In Europe, cross-app, cross-browser & cross-device tracking is on very thin ice legally under the GDPR, so I'm not surprised Apple finally curbs the use of "sticky" identifiers on their devices. Honestly, it's a bit shameful that a device that is marketed as the gold standard in privacy would even support such an identifier in the first place, it has literally no purpose beyond mining peoples' data.
Now that the third-party tracking ecosystem is slowly drying out I'm curious what advertisers will come up with to circumvent these new measures. Anyone here that works in the industry and wants to share some plans?
Having been on both sides of the table, I would slightly disagree here. Fraud prevention for example will get an order of magnitude harder, plus this move will further skew the playing field towards FAANG who have the resources to puzzle the scraps back together for decent conversion tracking with the help of logins, IPs, SDKs with First Party IDs and a massive dose of machine learning.
This completely changes the game on all kinds of fraud, not just ad fraud. Currently when you get caught, the service you’re abusing bans your device. To keep trying you need new hardware; attacks have a real monetary cost for the attacker. When your iPhone can present itself as infinitely many iPhones, this is neutered, and services will need different (probably more invasive) techniques to keep banned users away.
>This completely changes the game on all kinds of fraud, not just ad fraud.
As someone alt-tabbing in from real fraud investigation work, no, it doesn't. Banning burner phones and reducing banking privacy regulations would move the needle there, but those aren't even on the radar.
"Someone's script opened a page" isn't fraud. Someone built a script specifically to spam click a competitor's ads, by contrast, is.
Banning devices and identifying groups of accounts which are linked by common devices are two of the most powerful tools that my company’s fraud team talks about. We have nothing to do with advertising. YMMV.
The advertising identifier is a crappy way to do this though. There are multiple more privacy respecting ways to ban users which work much better. The IDFA can be blanked or reset where other methods like identifierForVendor cannot be reset or bypassed.
> This completely changes the game on all kinds of fraud, not just ad fraud.
Getting around a ban is not Fraud.
Regardless, a cross app ad identifier is not needed to prevent this. There are ways within your app to save data per iOS user (this is not cross app data, it's specific to your app) which would allow you to prevent this. You could use sign in with Apple/ Google/ Facebook. You could require emails. etc etc.
Not his solution, but just grab the identifierForVendor off UIDevice and ban that.
Alternatively:
> "Using DeviceCheck API’s, in combination with a server-to-server APIs, developer can set and query two bits of data per device. It will also maintain the user privacy, by not disclosing any user or device information, which is the priority point for every Apple user and most point of concern of every mobile user."
To add to what others are saying, IDFAs are specifically /not/ device IDs; they were created so that advertising tracking wouldn't carry over between multiple owners of the same phone. You can already reset your IDFA whenever you want: https://osxdaily.com/2013/02/01/reset-advertising-identifier...
Can someone (only) use IMEI plus account instead of IDFA for uniqueness?
So if you want to exclude/ban a user, you can use the IMEI+account, but outside of excluding a user from using your service, you cannot access IMEI+account.
User privacy is preserved because there's no singular ID for advertisers, and services can still ban fraud because if it's present they can use the IMEI+account to ban a user.
Maybe even have that built into the OS? The app can ban someone based on an IMEI+account, but the IMEI+account info stays on the device. The device just certifies that the combination is unique without exposing that info to the app, and the app can still ban that hardware/account, so the user would need to buy new hardware to get around the ban.
It could be. In that case, let the OS handle whether the phone/account are unique, and the app can ban that phone/account without having that unique identifier to ID the person in other cases, like advertising.
The easiest is with the identifierForVendor property of [UIDevice] which identifies that specific device for your software, but is not shared with other vendors. So you can ban Bob's iPhone across all your apps, but that ID isn't useful to other vendors.
That's not what the GP is saying. They're saying that only Facebook and the like have the resources to catch fraud, and smaller players won't. Yes, it's harder, but that hardness is almost an irrelevance to Facebook and other FAANG-alikes, whereas it could be much more of a problem for smaller businesses who will struggle to bear the costs both of fraud, and to develop anti-fraud solutions (or pay for anti-fraud services).
Maybe that opens up some opportunities as well, but that's not necessarily particularly appetising for businesses that aren't focussed around those areas of opportunity.
Most of the time, privacy and fraud both benefit from the same changes. To prevent tracking online, you want your device to look just like everybody else's devices. To prevent fraud, you want devices to look different so you can tell when a device does not represent a real user.
At the extreme, imagine if every person has a unique identifier that was automatically sent whenever they used any device: preventing ad fraud would be really easy, and you would have essentially zero privacy. At the other extreme, imagine if every device looked exactly the same, with no user agent, no IP, no cookies, no way to tell my traffic from yours. In that situation, people would have pretty strong privacy, but if you had headless browsers loading the ads on your site no one would be able to tell that those views were not from real users.
Google’s inability to protect its core revenue stream is squarely in the “not my problem” category. In fact, making internet advertising less desirable for businesses sounds like a benefit to me.
So, Apple’s decision is looking even better to me now.
I don't do mobile advertising but this is just incorrect... Most of Google's revenue comes from Search and that has nothing to do with IDFA.
Then how would third parties with no access to first party data compete when there's no more third party data would be something I'm curious for you to explain.
Ok first of all I am not saying that third parties without access to first party data will compete with google's search ad business.
I think after removal of IDFA, smaller ad networks will steal some of big players mobile market share. And mobile advertising will not move to search based advertisement as much as you think. Maybe some revenue will shift there, but I think lose on mobile side will be bigger.
Of course you don't care about it directly, but it is part of a chain that funds things you probably do care about?
Advertisers pay publishers to show their ads to real users. Publishers run their sites because they receive money from advertisers. We visit the sites because they're diverting/informative/useful/etc. If the advertisers can't tell whether their ads are instead shown to robots, the whole thing falls apart.
Shouldn't advertisers instead care about the acquisition cost per customer and revenue per customer? Do publishers not offer pricing based on these things?
> if you had headless browsers loading the ads on your site no one would be able to tell that those views were not from real users
This seems like a problem with the current model of ads being paid for by impression/click, and switching to a model where ads are being paid for the time they're being displayed (pay X to have your ad appear here for Y time) the problem goes away.
Furthermore, the current advertiisng model also suffers from this problem even beyond malicious intent. Is it fraud if a real user "looks" at the ad but actually looks away from their screen? If they mute the sound? If they don't speak the language the ad is in? Etc.
> switching to a model where ads are being paid for the time they're being displayed (pay X to have your ad appear here for Y time) the problem goes away
I don't think it does. How does the advertiser know what the spot on the site is worth without traffic estimates? See my response to chongli downthread: https://news.ycombinator.com/item?id=25431138
> Is it fraud if a real user "looks" at the ad but actually looks away from their screen? If they mute the sound? If they don't speak the language the ad is in?
None of these are fraud, because the ad is in front of a real user.
Fraud here doesn't mean "the ad doesn't perform as well as the advertiser hoped for some reason" it means "the ad was not actually shown to real users on the site, contrary to the agreement between the publisher and the advertiser".
Someone once told me how they got a bunch of cheap/used phones and just left them all running an app that shows ads. They'd glance at the phones now and then to see if they needed to "interact" with them to keep the ads rolling.
> To prevent fraud, you want devices to look different
To me, if your system relies on being able to tell most internet users apart, that sounds extremely close to processing personally identifiable information.
It doesn’t need to tell them apart individually, just high level demographics or geography are already useful. If your website suddenly got 99% of traffic from Tibet (random example), you would probably discount those impressions/clicks.
As a user I would like zero tracking because I don't care about ad fraud that much. I also think advertisers and contemporaries collecting my info is a security problem or even a breach.
> if you had headless browsers loading the ads on your site no one would be able to tell that those views were not from real users
What users actually care about protecting your propaganda based business model though? Sounds like it's pretty much your problem and you want to reduce privacy to make manipulating their behavior a bit more profitable.
I was expecting fraud here to refer to that which might impact the user in some way (i.e. credit card / bank, identity, fraud etc) - was genuinely surprised that other people read 'ad fraud' from this...
I get why businesses should care about ad fraud, but why should I, as a consumer care about it? Frankly I don't even want to know about my traffic, let alone yours.
Yes, ad fraud. We're talking about endymi0n's claim in https://news.ycombinator.com/item?id=25429278 that without IDFA preventing ad fraud is (a) harder and (b) disproportionately harder for smaller players.
1. You’re allowed to use IDFA. But users will now have to allow access, as a permission dialog will pop up first.
2. The IDFA is just a simple static UUID. It cannot do a very good job at preventing fraud. There is no way to validate anything about it or affirm that it ties to a genuine device.
1: I expect this will translate to the majority of traffic will not have IDFA available, either by apps not wanting to annoy users by asking, or users saying no.
2: On a single request, yes. But users typically make very large numbers of requests over time. The pattern of requests that you'd see from a real user looks pretty different than what you'd see from a bot.
Of course they look different over time, isn't the problem here that same data can be used to do statistical analysis for other purposes than fraud prevention?
