I think this speaks to the power of defaults. 96% of users have not turned this on because they didn't even know that its disabled, and when an app asks you if they can track you, the response is going to be a strong no. The reality is that FB's entire business model has been predicated on the default being that tracking is allowed.
If this holds, this will be cataclysmic for FB. You can't have a huge portion of your wealthy user base just disappear and expect advertisers to keep paying what they were paying previously.
BTW, this is also why the covid exposure notification apps failed miserably. They should have always been opt-out.
Even more, it speaks to the power of removing choice. When app tracking is enabled by default it effectively removes choice because most users never touch settings (and may not even know they exist). Therefore users are not choosing anything. Someone else is choosing for them. "Tech" company employees will respond to criticism of their employer's behaviour with something like: "But users can choose to turn this off." That is not relevant if 96% are unaware of this "choice". The question is: why is tracking on by default. That was a choice the user did not make.
Only when faced with a screen asking the user if she chooses to be tracked do we get a chance to find out what a user would choose. And even then, developers will use "dark patterns" to manipulate the decision-making process toward a self-serving outcome.
Perhaps we should ask ourselves whether there should even be a setting to enable tracking. If the majority of users would choose to turn it off, if they were presented with the choice, then why even have it. This is essentially "privacy by design".
This is no different than when developers argue to HN that it is not worth catering to the preferences of privacy-conscious or minimalist users since those users comprise such a small percentage of users overall. By the same token, it should not worth catering to the small percentange of users who want to be tracked.
Depends on the tracking, IMO. Selling data to advertisers is a hard no, but as an independent developer, having access to crash logs and usage statistics is vital. Not only is it valuable to me, it provides legitimate value to my customers because it allows me to fix problems that they are experiencing or enhance the features they use the most.
Still shouldn't be on by default, but asking up-front seems perfectly reasonable.
I feel like this isn’t respecting your user’s time. I’ve converted to opting out of relationships like this where possible; it’s not healthy. I wouldn’t enter a personal relationship on these grounds, I don’t know why I’d do it for some company.
A service provider makes one decision and it impacts N users. A user consumes from M service providers. A user evaluating whether a service provider is trying to “pull one over” on them in the TOS costs M units of time, 1 unit per service provider. A service provider deciding to choose the cow path as the default saves N units of time and costs the service provider 1 unit.
I engage with service providers that respect my time. If I suspect your default is user hostile, and provide a “we won’t exploit you in this relationship” as an option, I look elsewhere.
This breaks down in places though. Example: I haven’t found a communication provider that doesn’t default to building a profile on me and selling it to anyone willing to pay.
The lack of choice for me makes me wish a governing body would intervene and give me a marketplace where I didn’t have to waste my valuable time making sure the person I was engaging with wasn’t going to pull one over on me.
I've seen all sorts of solutions put together by municipalities big and small from counties to states to countries and everything in between during this whole Covid thing and the thing that struck me is how easy it was for them to essentially track you with perfect precision and tie it back to a phone number.
> Except it wasn’t hastily built
They were built very hastily with little oversight with iterative beta cycles in plain sight.
> nefarious way that you’re implying
I didn't imply any nefarious intent what so over. All I implied is that your location data is being tracked and put into some database somewhere and you don't control it.
Who has this data? No idea.
How will it be used a year from now? 10 years from now? No idea.
Does it draw more energy on my device or use more processing power? No idea.
When you say Apple or Google installed, I assume you’re talking about exposure notifications that they built. I work at Apple and witnessed it. Nothing about it was slapdash and privacy was #1.
In this system, it’s not easy at all for government agencies to track you. That was very explicitly part of the design, as is shown in all the public docs. It’s not like how it works is a secret [1].
Your location isn’t being tracked and put into a database. Nothing about exposure notifications uses location.
I honestly just don't believe that it can work well enough in some places. Especially here in Hawaii where gatherings are on a beach and people leave their cellphones in their car or backpacks or whatever. I was even recently at a camp where people were sharing a blunt and there wasn't a single phone in sight cause it was out of signal range. Could have easily been a super spreader event and the tech solution would have failed.
What are you even trying to draw attention to here? This appears to be using the EN framework, which suggests it wouldn't have been approved for distribution if it collected any personal data or location information.
I get that you have an axe to grind here for some reason but I'm not even sure what point you're trying to make.
Exactly. It's not like Exposure Notifications are meant to solve every single spreading case out there -- many people aren't even opting into it. But we need all the help we can get, so why not chip away at the problem?
I have no axe to grind at all. I'm just saying why I personally don't use it. I don't really have an opinion one way or the other. Please don't be so angry with me.
> All I implied is that your location data is being tracked and put into some database somewhere and you don't control it.
This is patently wrong. Exposure Notification apps (those using the official APIs, anyway) have no access to location APIs. The absolute worst they could possibly do is to log your IP address when you reach out for new data, but this is also true of every app you use, and every website you visit.
