these require the ability to modify Cookies. Apple has disabled this functionality in Safari.

Workaround

We are surprised that these design decisions were made by a company which is ostensibly making an effort to be privacy-friendly and unfortunately, they have had the effect of rendering Safari to be an inherently un-private browser. We recommend that Mac users switch to Chrome or Firefox and use it in conjunction with the Winston web extension.

Note: if you have expertise developing extensions or proxy applications for Safari and have suggestions for workarounds, please contact us!