I'm responding here to willstrafach 's claim that "The IDFA is just a simple static UUID. It cannot do a very good job at preventing fraud" and wil421's earlier "Can you explain how Apple’s anti tracking measures are going to hurt small business and make fraud easier?"
But yes, of course IDFA can be used for things other than ad fraud detection.
Yes; we're talking about endymi0n's claim in https://news.ycombinator.com/item?id=25429278 that without IDFA preventing ad fraud is (a) harder and (b) disproportionately harder for smaller players
The cost of a phone becomes a barrier to scaling fraud because once you use a phone for fraud it can be blacklisted.
Advertiser fraud is hardly the only type of fraud. It happens with services you directly pay for like ridesharing and food delivery as well. The cost of fraud becomes another cost for a service provider and prices for all users need to be raised to offset losses from fraud.
For smaller businesses without the brain power to combat fraud, their margins will be greatly hurt by fraud, making it harder to compete.
I'm in favor of what Apple is doing myself, but it's definitely a legitimate unintended consequence of this measure.
What would be useful is if Apple became the gatekeeper for tracking fraud and companies could report ephemeral identifiers for fraud that only Apple can de-anonymize and then Apple provides fraud scores for ephemeral identifiers on account signup.
Apache beam is the underlying engine we use for fraud detection. Based on proprietary heuristics we can provide the application with a confidence score the user is legit. Its up to the sec/product teams to determine when specific actions need additional verification like one time token via email or captcha. Just two examples.
The number of times I've had non-tech people complain about how their phone is listening to them and then showing them adverts about stuff they've been talking about has gone through the roof in the last 18 months (generally as soon as I mention that I work with computers).
It's becoming a real concern for normal people - they don't understand what it is or how it works but they really don't like it.
I've seen articles that defend this by stating Facebook buys debit card data, but then I was shown an ad about something extremely niche, like way out there... Aircraft pavement, specifically for aircraft hangars. One single comment was mentioned to me 8 hours prior... Involving aircraft hangar gravel or something, I never googled it, I never have even thought about such a product in my entire life. Yet there was the ad from a completely once in a lifetime conversation I had with someone. It's too damn niche to be coincidence.
I was in shock when I saw it on Instagram on my brand new iPhone (switched from Android) which has all mic permissions off by default. So some 'smart' device in their home must of heard us. Some advertiser somewhere must have my voice profile hooked up to my Instagram account by now and they somehow share it in an "unidentified" way.
Edit: We need further research into these 'impossible' ads to see if devices from different software OS' and companies are listening and grabbing detail and showing ads based on what are supposed to be 100% private conversations.
> Involving aircraft hangar gravel or something, I never googled it, I never have even thought about such a product in my entire life. Yet there was the ad from a completely once in a lifetime conversation I had with someone. It's too damn niche to be coincidence.
You might have not googled it yourself, but I bet the person you had that conversation with did. If the conversation took place in real life, then that person's device was in physical proximity to yours (i.e., location data tracking; for example, if you enter a room full of people who googled tons of stuff about a certain subject, expect to see ads around that subject popping up on your device in the near future, even if you didn't google anything about that subject before and aren't planning to do so in the future). You also probably exchanged contacts and called (or texted) each other about other stuff in general (probable, but not necessary for the scenario I am describing). And if the conversation took place online, then it is even easier. Here you go, you just created a social link between yourself and the person who googled stuff about aircraft hangar gravel. In which case, it isn't surprising at all that you got that ad.
So in a sense, you are correct, it wasn't a coincidence. But I heavily doubt it has anything to do with smart devices listening and analyzing to what you said at all. It is much more trivial and less creepy to simply utilize your social links to figure out what kind of ads to display to you than listen in and try to analyze your conversations. More reliable too.
I do, but mostly as part of the overall message. Folks like my parents will comment about how creepy targeted ads are. When I showed them how to turn it off currently, they were very happy.
I don't think they know each setting that is available, but they without doubt have the impression that "Apple is better with privacy"
I've used Android for the past decade, but I'm very strongly considering switching to iPhone because of Apple's pro-privacy moves in iOS over the past year (and also because they are the only manufacturer to make a phone that fits the human hand).
Consider that up until they implemented it, they allowed it, and people still bought phones. I don’t think people care. I think people will be happy, but I don’t think it matters one way or another for actual purchases.
If there's suddently a lot more fraud and scams on the services they use, they'll probably be annoyed. Though they probably won't blame Apple if that's your point. It's still a worse user experience.
That isn't what "fraud" means in this context. Ad fraud is when you have something other than a real user loading or clicking on ads. For example, I could stand up a headless browser to click on the ads on my site. This would get me more of a payout from my advertisers, but would also be fraud.
A stable identifier makes identifying this sort of behavior much easier.
(Disclosure: I work on ads at Google, speaking only for myself)
Ad fraud... How exactly is this my problem as a consumer? This sounds pretty much like a "you" (ad networks and advertisers) problem... So why should you be allowed to spy on me - who never defrauded any advertisers - to fix your problem?
When you use a service that is funded by advertising, the service only gets that funding because the advertisers trust that they are getting their ads in front of real users. Some advertisers are able to precisely measure the quality of their traffic, for example by seeing whether the traffic they get buys things, but most are in businesses where that's not possible (no one clicks on an ad for Coca-Cola and then places an order for Coke). Ad fraud means that advertisers are less willing to pay to be shown on the service, so the service's funding decreases.
Very likely, less funding for the service hurts you as a consumer: they are probably spending their funding in support of the site. For example, I believe that the ads here fund the moderators.
> why should you be allowed to spy on me - who never defrauded any advertisers - to fix your problem?
Then I suppose businesses will need to adapt, as businesses have for hundreds of years, either away from relying on advertisements or going back to old-school, non-intrusive, manual ad placements that don't rely on clicks, targeting, and tracking.
Much of the adaptation will be disappearing, including a large number of sites that contribute articles that pop up here on HN. Another way would be getting more invasive, like requiring login, before the content gets displayed.
Many of the sites that are featured on HN are not even the actual source of information, which often gets linked in the comments. As for going more "invasive", it's that exact reason that ads are being attacked, so I wouldn't bet on that working out long term either. I also fail to see how logging in inherently leads to revenue, unless we're talking about a subscription service in which case it'll live or die by the quality of the content....or else no one is going to pay.
This is certainly possible - I am terrible at predicting the future! To clarify the logging in comment: site is free, but they require you to login to view content (what Medium is doing) and now you have a unique identifier that can be used track you across sites when shared locally ("login with Google" effect)
I like the second part of your answer. Indeed, if you wanted something like a way to id bad actors, you could do some scheme where the OS (or browser or even secondary service) could do some form of attestation that isn't trackable and has even stronger guarantees than some unauthenticated unique id has. If Apple and Google can make their Corona Tracking APIs untrackable by third parties, then untrackable "valid device" APIs should be possible and feasible as well.
But you cannot make this my problem by saying "let me spy on you. or your shit gets more expensive, or sites have to close". That sounds too much like "an offer you cannot refuse". I will not surrender my privacy for failed business models.
The coronavirus exposure notifications are only "safe" because we assume no single actor can put Bluetooth receivers every square meter, thus rotating the IDs every so often is an effective defense against potential tracking.
The same couldn't work with the internet because essentially every ID would be known to potential bad actors, as they'd be tracking every single one of them (among other data points) and can easily defeat the rotation of those IDs based on other data points which don't change.
In general I'm not a fan of advertising, but one of the most important things it does is level the playing field across income levels and countries. $5/month would be outrageously expensive for a very large number of people, most of whom are not on Hacker News, and any discussion of replacing advertising with a subscription model has to start from that basic fact.
Sure. We're not talking about Facebook here, they'll be fine. We're talking about random sites and apps. How many apps on the Play/App Store actually implement differential pricing by region?
This cannot be an afterthought—it must be the central question all advertising skeptics must start with.
If ad companies manage to set up international ad networks that show relevant ads to the user according to their home country and interests, I wonder if all that effort and hard work couldn't have instead be spent building a platform for collecting payment internationally
I'm not justifying anything, I'm merely stating what I think is an unequivocally positive side effect of advertising-based models: they have automatic price discrimination built in. Subscription models do not have it built in—developers have to do extra work to introduce price discrimination. I think this is a demerit of subscription models, though not one that outweighs the demerits of advertising models.
> an unequivocally positive side effect of advertising-based models
Democracies are bought on advertising.
Hiding the price of the user's attention is not a positive side effect to the user. Hiding who buys the user's attention is not a positive side effect to the user. Hiding how many other people's attentions are also being sold is not a positive side effect to the user. All of these are detriments to the user.
Since you seem persuaded by ends justifying means, realize that better business models are impractical because online surveillance is so easy and lucrative. One of the biggest changes correlated with the rise of web toxicity was the rise of online advertising. Maybe coincidence, but I'd love to see what happens if surveillance becomes the exception not the norm.
This all presumes that the advertising business needs this level of granularity to succeed. It doesn't. Advertisers can purchase fixed display ads on reputable sites by contracting directly with the site owner. They can also sponsor content creators and provide them with an affiliate code which the viewers can use to receive a discount. These mechanisms do not expose the advertisers to fraud.