You don't really seem interested in understanding how they actually work, but if anyone else cares, https://ncase.me/contact-tracing/ is a pretty reasonable explanation.
It isn't fair to claim they were built with (1) no oversight, (2) hastily, and (3) out of plain view when you haven't even looked into how it works. AFAIK none of the implementations use location data.
There were many locations who built their own apps that did not follow this privacy model, or used it incorrectly, but for most cases "your location data being put into some database" is not accurate.
There is no amount of mental gymnastics you can do to turn “app that tracks when yours and other phones are together and does <something> about it” into something that is inside my moral boundaries.
Then I'd suggest you're not being reasonable at all, because the way it works is entirely consistent with a privacy-first methodology.
That <something> by the way is to take the database that's only on your phone (and never uploaded) and show only you an alert. That's it.
If this is immoral, but letting covid spread around the world and have people needlessly suffer because you refuse reasonable interventions, then I don't know what is moral.
You mentioned Apple & Google remotely installing something, so the only logical conclusion is that you're talking about Exposure Notifications (which btw are opt-in, not opt-out, so remotely installed is a mischaracterization here). If someone built their own solution and put it on the app store, then it doesn't really have much to do at all with Apple or Google outside of being distributed on their platforms, and certainly would never be remotely installed (at least on Apple platforms... I have no idea what Oppo might do in China for example, but whatever they'd be doing would likely be because some country law dictated it).
And that's really a shame. It has the power to make an even larger dent in the epidemic. This is the cult of ignorance at play, where mistrust of all institutions (heavily fueled by need to get clicks to serve ads) means we can't have nice things.
There's some truth in what you're saying, but mistrust of institutions is completely rational in light of history. Empirically, ignorance in this context would be unskeptically trusting institutions.
That it strays into the irrational at times is as human as the inevitable corruption that fuels the mistrust.
For someone without full knowledge of the technology to assume (in this case wrongly) there's a privacy issue is entirely practical. It's an assumption that will be correct far more than it won't.
People are responding to fear of past president. One could argue that it is highly unlikely that it will happen again. One could even PROVE that it is NOT happening again NOW - but you are still dealing with someone responding out of fear.
I feel like we are seeing the exact same phenomenon with (SOME) people who respond out of fear of catching the virus.
I would be really interested to learn more about why some people 1) are fearful of government tracking 2) are fearful of the virus 3) aren't fearful of either.
Personally I've watched my self move between all 3 over the past year - it has been a WILD ride
Yeah, that’s the claim, but it conveniently ignores all the metadata that ties a particular device to certain places/times/events based on the other rotating IDs they’ve seen. It’s like Nintendo 3DS StreetPass but bad.
You’re assumption about that and the full software implementation might be far apart. You can’t trust anybody with stuff like this as it will always be misused and abused until the perps are caught. The value of source code access is honesty.
If you have an iPhone and don’t trust Apple, you’re already compromised. Why would they wait for AirTags or Exposure Notifications to track your location when their entire OS is a black box?
The Canadian version of the app recently added “secure anonymous usage statistics”, which aren’t particularly anonymous (since all we have is their word that they don’t log your IP), and that aren’t particu secure (messages are encrypted with HTTPS but it’s not too difficult to infer the contents of the message based on their length). And, you can’t opt out of them.
I still have it on my phone (although at least within my house I’m blocking their metrics via pinhole) but I 100% understand why someone would not want it on their phone.
But the fact that they could be tracking which citizens have and have not been shown a "You have been exposed to Covid" alert, and there's no way to opt-out, is a little scary.
> What are you able to infer about the contents exactly?
Most days, you are not exposed to covid and you don't interact with the app. So most days, the app transmits a "background-check" event to the server. This means the contents of the message will be the exact same length every day.
As a passive listener, then, you can watch for days where the length of the message is abnormal, and then because there's only so many different kinds of messages that the app sends and they all have unique lengths, you can infer what metrics events must have been sent to the server based on the delta of the message lengths. You can figure out if a user has been shown a "You have been exposed to COVID" based purely on passive listening to traffic from the device.
but it could be used to essentially manipulate you to stay at home if someone went around town and then told the app that they have covid, which is nefarious enough
Except that’s not what the exposure notification APIs did at all. Location is never tracked or transmitted to anyone. What exactly would you have been concerned about?
It is literally impossible to submit any exposure alert without including location data, and then it can reasonably be assumed that all the matched bluetooth device IDs were within the same general vicinity as well. Have you ever used a GeoIP database?
Right away I notice the glaring omission of “the surveillance state” in the wording of certain sentences like “People who test positive are not identified to other users, Google or Apple“.
