Because iOS doesn’t allow you to change the default internet browser, it’s important to set Safari up as securely as possible. Below are my recommendations for iOS 10 Safari Settings. You may also consider using Firefox Focus to increase this security further.
iOS 10 Safari Settings
Safari is the default internet browser in iOS. I attempt to limit the browsing on my phone to absolute minimum because of the large amount of information that is collected from mobile devices but I still take care to ensure that my browser is as hardened as possible for those rare instances that I do browse from my phone.
Search Engine: The default search engine is Google but Safari also allows you to choose Yahoo, Bing, or DuckDuckGo. I am a strong supporter of DuckDuckGo, a relatively new search engine whose business model is privacy. DuckDuckGo does not store any information about your searches.
Search Engine Suggestions and Spotlight Suggestions: Suggestions sends both your queries and the results you select to Apple. I recommend turning it off.
Passwords & AutoFill: Tapping this option will open a sub-menu of data sets that can be filled in automatically. They are: Contact Info, Names and Passwords, and Credit Cards. I prefer not to allow anything to be autofilled. If I am on a website the fillable fields may be completed regardless of whether I wish to conduct a transaction or not, and my information may be given to that website. I also prefer to store usernames and passwords in a dedicated password manager. Finally, I do not store credit card numbers on my phone at all. Because of the various vulnerabilities inherent in mobile devices (including the risk of loss) I do not conduct financial transactions from my phone.
Do Not Track: This setting allows you to send a “do not track” request to any website you visit. These requests are toothless; websites have the option to honor them and the vast majority does not. There are pros and cons to enabling this feature. Enabling it will prevent a small number of sites from tracking you, but it will also make your browser more distinctive. This can make you more easily tracked by sites that do track your browsing around the internet.
Block Cookies: This setting allows four possible options: Always Block, Allow from Current Website Only, Allow From Websites I Visit, and Always Allow. I leave this setting at “Allow From Current Website Only”. This ensures that the only cookies that will be stored on your device (and that can potentially track you) are from websites in the tabs you currently have open.
Fraudulent Website Warning: Enabling this setting warns you if you are visiting a look-alike site. Sites such as these are commonly employed with phishing scams. If you get an email from Facebook, your bank, PayPal or another service directing you to login and change your password, it is likely a ploy to get you to go to a site that looks very similar. This site will then collect your username and password and use it to hijack your account, clean out your bank account, harvest your contact list, or other malicious activity. Though best practices would avoid this type of attack, the extra protection offered by enabling this warning is transparent and worthwhile.
Clear History and Website Data: This setting will allow you to delete browsing history, cookies, and other information about your browsing sessions. This setting will also close any tabs you have open in Safari, whether in Private Browsing Mode or not.
Private Browsing Mode cannot be accessed from the Settings. Instead it must be enabled in Safari. To enable Private Browsing, tap the “Private” button at the bottom left of the Safari interface. This will open a new set of tabs that are “private”. Private Browsing Mode can be distinguished from normal mode by the color of the top and bottom of the screen; in normal browsing mode the top and bottom of the interface will be white. In Private Browsing Mode the top and bottom of the screen will be black.
Browsing in Private does not mean that your internet traffic is protected, that you cannot be tracked, or that your data is not being shared with others. All that it means is that minimal data is being stored on your device. Your browsing history, cookies, and other information are not being saved. Even so I recommend using Private Browsing Mode as much as possible; limiting the information stored on your device is never a bad idea. Some websites requiring logins or through which you wish to make a purchase may not function correctly in this mode. For this reason you may occasionally have to leave Private Browsing.