> Advertisers can purchase fixed display ads on reputable sites by contracting directly with the site owner.
But what is a fair price? That depends on the traffic, but we are positing that detection of "is this a real user" is not possible, right?
Traditionally, advertisers have gone by Nielsen style ratings for broadcast media (pay people to track what they consume, extrapolate) and circulation numbers for print media. In our hypothetical world the former would still be possible but the latter wouldn't. Unfortunately, in addition to being really inefficient, if you pay people to track what they consume you will essentially never compensate niche publications. This strongly promotes centralization.
Privacy Pass / Trust Tokens / etc seem much more promising to me?
> But what is a fair price? That depends on the traffic, but we are positing that detection of "is this a real user" is not possible, right?
Couldn't the price just be based on the actual payoff the advertiser gets (aka increased product sales)? The publisher is incentivized to set the maximum price that the advertiser will pay, and the advertiser is incentivized to get the most bang for their buck, so at the very least they would never pay more than what the ad brings them in terms of revenue.
Over time, this should reach an equilibrium. Niche publications may have to charge low prices at the start as they build their reputation among advertisers, but I think that's a worthwhile price to pay if it means better privacy and eliminating a problematic advertising model of CPM/CPC (where fraud is possible and tracking is required to battle it).
As I wrote in my response to rndgermandude [1], only some advertisers work this way. If you put up pictures of standing desks, people click through those ads, land on your site, and purchase desks, then it does not matter how scummy the publisher is because you can accurately measure the quality of traffic you are getting from them. On the other hand, if your ads aren't expected to lead to an online purchase (beverages, cars, political ads) this model doesn't work.
> Ad fraud means that advertisers are less willing to pay to be shown on the service, so the service's funding decreases.
Ok I agree that ad fraud is hurting publishers, as a secondary effect hurting consumers but the damage consumer getting in this current system is much much bigger. This is like saying you continue taking 5x damage, cause 1x damage to your publisher will effect you negative.
When you use a service that is funded by advertising, the service only gets that funding because the advertisers trust that they are getting their ads in front of real users.
Ad spend as a percentage of GDP has been surprisingly constant for the past century. IOW, companies do not spend more on ads just because they can better target their potential customers, nor will they spend less if they lose that ability.
I would be thrilled if online advertising became unviable as a business model. Most of what makes the web suck today (megabytes of javascript on every page; clickbait articles; outrage-driven social media; warehouses of PII waiting to be bought/sold/stolen) is because of advertising. Yes, I do want to pay for the services I use.
This. So much this. But there is hope. It seems that people are starting to realize the "price" of free content and are more and more willing to pay for it.
It could be microtransactions/in-app purchases-as-a-microtransaction, it could be subscription based models, it could be "media flat rates" (cross publication subscriptions), or something else entirely.
A lot of content, especially newspaper/magazine articles, at least here in Germany, already are paid-only, either through subscriptions or both subscriptions and alternatively microtransactions (mostly more in-depth reporting). The UK Guardian and the German taz employ voluntary payments/subscriptions with some success last I heard. US media seems to be pushing a lot more for subscriptions now ("you got free 3 articles this month")
Creators on patreon and on OnlyFans (NSFW) seem to be making good money off of subscriptions, on a smaller scale (and if they sell a product that has some demand, of course).
Relatedly the greater independence of creators from advertising would in turn mean fewer ads, which in turn means potentially more competition for the available ad space again and thus potentially higher prices.
Microtransactions are difficult legally, due to taxes.
If someone in state/country X buys something from a site in state/country Y, both X and Y may levy taxes on that transaction.
Many have thresholds for small businesses, where you don't have to collect taxes if your total business volume is below some threshold. For US states, the threshold is often of the form "more than $T total sales OR more than N sales".
With microtransactions, it is easy to exceed N sales even though you are not actually collecting much money, and then the costs of preparing and filing your quarterly sales tax reports can exceed your revenue.
Advertiser supported sites don't suffer from this problem. If someone in X visits a site in Y and Y gets payed by an advertiser for showing an ad to that person, the site does not have to worry about taxes in X, and in Y the ad revenue will just be income that gets dealt with on their income taxes.
Until we can get microtransaction-friendly cross jurisdiction sales tax reform microtransactions are going to have limited viability, at least for sites that want to operate legally.
But there there are people that intentionally bypass paywalls. Almost every article posted on HN behind a paywall has a user “neonate” who posts a paywall circumventing link. Then we collectively complain about advertising and paywalls. There is a large number of people that seem to think that all content should be free and that the people creating it are somehow a charity. I am ok with paywalls, but I don’t like to subsidize free riders. Apple News+ as a concept is a pretty good one, hopefully we can see more innovation in that sort of model.
I pay for a few paid news but I'm not fine with paywalls. It blocks non-subscriber's access, that's the problem. Obviously no one can subscribe all subscriptions, a few is max for most people. Ads is far better in this time. I wish Apple News' approach is getting popular.
Advertisers would put stupid banners on my page because they cannot do anything else but still want to advertise. Maybe they spend less because they get less return. I actually think it would increase quality of content.
Most content I consume is, like your comment, already shared by users without them receiving any compensation for it. It is usually someone who is not the content creator that profits from content on the internet.
I honestly want to see evidence for this claim. Sounds to me it makes running an ad network harder and therefore probably more expensive, but it is far from a certainty that this translates into advertisers' willingness to pay more (and pass it on to consumers).
Personally, I use ads as a signal to avoid buying certain products. If the ads are too prominent and omnipresent, it's an indication for me that I would be paying quite a premium on their marketing. But that's just me.
Let's say you're a startup trying to advertise on Google, and somebody has paid a bot network to fraudulently click on your ads. Now Google can't detect that those clicks are fraudulent, so you're billed for them.
Your channel efficiency unavoidably goes down, which increases your cost of customer acquisition because your other channels cannot pick up all of the slack.
Increasing the cost of customer acquisition is going to be bad for your business. You will either need to reduce costs (by hiring less, for example), or increase your prices.
This is a pretty status quo biased view. Maybe stronger privacy protection enables a startup search engine (or whatever) with a more privacy oriented funding method which wasn't thought viable before.
It's certainly possible new channels emerge to restore equilibrium, but I don't see Neeva (or whoever) replacing Google as a customer acquisition channel any time soon.
I think people are misconstruing me here. I'm not saying Google advertising is somehow fundamentally necessary to the economy. I'm just saying that it is straight up incorrect to think that there aren't legitimate downsides to removing their ability to police fraud.
I think there is a more charitable view of how people (I, at least) view what you are saying. There is a certainly a disadvantage to existing ad-revenue funded companies to not being able to identify their audience at the most specific possible level.
But there are also (potentially huge and beneficial) opportunity costs. We will never see alternative business models which are not viable in the existing ecosystem.
Agreed. Entrepreneurs always see opportunity in disruption, because you can always rebuild something better. Just don't @ me too hard for pointing out that the disruption is real and will affect the ecosystem (including startups!) as it is today.
There are alternatives to fight ad fraud than unqiuely tracking users everywhere.
The tracking part isn't necessary for fraud detection not even for conversation tracking. It's only necessary for "personalized ads" aka spying on users.
Products/services are typically priced according to what the market can bear. If advertising costs become cheaper for a given company, for whatever reason, who's to say this decreased expense is going to be passed down to consumers in the form of lower prices?
Living in an advertising-saturated and/or privacy-deprived world is also a "cost" borne by members of society.
> who's to say this decreased expense is going to be passed down to consumers in the form of lower prices?
Because economics. I know this intimately. I have a product we manufacture and sell on Amazon along with other channels. And if I am saving $1 on a customer acquisition, I am lowering my price one dollar because that would mean I can sell more at the same profit. Because if I try to keep that extra dollar, my competition will lower their price. Basically the cost of keeping that saved dollar is more than the gain from lowering the price a dollar. That’s how competition is supposed to work.
I know my cost of goods sold and my cost of sales down to the penny and have a pretty good idea of the elasticity curve for my product: if I lower my price by $1, I would sell x more bottles. However if I lower my price by $1 right now, I would decrease in profitability unless my costs also decreased by $1. There is a point on the curve that represents the optimal price.
It would seem that fundamental microeconomics is something not taught in many schools and that’s tragic because you get statements like “who’s to say this decreased expense is going to be passed down to consumers.” Because competition is what makes this statement silly in principle.
If consumers are desensitized to targeted advertising it could make products cheaper as they'd seek out other sources of information that don't require paying Google a hefty tax.
I don't really think that the students are the ones being "helped" when google gets paid $90 a click on student loan refinancing queries. They end up paying that $$ in the end.
Ad fraud is a morally loaded term. What's considered ad fraud is not fraud, but labeling it as such lets advertisers point to individuals running bots and scripts as malicious internet abusers. If I used the term fraud like the ad industry uses ad fraud, I'd probably lose my law license or just get buried under unfavourable costs orders in court.
So why are they deploying the term? Because it's a great way to deflect thinking about a core failing of their business logic. We've known since the day of banner ads that 'views' are a tremendously flawed metric, so blaming online agents for WHY they're flawed lets them deflect blame.