“With Bob’s consent, his phone uploads the last 14 days of keys for his broadcast beacons to the cloud”, also giving away his geolocation in the process. My read of the “doesn’t collect location data” is “doesn’t explicitly collect location data”, like just because it doesn’t send a field ‘geolocation’ they can technically say that and not be lying. You should check out one of my very favorite blog posts of all time: https://kieranhealy.org/blog/archives/2013/06/09/using-metad...
This is literally an open specification. There is no geolocation involved here. You're talking out of your ass. Don't you think if geolocation was tracked people would have kicked up about this? It collects randomised Bluetooth IDs, that is it.
It’s impossible to know what metadata is stored, so I have to assume all of it is. Really weird how many people in this community are willing to defend surveillance now. As a former NSA director said, they want to “collect it all”. Why would this be any different? The crux of the NSA story in one phrase: 'collect it all' | Glenn Greenwald | The Guardian https://www.theguardian.com/commentisfree/2013/jul/15/crux-n...
I'm extremely skeptical that a big chunk of people in such a highly online country just left their phones at home. Maybe some of the Hardeim but I would guess 95+% of people wouldn't do this.
Would you really bring your phone with you, when going out for a beer or coffee, even if it could easily result in you being forced to stay quarantined for 2 weeks?
Is your smartphone really that important to you?
Even though I have personally stayed socially distanced and worn a mask everywhere it was required, it makes perfect sense to me, after seeing how a lot of people have reacted to the pandemic, that a good portion of the population, would let their phone stay at home, so they would not risk a police enforced quarantine.
I do want to know whether I am exposed to COVId and get to be quarantined to not spread out the covid to others who I really take care of. Dont want to be a person that possibly make my family or friends sick.
Most people do. However, the precision of the Israeli system (Based IIUC on cell tower triangulation) was not good, meaning you'd have a nontrivial chance of getting randomly get flagged for 14 days quarantine (with legal consequences for not doing so); Some people were flagged multiple times within 3 months, and it's not entirely clear what the rate of FP was, but it was nontrivial.
I'm aware of quite a few people who selectively turned their phone off or left them at home in some circumstances, but I'm not aware of anyone who really gave up their phone use.
In israel, this was done centrally by cell tower triangulation rather than app/os, so no way to opt out even with dumb phones. However, reliability was not very good - e.g. people got notice that they must quarantine because a neighbour 2 floors up was positive, or because they stood outside a wall of a closed room where a positive person was on the other side of said wall. The appeal process was initially non-existent, then slow and cumbersome - so the risk of being "jailed" for 14 days due to false positive was small but serious.
I don't really get how trends like this one (and IMO that's just the tip of the ice berg – this is companies preparing for the inevitable legislation that will make most forms of tracking illegal within the next 10 years) don't affect facebook or google stock.
This IMO makes two scenarios likely:
1) The market is currently just dragging along, hoping this will all go away and we're really in a major ad-bubble that's about to pop.
2) Tracking... isn't that profitable after all. All the personalized tracking shit can be replaced with a simple "users who clicked on canon printer also clicked on cheap ink refill kits" type of model that gets the same results or better. Which also puts into question a lot of what FB and Google are actually doing.
'users who clicked on also clicked on' is at the core of a lot of the tracking Apple is banning in many cases. This is why Google is pushing FLOC and 'anonymous' cohorts in Chrome.
This happens on every single HN thread on this topic. I'm not a total expert but there is a lot of arm chairing that's wrong.
Tracking is profitable and more so than contextual for a lot of direct response in a lot of industries.
Not in all cases, e.g. usually not for brand advertising. But it works.
For my clients is the direct data I have - and we have extensively tried every single other option. FB is the only platform that delivers strong ROI and we use the targeting iOS blocks. And yes - it's always retorted - I know 100% the donations come from the ads, it's incredibly simple to track even as simple as making a new page or individual product only linked from that ad.
So far this change is definitely effecting our ads and FB seems pretty buggy with the new ads manager changes. But they 'always find a way.' But so far it's not as bad as I originally thought it would be.
Plus you can still upload offline conversion data. most purchases have full contact info. We'll see if Apple comes after that, but they would then have to go after the entire ecosystem including Visa.
Why would it affect Google's stock? Google has Android, and is pretty upfront about the fact that they're collecting literally everything you do on your phone. Android still has the largest installed user base, and is still feeding tons of info to FB.
FB's stock prices hasn't changed because we haven't seen if this really impacts revenue to FB. We know that banner ads are extremely ineffective. So if FB ads are still more effective than that, they will continue to capture the lion's share of ad revenue.
Not a huge fan of Google, but have to defend them here.
They have a pretty huge privacy section in android settings where you can see exactly what data they have on you and how to opt out and/or delete existing data.
When you set up android, it ask you if your want in or out. You can even set up a new android device without a Gmail account and disable all Google services including Gmail and search. I don't belive you can do this with iOS.