The fact that we're in this thread trying to parse semantics when consumers don't even have a seat at the table when deciding where we should fall on the tracking/privacy spectrum should tell you all you need to know about how the industry operates.
I think they mean app-side: determining if a user is a bot or not gets harder when you can't tie that user to the datamine'd indicators of their humanity.
We don't move money around or even have private messaging. If the stakes are high enough, users need the service provider to be skeptical of all client processes, because the risk of being impersonated is born, right or wrong, by the user.
If you move money around then the legal system already exists to deal with fraud.
As someone who doesn't use an iphone it's really frustrating that online services are starting to expect one for this reason when it hasn't been necessary in the past.
There's a cost-benefit balance at play: is using the cost of the legal system (lawyers, evidence, courts, long tail on case times) better than developing a system to prevent fraudulent users?
I also wouldn't be surprised if there was a burden of "good faith effort" required to show that you've taken measures to prevent frauds.
Apple's privacy changes might seem like a good idea from the outside, but essentially or paradoxically leads to higher entry barriers for new competitors and cement the role the actual players have.
However, we do not have experience with so-called "big tech." It is relatively new, iPhone came to light in 2007. So I regard Apple's measurements as another experiment, and we will see how things further evolve.
Apple's privacy changes might seem like a good idea from the outside, but essentially or paradoxically leads to higher entry barriers for new competitors and cement the role the actual players have.
Honestly, who cares if the barrier of entry for a shitty business model is raised. And can see only upside to this.
I won’t complain if it makes it harder for fly-by-night ad brokers to set up shop, quite the contrary. I don’t care if the playing field is not level, and we don’t owe them a business. You’re right, things are moving quite fast, but we are also more and more vulnerable. I won’t hesitate between the human right to privacy and a company’s right to make money.
I wonder if it would be profitable for Visa/Mastercard/Discover/AmEx to sell a verification service where people can authenticate with a $0.01 authorization or approval amount. Obviously, it wouldn't work with gift cards or other accounts not tied to a real person.
The answer to card fraud is called Strong Customer Authentication and it's a requirement under PSD2. It requires payment service providers to obtain a second factor for authentication. This might be an online banking login and approval, device data capture or an SMS one time code. How is up to the card provider.
I'm not referring to verification for card fraud, I'm saying the card networks could sell it to anyone that wants to verify a human is on the other end. Like an alternative to Captcha.
Strong Customer Authentication should be sufficient to prove that the payment request is authorised by the card holder, given this I'm not sure why a business would pay to be sure there's a human there?
I’m not referring to payments at all. I’m talking about using the card networks to serve as an alternative to Captcha for things like forums or any other situation besieged by bots and whatnot.
For some value of “solved”, yes. I live in 3DS-land myself, but since 3DS is not universal, credit card info is still at risk. I had a fraudulent purchase against my card recently. The bank returned the money, but at the moment, I am fighting a bill for import duty on the Gucci scarf the crook purchased on my card. :-/ I had no idea, until now, that they may charge €350 for a scarf.
> FAANG who have the resources to puzzle the scraps back together for decent conversion tracking with the help of logins, IPs, SDKs with First Party IDs
Those are not exempt from the GDPR either. Granted, at the moment there’s very little enforcement around these (especially IP addresses despite their huge tracking potential) but once enforcement is stepped up there shouldn’t be any difference whether it’s a FAANG or a small company doing it).
- fingerprinting (especially if you don't own any premium inventory, as premium publishers generally dislike 3p targeting).
- contextual (target the content, make decisions based on _what I'm reading_ now, not who _I am_--less dubious ethically)
My favourite one: behavioural rebranded as contextual (I know some companies selling "contextual targeting", where some of the properties clearly define the user, these are mostly ML-based solutions, relying on mobile hardware)
Behavioural cross-platform targeting will exist but in a less deterministic form.
source: I used to work in AdTech and started a bunch of privacy-related initiatives.
I think it started as a compromise measure to hamper down on collection of other more persistent device identifiers (through AppStore regulation) so in a way it was a step in the right direction when introduced.
The purpose of IDFA was to provide an identifier that wasn't hardwired to the device - apps were going to absurd lengths to get the UDID, and IDFA gave them something ostensibly sufficient that users could in theory reset at will.
I give good odds ad frameworks will again start trying to circumvent the platform security to get a UDID or equivalent.
if i remember correctly they (apple) still dont block access to the devices name (e.g "Johns iPad Pro"), so thats also one easy way to fingerprint* even without idfa
* to say nothing about the fact that apps can easily get my first name without me knowing it being super creepy
Now that the third-party tracking ecosystem is slowly drying out I'm curious what advertisers will come up with to circumvent these new measures.
Probably fingerprinting – not to mention the fact that ad-people are lobbying both legislators (including the EU) and standards bodies (like W3C)... and in the latter case they're also directly contributing to the standards.
Well, there's the entire field of databroking (likely completely illegal under GDPR, not to mention unethical from the start) and real time bidding related to this.
Given the sorry state of privacy-compliance in general (whether that's ignorance of the law or consciously taking a risk) I seriously doubt that the field of adtech is much better.
Things have changed really dramatically in in the last 13 years or so. When iPhone first launched, developers could (and did) just grab the UDID of the device and use that.
Apple has been restricting things almost from day one, and creating the IDFA in the first place was part of that, but this seems like the biggest step forward by far.
> it has literally no purpose beyond mining peoples' data
Its main purpose is targeted ads while repurposing or reselling peoples’ data is a nefarious secondary use.
Multi-sided markets are important revenue models that are tailored to user preferences and behavior. We are trying to strike a balance; we don’t need to demonize all advertising centric business models to win the argument for better privacy options.
I think both Apple and Mozilla are more aligned with my personal preferences but their positions are also perfectly aligned with their core business models.
One of the most common cases of targeting ads is remarketing: someone comes to your site, they start the process of buying a tablesaw but then leave for whatever reason. You pay to show ads of the saw so they can come back and finish their purchase if they want to.
Traditionally, this has been implemented with third party cookies. The retailer drops a cookie on the users browser, and then buys ads to be shown to anyone matching that cookie. I don't know if I would call this data mining, but it is certainly not private.
It is possible to build a system that supports remarketing in a private way, however, with new browser APIs: https://github.com/WICG/turtledove
(Disclosure: I work on ads at Google, speaking only for myself)
> they start the process of buying a tablesaw but then leave for whatever reason
Is that something that people want?
Imagine someone wants to buy a table saw and their requirements changed and they no longer need it. It would be pretty annoying to have table saws follow them around the internet when they literally don't need them (and get in the way of other ads they would potentially be interested in).
It's also a privacy issue; if someone is searching for certain sensitive items they'd rather not have those follow them around for weeks down the line.
> shameful that a device that is marketed as the gold standard in privacy
It's being marketed this way, that's it. It doesn't mean Apple care about privacy, and they prove every once in a while that they don't respect anyone's privacy at all. They spy on their users as much as anyone else (and overall, they have access to much more information than everybody else except Google).
All they want to do is prevent third-party tracking on their devices, so they have a monopoly on their users' data.
But they do collect those data and they share them with third party “partners”. Don't trust me, just look at their privacy policy, it's explicitly written there: https://www.apple.com/legal/privacy/en-ww/
Please familiarise yourself with Apple's history in consumer privacy and what they've done so far, including inadvertently forcing others to follow (looking at you Google).
Apple is now making IDFA disabled by default and requiring users to enable it if they want to.
> Apple went even further than what Mozilla supporters had asked for when it announced that it will give consumers the option to opt-out of tracking in each app, essentially turning off IDFA and giving millions of consumers more privacy online.
Apple is still going ahead with this regardless. My understanding the rollout was delayed because of ongoing financial hardship on everyone in the world because of COVID (and to give more time to advertisers, developers and others to prepare).
Mozilla is also asking everyone to publicly support Apple's decision because it's good for consumers, which in result would also force others to also adopt it (Android), but also because on the other end of this decision are advertisers, game developers and Facebook that are publicly telling everyone it's a bad thing since it'll hit their wallets.
Making noise about issues helps them getting fixed at several level. If people are aware, they can factor it in their purchase decision, they can get some support for some regulations, good publicity is an incentive for some companies to behave, etc. Mozilla is just encouraging people to support this type of initiative, it does not mean that Apple is bad just because they do something that their users like.
They only share data with partners at the direction of users and only to provide specific services, and use for marketing is banned. That privacy policy?
As that article, and others on this have pointed out, there are a whole host of reasons why encrypting iCloud data is problematic that have nothing to do with law enforcement. As you have read the article, obviously you must know this very well. In many other areas, they absolutely do encrypt. The fact is encryption sometimes carries down sides, such as an increased risk of users permanently losing access to their data.
Web services companies face a ton of problems operating in China that are really specific to the kinds of services they offer. Apple simply doesn't offer those kinds of services.
> They spy on their users as much as anyone else (and overall, they have access to much more information than everybody else except Google).
This is easily disproven by making a GDPR access request to see what various companies have retained on you, or if you’re extra paranoid inspecting what the device is sending back over the network.