All those nice settings (for google and everyone else) are only for the minimum they are required by law. That means anything that they can claim to be "anonymized" is fair game and not visible to you in any way.
One thing I really do appreciate about Google products is that I'm able to fully disable personalization. My Youtube homepage is completely depersonalized, because I went through their privacy settings and switched off everything. I can't say whether or not Google is still secretly tracking me, but my biggest concern is actually that algorithmic recommendations put me in a filter bubble. Google lets me turn off the bubble.
Amazon, by contrast, does not let me depersonalize my recommendations. Neither does Netflix. There was a period of several years where I would periodically go through my Amazon history and manually mark everything as a gift. This worked for a time, but abruptly stopped one day. I assume Amazon decided I'd marked too many things as gifts and my selections should be ignored.
Google gives you the illusion. Ads are still targeted just fine.
Did you receive any ads in spanish or chinese recently? did you see any political ad to a party you vehemently oppose? All that is still decided by your profile and history. Just with hocus pocus anonymization on the front end.
So google is not that different from netflix and amazon. they just give you a blanket.
I wonder if we are not overestimating the value of tracking and underestimating the value that Google brings by forcing some "quality advertisement" from their clients.
Google still has search intent to provide most of the value without tracking anything and it's by far the most effective thing anyways. FB still has their internal profile data.
> All the personalized tracking shit can be replaced with a simple "users who clicked on canon printer also clicked on cheap ink refill kits" type of model
That was how it was done for a long time. Advanced tracking was just a way to try and keep increasing revenue.
Whether it worked or not, only the higher ups at these companies can tell... probably.
And as an advertiser, I confirm losing a lot of money trying to advertise, not seeing revenue. Choosing to advertise 25-34 males (in addition to being the definition of sexism/ageism) who type “Jira time tracking” (because “Jira” keyword is reserved anyway) is useless. I want to put an ad on websites that talk about Jira. And that requires no tracking at all.
It's only a big issue if you try to advertise a specific item on a generic platform; but if you can target websites that cater to your specific business, you really don't need anything more. Of course it means ad networks lose out since they can't just target specific people, they have to only target specific websites or apps.
Personally in the old days of newspaper ad's, I always wondered what the point was of anything smaller than a whole page; what is the point of a 1x1 inch ad in the midst of 200 others. Even today I ignore 99% of what's on the page other than the content.
Point of those ads generally is that people were looking intentionally at them for a plumber, sparkie, piano tuner, gramophone polisher, used tap shoes or what ever else newspapers used to advertise.
In fact many people only bought the paper on ad day.
Because while FB definitely doesn't like that this is happening, it will certainly cement their position. 3rd party ad services that are less tech/ML-forward are way way more reliant on the ID tracking than Facebook is, and this actually will probably cement them as the only game in town. This is a very complicated situation.
I'll give my perspective which I think is very different than the rest of the HN crowd here in the comments. I think this mainly stems from the fact that I'm probably much younger than a lot of the folks here. I do a lot of random shopping online...
I opted into the FB tracking when I got the popup yesterday because I do FB/IG a lot and I click on interesting ads. Honestly, I tend to buy quite a bit from the ads that I see because they genuinely interest me, and a lot of them are from smaller businesses that I want to try out. If I see ads on FB/IG, at least I want them to be relevant to me rather than be generic.
Im not sure why this is cataclysmic for FB - they’re mostly a first party advertiser. App tracking transparency doesn’t prevent Facebook from running ads on their own apps and using SkAdNetwork to track conversions (which works even if the user opts out).
Granted the fidelity and latency of SkAdNetwork is a concern but hardly enough to materially impact the bottom line.
While Apple and it's ad business will be the biggest beneficiaries, it will not be a surprise if Google and FB also partially benefit. The clear losers will be all the smaller players.
> BTW, this is also why the covid exposure notification apps failed miserably. They should have always been opt-out.
Absolutely not. Using defaults because you know most people wont' change them to achieve a specific outcome that you, the default setter want, is exactly the same evil. Just because you're doing it for "good" doesn't justify it.
LOL. OK. How many lives could’ve been saved if everyone had Covid exposure notifications enabled during the pandemic? The answer is most certainly not zero. Maybe it’s hundreds or thousands.
How is going to be 'cataclysmic' for FB? They can still serve up ads. The ads won't be as targeted as before, but they still have billions of users. Advertisers will spend money on the platform. Perhaps they'll have to spend more since they can't fine-tune the ads as much.
I don’t understand being strongly against one type of default tracking but strongly for another. Tracking is tracking as far as I’m concerned and I’m against all of it.
In the old Internet Explorer monopoly situation, Microsoft was forced to prompt the user which browser to use on first startup.
It was not an option of choosing an alternative from the default, the order was random. Same for the default search engine.