Well, less than a month ago all Mac apps worldwide refused to open because the listening service at Apple failed to respond, so you don't even have to look at the network to know that Apple is spying…
Apple has access to all apps you open, your position, the content of your iCloud, etc. etc.
Short answer: apps are signed with a developer's certificate they get from Apple; the OCSP check for certificate validation went down. To put this in context, whenever you connect to a secure website, OCSP is used to make sure the certificate is still valid (unless OCSP stapling is used, but that's another issue). BTW, OCSP checks are unencrypted, but Apple says it will change to an encrypted protocol.
And it wasn't all apps—unsigned apps are allowed to run, so by definition, there's no way for Apple to "know" about them. Many people didn't know it was happening because they weren't affected.
It's funny, because Apple privacy policy explicitly covers this data collection, yet you still believe it doesn't exist.
> Usage Data. Data about your activity on and use of our offerings, such as app launches within our services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data
> To put this in context, whenever you connect to a secure website, OCSP is used to make sure the certificate is still valid
This is not how any browser implements it today. Browsers either do not check (Chrome, Safari) or check but fail open (Firefox, Edge). I'm not aware of any browser that fails closed in its default configuration. More: https://www.ssl.com/article/how-do-browsers-handle-revoked-s...
Mozilla and Chrome have schemes to send a subset of revocations from the browser vendor to the user, Mozilla's is named OneCRL, the Chrome one is CRLSets.
For most websites if your end entity leaf certificate is revoked for some mundane reason Chrome likely simply won't know or care and it'll still work, because you aren't covered by CRLSets as the data would be too huge.
The long term fix, which site owners can implement, is OCSP Must Staple. What happens there is, when you request a certificate you insist on this "extension" and the extension tells client software "This certificate is only valid if accompanied by an up-to-date OCSP response". Then you set your server software to fetch OCSP responses for its own certificate and serve those to visitors.
This means excellent privacy (PornHub's certificate issuer still knows that PornHub is PornHub, not an invasion of privacy, and PornHub still knows that PornHub visitors visited PornHub, but the issuer doesn't learn who the visitors are) while being revocable (if the issuer provides REVOKED OCSP answers then you can't show that revoked certificate to a client once the last not-REVOKED OCSP answer expires)
Unfortunately, and this is a huge shame most especially for Apache, there are a lot of HTTPS servers that got OCSP Stapling badly wrong, meaning you need newer versions of software or have to install complicated workarounds because the early implementations were so stupid.
> Incidentally did you know that web browsers tell certificate authorities about every website you visit that uses TLS with support for OCSP stapling.
OCSP stapling is exactly what enables the browser to verify the revocation status without contacting the cert authority. Also, not all browsers check OCSP.
Facebook collected data for ages using their SDK and lists of e-mail addresses/phone numbers submitted to them by advertisers but only started exposing them in their "download my data" tool (their GDPR SAR process basically) relatively recently.
GDPR access requests don't always tell the truth, often due to malice but in some cases incompetence too (there were a couple of times where my GDPR complaints have actually revealed to the company that their third-party SDKs leaked more data than they originally thought).
You can't say things like that, can you imagine how Apple device owners (which are plenty here) would feel about their purchases? I've seen the argument of 'using Apple if you are privacy conscious and rest is subpar' here a thousand times as a main justification for the higher price.
Say what you want about Apple but they are by far the most privacy focused big company. Their income is from selling physical devices. Typical megacorps in 2020 are leveraging economies of scale to sell their users' attention. Apple has a unique value add in that when their users benefit they benefit.
Apple revenue for the last year was $275 billion. So you've listed 3.5%, 7%, and probably-rounds-to-0% of their revenue, which doesn't seem like it actually counters the original point.
As you correctly point out, those are revenue figures, not profit. $10 billion from Google out of $60 billion in profit is significant. Apple saying they 'care' about privacy while making +15% of its profits from Google alone is hypocritical.
At the end of the day it's just an option that users can easily choose to opt out of.
As much as I would like them to default to and support DuckDuckGo instead (hell, it would be a match made in heaven if Apple were to buy DDG and make it their privacy centrepiece), a lot of people would be confused if they got DDG instead of Google, so I don't really think it's fair to make it out as some "chink in the armour". It's a business win-win in my eyes and doesn't affect me at all.
I'm not sure this is the correct question. Every company has cost centers and profit centers.
Historically, for example, Playstations were sold at a loss and the games were sold at a profit and a licensing fee to offset that loss.
In the more modern world, Steam and Apple and Epic Games all charge a percentage-based commission for the games and in-app purchases their games have (at least some of them charge the latter). The cost of keeping the game in their catalog is very low compared to the price they charge. The markup is very high; but, it does offset development costs throughout the company. Those development costs may or may not help drive traffic or even use the services that the money-making services boulster, but the money-making services do help pay for it.
Apple makes about 60 billion a year in the profit. The 10 billion they get from Google constitutes 16% of their annual profit. That’s significant!
Apple trades at a 37x P/E ratio. An additional $20B profit could be worth about an additional $760 billion in market cap. You can’t dismiss 10 billion in pure profit because their market cap. Those numbers are directly related and far closer in meaning than you give credit.
> The 10 billion they get from Google constitutes 16% of their annual profit.
You're playing funny buggers with figures there. According to your standard the sales of physical devices constitutes over 350% of their annual profit.
Yes, gross revenue is larger than net income. Particularly when manufacturing is involved.
The $10B Google money is basically pure profit. It costs Apple nothing. Maybe a few million in lawyer time to negotiate the fee each year.
Hardware sales generates enormous revenue and also very large profit. I believe more than half of Apple’s profit is still hardware sales. But they’re working very hard to increase their services income.
> The $10B Google money is basically pure profit. It costs Apple nothing.
If they didn't spend all that money on producing the phones they'd have nothing to sell to Google. You can't meaningfully divorce the two, all profit centres of a business rely on the cost centres.
You are claiming the Google money is 'pure profit' while making phones is not.
They are saying that you can't account for the Google money as pure profit, even though the costs aren't as obvious. In particular, their argument says, you have to make and sell the phones before Google will give you money to make their search engine the default.
So the Google money is not pure profit, in the same way the phone sales are not pure profit (even though the underlying costs are not as obvious).
Apple’s profit is increasingly derived from non-hardware sales. That profit is dependent on them having sold hardware. If they sell no hardware they will generate no services revenue or profit.
Scroll way back to the root of this conversation. Someone said that $20B is not nothing but is a small fraction of their revenue. I think this is a poor characterization because you need to consider the source of both gross and net revenue.
Yes, services revenue is dependent on hardware sales. And yes the margin on services is significantly higher than the margin on hardware. Apple has been working very very very hard to increase services revenue because it is so profitable. Yes that profit is dependent on their ability to continue to sell hardware. Apple’s ability to grow their annual profit is highly dependent on their ability to both maintain hardware sales and increase services revenue. There is a LOT of room to grow services revenue. There is much less room to grow hardware revenue.
I look forward to seeing where the goal post gets moved next.
> I think this is a poor characterization because you need to consider the source of both gross and net revenue.
I agree with this wholeheartedly.
From earlier upthread (forrestthewoods-0):
> Apple makes about 60 billion a year in the profit. The 10 billion they get from Google constitutes 16% of their annual profit. That’s significant!
This is the contentious part.
Some of the $10B from Google needs to be allocated against the cost centres that enable the sale, in order to account for it correctly. To put it another way, the marginal cost of this revenue is insignificant but the capital costs are significant.
It is worthwhile to consider marginal and capital costs separately, but it's not reasonable to ignore those upfront costs when making an argument - it comes across as "playing funny buggers with figures" (wyattpeak-1).
So I generally agree with your points, but also agree with people who say you need to factor in the non-marginal costs required to generate the Google revenue.
As a meta point, your comments on goal post moving (while potentially correct - I'm not making a comment on correctness here) don't add to your argument, your argument makes sense without them (and in my opinion would come across better if you left them out).
Not hard to be the most privacy focused big company when the competition Google , Facebook or Amazon...
I don't understand why we should always have good guys and bad guys and we can't accept that none of those company respect us.
Nothing will change if we relay Apple's propaganda about privacy. People will think that the solution is already there and it's Apple. And it's not. Apple has catastrophic Privacy, just a bit less catastrophic than Google but that's it.
They don't even encrypt your cloud, how's that remotely close to "privacy focused company"
“Catastrophic privacy” is quite a huge claim - do you have any actual examples? My perspective is that iphone privacy protections have actually gotten better and more sophisticated over time, and I’m much more comfortable having older non-techie relatives on iOS for that reason. When it comes to providing them tech support ios has always been less finicky than android.
But when you follow history of how IDFA was introduced (a replacement for more privacy-invasive identifiers which were available), IDFA makes sense. At least it's completely fair and honest - it is an identifier for advertisers, that user's have control over.
Identifier for Advertisers was opt-out, and will soon be opt-in [1], so that seems like an example of Apple's privacy protections getting better over time.
Yes, but "better" is a qualitative term not a quantitative. That this thing even exists in the first place and was either mandatory or opt-out is still concerning to me.
This change moved Apple a little closer to the "good guys" column, but not really into it.