If this was setup in the same way i wonder what the ratio would be. With that i mean a fair yes/no choice, not the GDPR-joke where accept is a big green button and reject is hidden in confusing fine print 3 sub-pages deep.
Based on Apple’s job postings I’m beginning to suspect their stance on ads and tracking was nothing more than a clever ruse to weaken competitors while they build their own a personalized ad business for iOS:
They also just hired Facebook’s first ads targeting product manager to work for their ad platform. I don’t think Apple ads won’t be limited to the App Store within a couple years.
It's never been a matter of ads, it's always been about tracking. Ads just happen to be the vector in which tracking is default included, as is well, other tracking scripts around the web and via mobile SDKs.
What Apple's doing here is trying to undercut in a serious way the ability for everyone to be able to do the kind of granular tracking we have today all over the place.
I'm not shocked they're building / expanding an ads division. The real key is this: will their ads be served up with the kind of granular, identifiable tracking we have today? My gut feeling is no, it won't be[0]
[0]: As an aside, I want to note the following:
When I say tracking or speak of it in this context, I do not mean simple metrics, like how many page views did this get compared to Ad B? That is the kind of, well, tracking, that can be done in a way that isn't privacy invasive (and should never be invasive), akin to A/B testing. Technically, error logs are a form of tracking, if we want to be pedantic. Instead, I to point out that I'm talking about granular tracking data that can be used to identify a person or granular set of data that can sort people into unique groups that then make it easy to identify them. The real quandary here of course, is that in some cases Facebook, Amazon, Google and others have enough data to actually be able to say oh hey, this is no_wizard, not some other person. Thats a huge part of this problem, however, its also not always the case that they can harvest enough data to be able to do that. The other, often overlooked issue by many (particularly those that don't follow this sort of thing. Not likely your average HN reader but probably most people you know, is that they also have the heustristic data that confidently sort people into little groups, and they are constantly continuing this narrowing. So instead of saying hey, this is no_wizard they can say, well, looks like someone who identifies as no_wizard believes in these causes, has these purchasing habits, and has seen these ads, along with x people from Y area, lets put them in Z group
I know people get upset (ever so rightly) about being personally tracked, but both issues need to be systemically addressed. Its not about ads, its about what ads became, and through that we now have this kind of detailed tracking all over the place, from mobile SDKs to CLIs to most popular websites.
I would welcome an Apple Ads platform that went against all this and could prove it
I would even go further and say that Apple doesn't care about anything other than making money by making good products. As more and more people begin to be concerned about privacy, Apple takes steps to try to reassure them that the phone is still a safe platform in which they can store private information such as photos, personal messages, address books, banking information, etc. Neither does Apple want a lot of annoying requests for tracking from interfering with their UI. For them, it is all about improving the experience of using the phone, nothing more.
But there is no core value that is anti-tracking or anti-ad, and all of these policies can be reversed the moment they no longer post a threat to people's enjoyment of Apple products.
I don't think Apple's "pro-privacy" stance is solely about improving the experience about using their products. They're certainly very aware a focus on privacy and security makes a great product differentiator for them, but from all appearances, it's not just fluff when Apple executives say they believe privacy is a fundamental right. I'm not intending to be Pollyannaish about Apple specifically, either; I think most companies have some set of core values distinct from profit-seeking, and will try and stick by them as long as (a) the profit-seeking and the values don't come into serious conflict, and (b) the executives at the top continue to believe in those values.
So I don't think those policies are in danger of being reversed based on "threat to enjoyment"; I think they're more in danger of being reversed based on "measurable threat to profit" somewhere down the road -- but probably most in danger of being reversed, long-term, by executive shuffle.
Why would you enable it? What possible benefit is there in doing so?
The ads won't get better regardless of the data they have on you. They aren't exactly using ML or AI to help you get better ads. Its really just boring data queries in SQL or some graph language. That's the sum total of most advertising intelligence. Its not 21st century high tech. Its mostly relational databases with some NoSQL to make that table linking faster and cached. In cases where they do actually bring out that NoSQL it is to reimplement all the relational smarts just with extra steps. Then its at least shiny and cool.
The whole thing is really just about storing and gathering a profile on you as part of them building an asset they can later resell. Creepy technology for creepy uses. An asset full of subtle errors about you that can likely never be seen or fixed. Much later they will invariably then leave all or some of it on a usb stick or some poorly protected cloud server. After that your details will end up in the hands of some scammer or other miscreant to enable them to send you endless emails full of typos, lies, emojis and if you're exceptionally average like the rest of us: an interesting tale about long lost nigerian princes just needing a bank account. If you're lucky.
So, yeah, leave it disabled. There's really no point in doing otherwise.
While "better ads" could be construed as a benefit for users, the other two reasons seem like an attempt to scare/guilt the user into enabling tracking. Of course, it's just a bunch of bullshit they had the marketing department come up with so they could continue to profit from tracking at least a small percentage of iOS users. Businesses don't need to rely on Facebook's invasive tracking to sell products. Don't let Facebook guilt you into giving up your personal data.