If by "good guys" you mean champions of privacy, I don't think Apple will ever be that. They're a giant business and that means they're primarily motivated by profit.
It's up to the people to be the champions of privacy and help Apple realize that our interests (privacy) are aligned with their interests (profit).
(And I say this as someone who's rather anti-Apple for other reasons. Life is complicated and full of compromises.)
Agreed, we should be careful not to champion them as the saviours of consumer privacy just because they have lately been marketing themselves as an improvement over Google and Microsoft.
What are they doing that other vendors aren't? From what I can tell their privacy-forward marketing began with the rollout of the Secure Enclave in the 5S, but Android vendors were already using hardware key stores and full disk encryption at that time.
I will admit that this action to change the advertising ID to default-off is a promising one though.
News agencies get things wrong. 'Sources' are often times extremely unreliable, or don't always present the whole picture. Not that I'm absolving Apple here, just that I've been indirectly on the receiving end of 'sources' and Reuters being technically right, but very, very wrong.
One important implication of not using full encryption is that it protects users from themselves. If a user forgets their password, Apple can still unlock their data. From a security perspective, this obviously isn't ideal. But, from the perspective of the average user who has lost all of their data, this is great.
I should be given the choice to turn it on though. I understand Apple not wanting to deal with the annoying customer who forgets their password, loses everything, and blames Apple. I’ve seen enough forgotten password people while waiting at the Genius Bar to sympathize with Apple. But just because some of their customers can’t handle the responsibility doesn’t mean none of their customers should have the option. I encrypt my hard drive despite Apple’s warnings about FireVault. I understand the risk, have weighed the pros and cons, and have taken steps to mitigate the risk.
It is very typical of Apple, unfortunately, to leave out power features in order to focus on excelling at the basics. I switched to an iPhone from a rooted Android a few years ago, and while I do miss that level of control, I don't have to worry about the overhead that that type of Android device commands.
This. As an example, my mother (who is over 90) got locked out of her icloud account a couple years ago, from getting unexpected password prompts on her ipad and not understanding which password was required, she entered the wrong one too many times. We had recorded our answers to the “security questions” when setting up the account, but they were not accepted either. In the end, we managed to restore access via a rather cumbersome process. No complaints about that, of course; the important part is that she did get her access back in the end.
It's odd though, they have these contradictory actions. For the iPhone, they are pushing for privacy, but on MacOS, we are now dealing with things like excessive telemetry to the point of phoning a authorization server for running local binaries. Not to mention the new firewall issues, where Apple utilities are able to bypass local firewall rules.
Surely you know this ‘telemetry’ statement isn’t really true. They use badly designed open protocol to do certificate revocation. It’s not like they designed this as a way to collect user data.
Perhaps they don't intend to use the data as telemetry, but regardless, intentionally or not, they are receiving information about what you are running, even if it were just a hash of the binary. So you're right, it would be a trivially small information leak, but I'd like to think a company focused on privacy wouldn't resort to such an aggressive protocol.
I haven't followed this very closely, has anyone determined exactly what is being sent?
That's a very good point. Their primary revenue stream is from hardware or sources that aren't based on collecting user data.
I also think this is why Apple and Microsoft have bright futures but companies like Amazon, Google, and Facebook will only see more legal hurdles from here on out.
Apple gets on the order of $12 billion a year from Google to make Google Search the default search engine in iOS. All that money comes from ads. They care about privacy until it hits their pocketbook.
Yes, that same hypocrisy applies to Mozilla. And it's been a total and unfortunate way to run a nonprofit - getting money from a direct competitor that wants to pay you as little as possible. The lower the browser market share, the worse their negotiating position got.
I wish they had come up with an alternate revenue stream.
If I’m looking at HomeKit for example, this is not true.
Also people would want google anyway. After all it’s still the most useful search engine for almost everyone. Apple is primarily still a device maker for people who want stuff to justwerk and people who have no interest in tech.
I treat Apple being privacy-focused the same way I treat a politician that has a platform that I like: alignment of interests at the present moment. It doesn't mean that we want the same thing for the same reasons.
IMO Pine64 is more privacy respecting than Apple. I don't have to send them an email address to install software and I don't have to send them my drivers license to be allowed to compile it.
They had me send my license the last time I tried, I guess now you can do it for free for your own devices although you still need a mac and an online developer account.
Apple had its own advertising platform called iAd that was abandonded a few years ago. Cynical me thinks that them disabling the IDFA could be a ploy for them to corner the adtech market for themselves.
As a reminder (from first hand experience with mobile development for major companies), the iOS versions of those apps do the same. Even more so, all of those tracking SDKs are targeting iOS first, Android second.
Please don't feel safe on iOS just because Apple marketing is blasting misleading claims at you.
You can see a list of apps that share you activity with facebook here (even if you didn't install any facebook app on your phone or didn't use facebook login feature) :
Sure there is. If they’re holding personal data on you, they legally have to provide it (and optionally delete it) when issued with a Subject Access Request under GDPR.
I have tried requesting personal data from one company. They quickly said they didn't have anything associated with me; I believe it's just identified by an id that I don't know and that isn't linked directly to myself.
I wouldn't be surprised if they did not link email addresses (and other user-accessible identifiers such as a phone number) anymore just to avoid having to give you your data if you request it.
Wow. I had no idea this existed. In my case, over 600 apps and services that I had no idea were connecting to Facebook. Is there no way to turn this off?
There is a "Clear history" button, but it does not delete the data. Here is the message you see once clicked:
Clear your off-Facebook activity from your account?
Here are some things to know:
- Your activity history will be disconnected from your account. This does not currently include Oculus activity. We'll continue to receive your activity from the businesses and organisations that you visit in the future.
- Clearing your history may log you out of XXX and YYY other apps and websites. If this happens, you can still use Facebook to log back in.
- You'll still see the same number of ads. Your ad preferences and actions that you take on Facebook will be used to show you relevant ads.
I don't want to minimize Apple's efforts on privacy, but this is only happening because the Overton window on privacy is finally shifting. Let's not pretend that Apple 'cares' all of a sudden. They only 'care' because it's a convenient position for them to take. Their business model isn't directly tied to the collection of data, which allows them to differentiate themselves from Google and make surgical changes like this. I propose we ask Apple to go further:
If Apple really cared, they'd make IDFA opt-in only. Why are we now applauding the option to disable a feature that the EU deemed illegal from the start? [1]
If Apple really cared, they'd remove Google as the default search engine and forgo the $8-12 billion they make from Google. Then, allow a fair bid for privacy focused search engines (or make their own). [2]
If Apple really cared, they'd stop tracking you in Apple Services like Apple TV+ and stop sharing your data with third parties. [3]
Apple can make an anti-tracking computer but nothing they do can make an anti-tracking phone. It is a "cell" phone. The very nature of cell phones means the basestations have to decide where you are and which cell takes your connections. With precise clocks and multi-lateration the position of your handset is known to about 50m. All US telco keep this location data (which is constantly updated) for 2 to 5 years. And they sell it too.
No, there is no privacy oriented, no anti-tracking, cell phone. None of them are capable of this. And no amount of "privacy" functions in the user computer will make up for the intrinsic nature of cell phones. Because cell phones are so incredibly useful people bend over backwards mentally to try to ignore this. They get angry when it's pointed out because it's "irrelevant". But it isn't. This is real tracking of you. Far worse than any "internet" tracking.
Your carrier has that correlation. They route all your packets. It doesn't matter if it is Comcast at home or Verizon/Att on the go. They know where you live and work and track you 24/7. Facebook is simply going to make a deal to have a unique ID added to URL metadata and then tracking is even more trivial. We need legislation to guarantee true net neutrality. Just like the electric company doesn't track/sell what I use my electricity on, the ISP shouldn't
track/sell what I use my data.
Well, if you want to protect yourself you should understand this in more detail.
At minimum you should be using https. Your ISP could generally know the domains you are communicating with (when and how much), but not about what. They also could not add metadata to requests. The ad tracking we're talking about in this post really needs those details, so the ISP isn't in a position to enable the kind of tracking Apple is blocking here.
You can go further and use a VPN. Then all your ISP knows is that you use a VPN, but would not be able to tell anything else. Of course, you need to trust your VPN provider (including to properly secure their service), but if you're paying for one, at least your interests are aligned. (You pay your ISP, but they operate as semi monopolies and your privacy is not their primary business concern, so your interests don't really align that well.)
I agree about not allowing ISPs to sell data, though I think it would be OK if properly anonymized.
Although for what its worth, I wonder if it's possible for a cell to throw telcos off by broadcasting at higher power and connecting randomly between more and less distant antennas.
This is probably one of the dumber ideas I've come up with given that I have no idea how the different protocols for handshakes between cells and towers work. Looking to be educated on it here in the comments.
Sounds like a great way to get your IMEI blacklisted by the carrier (and drop/miss calls a lot), and would not really stop them from triangulating your position (because you still have to be physically in range of all the towers, and would still be a determinable distance from them, being that distance is calculated using timing).
Cellular modem firmwares are also generally pretty closely guarded and not flashable.