I used to write ad targeting algorithms. There are tons of adtech companies that claim to use AI to "find the right audience" for a given client's ads. Some of them actually do it. I only had one project at that job that was complicated enough to justify using a neural network. The VAST majority of targeting really is just a SQL lookup.
That's great for the 4% who want this. However, it might be a bit more user friendly to default to the no tracking option (due to the overwhelming support for that option,) and allow users who want tracking turned on to manually enable it in the settings.
However... I'm not sure how the discussion about the technology behind ad targeting is relevant to the end user. The point is that it -works- and that the ads shown to the user are indeed more likely to pique their interests. As an end user, I don't -care- whether the backend is using AI/ML or a relational database—I care that by enabling tracking, I get more relevant ads.
That's not quite right. If you turn it off apps may still be able to track you nefariously but they'll be violating Apple's policies.
Apple's explanation for wording it this way is that it's impossible to block all tracking through technical means at the system level because there will always be new nefarious tricks that malicious people will try to use against you. They can only do it at the policy level and try to punish bad actors.
But that’s a very different question. If you say yes, you get lots of pop ups from apps asking to track, and if you say no, they track you without asking.
It turns off the ask, so the way it works is you need to ask and then you need to wait for a response and if that response is "Yes" they can then begin tracking. In any other case/situation you are not able to.
So if you don't want this asking you everytime you open any app (based on my experience it happens frequently) you can turn it off.
It would ask once per app, per install. This global setting just auto denies it for every that asks, and I'm pretty sure ( but haven't tested ) retroactively denies any app you had previously said yes to.
Source: I'm a newly role changed iOS developer at my job.
From a Wall Street Journal interview with Apple's Craig Federighi:
WSJ: "Why the verbiage 'Ask Not to Track'? Why not just 'Do Not Track'?"
Federighi: "There are other techniques that developers over time have developed, like fingerprinting, which is a bit of a cat and mouse game around other ways that an app might scheme to create a tracking identifier. And it's a policy issue for us to say 'you must not do that'. And so, we can't ensure at the system level that they're not tracking, [but] we can do so at a policy level."
Agree that it seems weird, and that it doesn't align with their other permissions wording: "always allow without prompting", "allow each app to ask once", "always deny without prompting".
I'm very curious how this works, so this is from a report [0] from Flurry Analytics, "owned by Verizon Media, is used in over 1 million mobile applications, providing aggregated insights across 2 billion mobile devices per month"
How is Flurry Analytics measuring app tracking on iOS devices? Are they just reporting how much they themselves are being disabled?
I’ve seen quite a few reports from different providers in the last couple of weeks and suspect the _real_ average of opt-ins is considerably higher.
I’m hoping to see some numbers from Apple at WWDC, which I expect would be in the 30-50% opt-in. Why? Because some apps (like Facebook) make it seem like it’s mandatory to opt-in. And I believe that if you opt-in for Facebook you’re more inclined to just hit that same button for every app…
But… I don’t think that popup was designed to get the HN folk to opt in but rather those that use Facebook (and Instagram, which has the same language) to communicate actively.
It’s really the pre-prompt I’m referring to here, which, as one of its bullet points for why you should opt in, says it helps keep Facebook free.
That’s a big statement to drop in a tiny bullet point, which makes me feel like they thought about it a lot. Meaning, it’s very targeted.
Flurry provides an analytics library to app makers that gets compiled into their applications and then reports back. Flurry compiles data from all users and apps and gets a global portrait.
The setting controls whether Flurry can retrieve the advertising id (IDFA) which allows for cross-app identification. Without that, Flurry can still count devices using an app, but cannot identify if they are the same across apps. So they can easily sample what portion of an apps users allow access to the IDFA.
I'm curious about the 4% of users who enabled it. Did they get tricked into doing so? Was it an accident? Or do some people out there really genuinely want to be tracked?
Probably people working in the ads industry or facebook or amazon... makes quite a lot of people!
Joke aside, I believe most people don't understand what this iOS popup wants from them: for most average users, it's another annoying popup that their device shows them and they don't really know what it means or what option they should choose (like the location ones, networking ones, bluetooth, ...). It happens a lot with the older generation, but even as a tech person I sometimes just don't know what is the right choice.
So it's so easy for someone to choose the "wrong" option, when it's presented with too few information or at a wrong time, like refusing the location service and then Waze doesn't work, because they just don't know they have to allow it.
I believe these choices should be handled by Apple through the store and not by the users: if the app is doing something shady with ads or location, the app should be disabled before it reaches the user's device; the user shouldn't have to "know" those things, the user has no way to check or validate that the usage is legitimate.
The user most definitively has to know these things. Your argument is a race to the bottom I think.