The client handset's location is not determined by the power. It's determined by timing. Higher power would only give more basestations ability to receive your signal and add greater resolution to their position solution.
This isn't over the internet. This is a radio signal over the air.
First, your phone sends out a radio signal omnidirectionally. Then many basestations that know their own position and time very accurately receive it at slightly different times. They compare and use multi-lateration to determine where the broadcast had to come from.
You can't make any internet-connected computer any more anonymous than a cell-connected computer. Your internet connection is as traceable and mostly using the same methods as your computer minus triangulation if you turn off wifi. Your provider knows the service address and pretty much everything else.
I still want a phone with an open software ecosystem, so I'm excited that the Pinephone and Librem 5 exist. But I'm glad that Apple has been able to at least make privacy a selling point of their products. That's the way it should be.
My impression was that IDFA was a concession provided by Apple a while ago when they restricted APIs to the stable device identifiers. The IDFA was an identifier that advertisers could use and could be controlled by the user, which was seen as a privacy improvement on advertisers just using the device serial number.
I could be very much wrong, but this was my understanding.
That is correct. The IDFA is a compromise to get rid of older, more invasive tracking methods that ad networks used. Apple blocked access to the more sensitive data, and instead provided the IDFA which allows users to opt out, and limits the ability to combine data from different sources.
Making the IDFA opt in is now a second, stronger step towards user privacy.
I think removing the IDFA is great but .... most people probably login via the same IDs, either the same email address or facebook login, google login, github login, etc...
Once you've done that your app activity will be exchanged behind the scenes associating your data with your email or account so I'm not sure how many people this is going to really help.
IIRC Apple was trying to fix this hole too by having login via Apple give each app a different user IDs. Unfortunately that's not useful for the majority of people who need to be able to use non Apple devices.
Apple doesn’t need to fix this for users who aren’t using Apple devices. However:
The privacy feature of “Sign In With Apple” uses an email address for each service that you can use to access your accounts from other non-Apple devices, as long as the site implements a Reset Password process that accepts account email addresses (which virtually all do). The private email addresses are under Settings > iCloud > Apps Using Apple ID for apps where you hide your email.
If you have enough Apple devices to set up and configure Sign In With Apple, and you're interested in using the account with non-Apple devices, then using the Reset Password process to have a password assigned to your account generally has not — in my experience — impacted Sign In With Apple, which simply continues to work regardless. I have been able to use this process to sign in across Apple and Windows and etc without difficulty.
What's uncertain here is whether each third-party will correctly handle this workflow. I can't decide if it's worked every time because I'm lucky or because there's a regulation somewhere in the Sign In With Apple terms that requires it. I respect that this uncertainty may not be acceptable to everyone.
If this feature is going to be well-known and too easy to discover - it is already doomed. As soon as too many ordinary users start using it, advertisers will invest in workarounds. Ad blocking only worked well as long as the majority of people didn't care to use it. Ad blocking and privacy-enhancing features should be off by default, requiring you to dive deep into config dialogs to turn on so only those who actually worry about being tracked would use them - this way this can have a chance to actually work.
I don't get the downvotes. Did I insult or offend any Mozilla fans (which I am one BTW, even after some questionable decisions of late)? Am I wrong saying it's ironic to connect to Google -possibly the largest tracking company by far seeing they are present in almost every website out there- in an article praising anti-tracking measures? Is it bad to tell Mozilla to be more consistent with their message and actions?
Wish people who downvote would at least take the time to tell what's wrong with the comment. I don't mind being corrected... quite the contrary!
You're right. Firefox is basically an undercover agent for Google at this point. They are obsessively targeting FB for practices that Google is probably doing at a much greater scale.
>"In 2019, Mozilla called on Apple to increase user privacy by automatically resetting the Identifier for Advertisers (IDFA) on iPhones."
Can anyone provide more context on this event? Is it not odd that Mozilla would call on Apple to "increase user privacy" when one of Mozilla's main(most important?) partners is Google which is the very antithesis of user privacy?
Then further down the post states"
>"That’s where you come in: We need a massive outpouring of support for Apple’s decision to help strengthen its resolve to protect consumer privacy."
While I applaud these efforts I'm curious how does Mozilla reconcile taking hundreds of millions of dollars from Google while taking this principled stance on Apple? This seems to be a bit of cognitive dissonance.
Advertisers: The app eco-system would not exist without tracking!!!
Reality: Commercial and free software has existed for 70 years and ad supported software only arrived in the past 20 years. The app/ software market will do just fine without tracking.
Only 15 years ago it was very unlikely an app phoned home. It was seen as a violation of trust. I hate those that changed this. They made confidential communication unfeasible for the vast majority of people without creating a benefit.
I wonder if close to the deadline somehow Apple and Facebook agree on some sort of revenue sharing like with google search on safari. In return for using idfa.
Apples been so focused on revenue recently this could easily be just a shakedown of fb.
I doubt it, that would be the opposite of their public message on privacy. For all the recent complaints about Apple it does appear they really do believe what they are saying in public.
I don't know if they believe it. I think they see it has a good moat between them and google considering google has to kill their own profits to believably provide privacy.
Apple seems to believe it will drive market share, and I think that's better than them believing in the principle (since public companies are not principle driven).
All in all, what they are really accomplishing is making it harder and more techinacally difficult to track individual people. i.e. NOT impossible.
In the end, given enough money (or lacking enough scruples) it will still be possible to track individuals as a service, but it'll be more expensive because it has been made difficult by 'privacy-first' initiatives such as this.
So that finally, only very very large companies and governments can really afford to do this.
>Unfortunately, as you might imagine, a lot of advertisers, notably Facebook, were not happy with Apple. Facebook, which uses IDFA to track users’ activity across different apps and match them to advertising profiles, says that its advertising partners will be hit hard by this change.
I would probably be happy if I were google. It's very, very unlikely they need IDFA to know whoever someone is so this gives them an edge over competition.
It must still work to some extent because SDKs like Branch.io are able to deliver payload to your application after installing it from a "deep link". You click a link in Safari, which makes a fingerprint of your device from the browser (and bundles your IP) and sends a request to Branch.io, this redirects you to App Store and you install the app from the link. The app the uses Branch.io SDK to make the fingerprint again and asks the server to send the payload back to you. This way you can make deep links work even if you don't yet have the app installed.
To my surprise it still works quite reliably on iOS 14. It has some issues with fingerprinting if there are multiple iPhones with similar fingerprint on same network (same IP).
One thing I've never understood about fingerprinting is that Firefox is supposed to prevent it by mangling the fingerprint data if you have those settings turned on. However whenever I visit sites like this, they all those the same thing that never changes, which means my fingerprint is quite stable and shared easily.
The problem with all these anti-fingerprinting tools is you show up as a firefox user who went in to the settings and turned on fingerprint protections which no other user did so you are unique again. You need lots of users to have the same setting enabled to blend in.
It may be BS, but that analysis seems too shallow to be at all convincing either. My big question is how much resolution you can get out of things like canvas finger printing and WebGL (or even sheer JS speed). Those are places where the analog reality underlying everything we develop on may peek through unless explicit (and inherently performance reducing) measures are taken. Even if two CPUs/GPUs/SoCs are fabricated on the same process and make it into the same bin, that doesn't make them identical in performance at the level finger printing cares about. In terms of user experience, essentially nobody is going to care about +/- single digit megahertz, or exactly how quickly upclocks/downclocks happen, or sub-1 FPS changes in edge case rendering or the like. But those could certainly leak bits that are unique to a specific chip, even between two devices that are "the same". Silicon fabrication is a probabilistic process, and bins are normally a matter of economics and performance not privacy.
Normally devs want everything running as fast as possible, and just leave it at that. But the more closely the software tracks the underlying hardware, the easier it would be to finger print too. And this is one area where iOS devices might well be at a disadvantage for a straight forward "best experience" implementation, precisely because they've put a lot of effort into minimizing things that can interfere with whatever is in the foreground.
I don't disagree that the relatively small (and undoubtedly skewed from the general population) size of the EFF's overall dataset is a limit for them, but "I have no idea but it seems fishy because my iPhone should be identical because I say so" isn't an analysis.
>My big question is how much resolution you can get out of things like canvas finger printing and WebGL (or even sheer JS speed). Those are places where the analog reality underlying everything we develop on may peek through unless explicit (and inherently performance reducing) measures are taken.
I'm not sure how the "analog reality" applies here. The CPUs and GPUs generate discrete results, and behave identically two other chips of the same model. You talked about variations in performance, but is there evidence that apple does this with iphones? They could very well running them at lower clocks than what they're capable of, ie. the chips come out of the fab being able to run at 1.6-1.8ghz, but apple runs all of them at 1.6ghz. Finally, even if the performance variation is there, the difference will have to be big enough that it doesn't get drowned out in the noise or other environmental variations. A phone that has been in a pocket would perform worse than one that's been sitting on a desk, because it's probably 10 degrees warmer, which means 10 less degrees of thermal headroom.
>I don't disagree that the relatively small (and undoubtedly skewed from the general population) size of the EFF's overall dataset is a limit for them, but "I have no idea but it seems fishy because my iPhone should be identical because I say so" isn't an analysis.