We will end up with devices where the user has to know nothing, cannot do anything and is lazy and easily led.
Just as moving yourself around on a bike is healthier than planting your ass in your car, so is thinking for yourself and _once_ in your life taking the time to figure out what that whole location sharing thing actually means.
Virtually every major consumer-targeted appliance or online service these days is like you describe.
It's a side effect of eliminating friction when interacting with the product. Having to stop and read manuals or reflect or such is a big no-no and interferes with "engagement".
And it's wildly successful and common to cater to and foster intellectual laziness instead of, say, furthering education or individual mündigkeit.
Also, what rock do you live under? I want to join you.
Or, maybe all these “lazy normies” are just busy with things like friends, family, work and their community...so they don’t really care if X company is able to do better ad targeting.
But sure, you guys have fun living under your rock and being super educated on the nuances of mobile ad targeting technology. The rest of us idiots will waste our time doing intellectually lazy things like spending time with our kids and living in the real world.
Not to be too offensive, but it _is_ lazy no? This stuff is important! I feel like it's (and has been for a while) going wrong. I know user education it mostly a pipe dream. But it's all I can think of.
The iPhone is probably relatively free compared to the streamlined hassle-free applications and devices of the future. And all the while polarization in all our societies grows, until my government too has no option but to lock it down and forge social cohesion through state-sponsored psy-ops and information-ops. We'll be well on our way to a 1984 dystopia then.
---
And please, it's not like there's not time for a normal life. See my comment about my family member below. Maybe if tech people would just refuse to fix the internet, more people would understand how it works.
I get your point as a tech person, but really, have you ever had this issue with your parents and iOS devices these days? I mean even most 30-something people don't know what those choices are about, that Whatsapp is worse than Signal...
Maybe there should be something like a "root" or "developer" setting that can be enabled for advanced users, but for the average person the default for all this must be the best possible option already and they don't need to worry about it.
I mean sure IOS is hassle free and all that, but on IOS you're also a computational serf, computing at the whims of your apple overlords.
I've thought one member of my family to setup their own wireless access point. And they can reliably solve most 'the internet does not work' problems on their own now. This member used to confuse the explorer.exe window with a picture of an explorer.exe window in internet explorer, with predictable results (at the time)...
I'd rather live in the latter world than the former, time will tell if more people agree with me.
> I believe these choices should be handled by Apple through the store and not by the users: if the app is doing something shady with ads or location, the app should be disabled before it reaches the user's device; the user shouldn't have to "know" those things, the user has no way to check…
They do screen out nefarious tracking to the extent that they can detect it.
This choice is about consensual tracking.
I think users ultimately do have to know something about these things.
I mean, if you accidentally choose the wrong option you can just go fix it in settings. I do this all the time when downloading new apps, my default is declining everything and then something usually breaks (like location on Waze) and then I go fix it.
Incredibly mild inconvenience for the benefit of having the default option be not tracking me unless I specifically allow it.
You and I can find probably the option, but I have had enough experience with people who have something broken and don't have a clue why or what to do. We are used to go through menus, system Settings, commandline options, ... but that's really only us, tech people on hn.
If you present two buttons, one being "Give me $10" and the other being "Debit me $10", you'll probably get 3% pressing the debit button. Especially on a mobile device.
I saw an app prefix the prompt to allow tracking with a similar-looking pop-up that said something like "please press allow on this next step ...". That pop-up only had one button, saying "Allow", then the actual pop-up asking to allow tracking came up after that.
What happened to the days when you could be asked about your interests and you would get ads based on that, rather than voyeuristically watching your every move to predict what your next fix will be?
My attitude here is that they are welcome to target me based on the data I submitted to facebook directly and my interactions with facebook's website. Are the things I Like and the people I interact with really insufficient to create a profile for me? What I do on websites that are not facebook is none of facebook's concern, which is why I have been taking care to block those 'like' buttons that snoop on you all over the net.
Some folks I've talked to about ad tracking things (unrelated to ATT, specifically) prefer to see targeted ads. Most people (in the US) will knee-jerk refuse, which the data indicates (so far as it's accurate data). However, enough people don't mind.
Another thing to keep in mind is how often these will be seen. Right now ~10K apps ask (or, try to ask).
So the odds of seeing the prompt in the wild aren’t too high unless you’re a Facebook user.
But as more apps show the prompt and it’ll become very common all you need is to agree once and you’ll then be more likely to opt in more than opt out, in my opinion.
I expect that 10k to 10x before the end of the year. Even then, 100k apps out of ~2M isn’t all that many, so it might take a long time for advertisers to regain the kind of access they had pre ATT.
10k out of 2M isn't a good metric, because there will be a long tail of niche, unpopular clone (AKA a student's first to do list app), shovelware or spyware apps that most people will never encounter. If the list of apps is sorted by users, I'm sure the top 50 will have a massive reach.