But the eff site tells you exactly what they're fingerprinting, and they're not fingerprinting performance. What you described might be possible, but is irrelevant to the discussion.
It's funny how a form on a Mozilla website asking you to add your voice to the chorus pushing Apple to move forward with the IDFA privacy changes has a form that asks for your first name, last name, email address, and country. None of which are optional...
Apple is the best huge corporation when it comes to protecting user rights. I would have gone “all in Linux and alternative phones” if not for Apple’s current policies.
They would lose me as a customer if they change, but I don’t expect them to do that.
Perhaps a content blocker decided to hide it for you? I see a visible, default-unchecked checkbox with the label “I want to receive email updates about Mozilla’s campaigns”, directly above the “Add My Name” button.
I don't want to own hardware and OS I don't like, even if I can control it fully.
I'd rather have hardware and OS I like, even if I can't control some aspects of it.
Of course a hardware/OS I like and which I control fully would be the holy grail (if the tradeoffs involved, e.g. it being FOSS, and thus underfunded for example, allowed for such a thing). Absent that, somewhere in between there is a nice balance for each person/business case.
This reasoning is just funny. You put your servers on the cloud because you do not want to be bothered with owning and maintaining them and next day you tell people to own and control their devices.
Guess what, many have more interesting stuff to do than tracking updates and tweaking configs.
I don't even see the issue of preventing third-party apps from tracking you addressed on that page, and that is exactly my worry with these kinds of projects: It is not clear to me that they even know what the threat model is. They do not seem to focus at all on the largest issues facing modern phone app ecosystems.
The threat model is the same as in GNU/Linux desktop I would say. It's probably less secure than Android (ignoring its proprietary bits), but is' improving.
Concerning privacy, it's the opposite. Android sells all your data, so there is just no privacy there at all. iOS sends at least some data to Apple, so it's better but far from perfect. GNU/Linux collects no data, so it's as good privacy as you can get.
It's different in terms of security, but for most people security of GNU/Linux is sufficient given it's all FLOSS.
By far the biggest exposure you have is NOT from your OS, it is from third-party apps running on it. That is the real risk, and that is the gigantic blind spot open source projects like this have.
They are just not addressing the real problem at all, and they are doing nothing whatsoever to protect you from the real risk.
What you say is true, but in PureOS you only have FLOSS apps in the app store, which hardly will spy on you. If you install spying apps, this is a different problem, not yet solved apart from virtualization.
Also, when the OS spies on you, it's definitely a problem.
Putting aside the fact that simply being open source does not ensure anyone actually audits the source (in fact, most open source is largely unaudited by anyone but the developers themselves), of course limiting yourself to using only a tiny amount of software can make you more safe. But that is not really a reasonable solution to anything. Going down that route, you might as well not use a phone or a computer at all, and be perfectly protected.
People WANT to use software, and the software they want to use will never be available as pure, audited FLOSS. Instead, we need to have ways to let user use software from less trusted sources while still working hard to protect them from it.
Apple does this. They put in tons of effort to give you a way to run untrusted software while retaining some amount of trust that it can't go too far in endangering you.
I find it massively frustrating that these FLOSS projects will not do the same. They will just not even try to protect you.
> Putting aside the fact that simply being open source does not ensure anyone actually audits the source
There is no guarantee, but try to find Android-style malware in F-Droid or in GNU/Linux repositories.
> of course limiting yourself to using only a tiny amount of software can make you more safe. But that is not really a reasonable solution to anything.
This is not the goal here. The goal is switch to FLOSS wherever possible and expand FLOSS alternatives. It starts from a small number of apps, but currently F-Droid has most of what you need already. So I don't see this a a problem, except for very specific needs (or if you are into Facebook and co).
> I find it massively frustrating that these FLOSS projects will not do the same. They will just not even try to protect you.
First of all, anbox is already a thing, and it can definitely sandbox your apps. Second, GNU/Linux phones are just at the beginning and they are already far ahead of the first Apple or Android phones. Expect a revolution there...
> There is no guarantee, but try to find Android-style malware in F-Droid or in GNU/Linux repositories.
The by far biggest reason you won't find it is nobody uses it, so there is no incentive to try. These operations require large audiences to be worth trying.
> Expect a revolution there...
I don't. Because, once again, nobody is even acknowledging what the real problem is. People are patting themselves on the back for doing things that do not really matter, while leaving the barn door wide open for attacks that only do not happen because they are not worth it. I'm not seeing any sign of this changing.
I genuine question I don’t know the answer to, what’s better, seeing completely random ads that are questionably relevant, and wasting my attention and time (and meaning specialized small businesses can’t compete, ads are for things like detergent that everyone needs), or seeing ads that I might actually be interested at some point (some cool gadget that actually could be relevant to my life, sold by a specialist small manufacturer).
I don’t know the answer.
But Apple is picking for me, that’s for sure.
Edit: good replies, fair point on the choice, from a personal perspective. We all know though that 90% will opt out or more. Without knowing they are making this very choice.
You missed out the third option, which is ads relevent to the content they’re embedded in. This metaphor worked from 300 years ago through to 15 years ago with no problems.
I think this is an interesting option. However, people who write newspaper articles, etc.. still need to get paid. I think we all say "I'd like to be able to pay just for the articles I want to read", but just like a la carte TV, I think we'd find out that is much more expensive than we know.
My theory is that, collectively, our privacy and attention is worth far more to other people that to us. Making up numbers, a company may pay $1 to show a targeted ad to you while you are reading an article. But there is no way that you'd ever pay $1 to read that article. And, furthermore, you probably see viewing that ad as a minor annoyance, not $1 worth of value.
I think if most folks had to replace ad money out of their own pocket in order to consume the content they like, they'd never do it.
people who write newspaper articles, etc.. still need to get paid
They sure do. But seeing the majority out there does want to see ads or doesn't care about seing them, it's not like they won't get paid at all.
And indeed that majority won't pay for content but there are others who do, and it's not impossible to make a living out of it: there are proper independent online-only news channels out there with no ads and paid by their subscribers (plus a bunch of government subsidies usually).
just like a la carte TV, I think we'd find out that is much more expensive than we know.
Assuming you mean Netflix and the likes: that is actually way cheaper now than what 'a la carte' used to be for me. 20 years ago when I wanted to choose what I looked at on a screen, I'd be looking at DVD rental because there wasn't much of an alternative here. Or maybe even not an alternative at all, don't remember exactly, but there was just cable TV and apart from standard channels you could get some extra (a porn channel, a sports channel), but that's still not 'a la carte'. Anyway: I easily paid twice what Netflix costs me now per month, every week.
I think they literally mean a la carte TV, like paying for the Showtime package, the sports package, the premium sports package, etc. on top of your subscription, or paying to watch a movie on Prime
I've succumbed a while ago and started using Youtube Premium. Yesterday, when youtube was only working when you were logged out I, seeing an ad was jarring experience.
> Now, with the option to opt-out of tracking at the point-of-use, consumers won’t have to sift through their phone’s settings to protect their privacy.
On most devices these settings are buried so deep that almost no one knows that they exist. Android used to go as far as only allow you to _reset_ your token, instead of removing it completely, IIRC.
> We all know though that 90% will opt out or more. Without knowing they are making this very choice.
This doesn’t make sense. We’re going from a situation where users are completely blind to what’s going on, to one where they are informed and given a choice - and your framing is that somehow, this makes them less informed?
If what you describe could be achieved in a privacy respecting fashion and on device (using opt-in instead of opt-out) why not (for instance let the server send 50 add propositions with a one time token and ip obfuscation and let the on device IA choose).
What actually happen is that I got vaccum cleaner adds all over youtube & friend for weeks AFTER I ordered one online from a (so far) trusted brick and mortar shop.
This is both creepily invasive and very inefficient targeted add.
You don’t collect vacuum cleaners? That’s funny, I don’t collect headphones but get put in the “suspected headphone collector” bin every couple years or so when I buy a pair.
Relevant ads are obviously better than irrelevant ads. But that's not the point here.
What this is about is that the advertisers collect your habits and build a profile based on your behaviour which can be sold to further third parties, among which can be banks, government institutions... which can consequently affect your life.
> Now, with the option to opt-out of tracking at the point-of-use, consumers won’t have to sift through their phone’s settings to protect their privacy.
> Apple plans to improve privacy on iPhone, but it’s already pushed back the implementation. We need a massive outpouring of support for Apple’s decision to help strengthen its resolve to protect consumer privacy. Tell Apple: I support your efforts to defend our privacy, and encourage you to implement the IDFA changes as soon as possible.
Does anyone actually think that Apple cares at all about the few thousand people that leave their name here? Did the people writing this article think that?
Apple probably doesn’t care, but this is necessary to change the press landscape. Right now the narrative is Apple is doing things to hurt Facebook - a million people signing this will change that narrative.
I don’t know…the optics of this make it look like a mildly pathetic beg for Apple to not back down on their anti-tracking efforts. I’m not sure Mozilla wants to look like that…
Now that the third-party tracking ecosystem is slowly drying out I'm curious what advertisers will come up with to circumvent these new measures. Anyone here that works in the industry and wants to share some plans?