ESPN, Hulu and Cruncyroll issue thepop up. Consider the reach of those 3 apps alone compared to the bottom 500k.
Yes, 10K isn’t a lot, and the big apps are included in the 10K.
But… companies like Google Need as many apps as possible to funnel data to them so they can profile _everyone_, and they do that with their “free” services like Firebase (aka Google Analytics), in addition to ads.
To Firebase it’s all about scale (aka visibility) and not specific groups.
I've seen a lot of people confused by this, so I figured I'd clear it up:
"App tracking" here means reading your device ID, called the 'Identity For Advertisers' (IDFA for short). They do this so that they can cross reference that IDFA with data that other apps have collected on that same IDFA, allowing them to connect the dots that it's the same user.
This app tracking transparency feature makes it so that they can't access your IDFA, and can only show you ads based on info you provide within their own app, not from the other apps you use. It keeps your data silo-ed to each app.
This is where the whole "I looked up nike shoes on Amazon and now I'm getting nike shoe ads on Facebook" comes from. Without the IDFA, Facebook has no way of knowing what you looked up on Amazon, only what you look up on Facebook.
Facebook and Amazon can both track you individually and correlate accounts because you need an account under your real name to use the service. They can just choose to share this information with each other. This only prevents services from using IDFA to correlate pseudonymous accounts or across services that don't require accounts at all.
I especially don't understand the complaint from Facebook with reference to the four plus apps they have where users may very well just use the same account. As it stands, they've been wildly inconsistent about this. Here is Mark Zuckerberg only six weeks ago claiming this change would be good for Facebook: https://arstechnica.com/gadgets/2021/03/as-apple-app-trackin...
> This is where the whole "I looked up nike shoes on Amazon and now I'm getting nike shoe ads on Facebook" comes from. Without the IDFA, Facebook has no way of knowing what you looked up on Amazon, only what you look up on Facebook.
That's not really true, as far as I know. FB provide a feature called custom audiences, which can take a set of emails and match them to FB users. Amazon could easily upload this list and use it to target on FB.
Apple can't really prevent advertisers/platforms from sharing information from other sources. What they can stop is apps using IDFA as a primary key for a particular Apple user, and that's what they appear to have done.
>This is where the whole "I looked up nike shoes on Amazon and now I'm getting nike shoe ads on Facebook" comes from. Without the IDFA, Facebook has no way of knowing what you looked up on Amazon, only what you look up on Facebook.
Can this really be true? Wouldn't the conclusion be "Facebook can no longer rely on the IDFA for this information, but can probably gather it by a different ID shared between both Amazon and Facebook?"
I expected the number to be something astonishingly high based on FB's PR blitz over the past nine months. With their limitless resources, I'm sure they focus grouped and user tested this scenario to death before concluding that apocalypse was nigh. Rock on, Apple.
What a surprise. If I tell people going to the store that they choose to pay for the products, or not, a lot of people will choose not to. Who would guess that people like free stuff?
Apple is disrupting whole economy for apps. It’s a very broken economy, with lots of questionable practices, that’s for sure. But we’ll see if it’ll be net benefit for customers. For sure for Apple, as more apps will have to move to be paid, and give Apple their 30% cut.
At the end of the day, nothing is free. It's just a different payment scheme and Apple is killing that scheme. We don't even pay through our privacy or attention span. These are simply wasted in the process of offloading the payment to a different payment processor.
The game is not free, it just collects the payments through the candy shop. The offsetting of the payment includes you stop playing and looking at candy images and initiating the process itself requires us writing off our privacy so that the candy image guys can try to guess which candy we might like more.
What if everything is paid directly? Yes, there's Apple's %30 cut but there's also Google's cut and Facebook's cut in advertisement(which is not transparent and I hear that it's about %50).
Besides, huge resources are spent in running the system that tries to guess who would prefer to buy what. It comes at the cost of computational and human resources too, not just the privacy. That cost must be incorporated to the product price.
Is finding the product you look for through WOM, lists and publications that inefficient? Is it really impossible to find your customers organically? Do we really need the customer/product matching in exchange of money?
Do we really need an incredibly inefficient centralised communist system(the big agencies like FB) where the party members(the technicians in these companies) need to track everyone(the spying required to make the system possible) so that we can have free games and apps(which are not free but paid from the communal money that the central organisation collects from you)?
> also Google's cut and Facebook's cut in advertisement(which is not transparent and I hear that it's about %50).
In general, neither Google nor FB take a "cut" in the traditional sense from their advertising. What (normally) happens is that advertiser bids their "true value" (i.e expected LTV), and a second price auction is run. In this kind of auction, the winner pays the price that the runner-up was willing to spend.
This differs massively from the pre-internet ad business (radio, tv, print etc), in that they would normally quote $X, but up to $X/10 was the minimum price, but the rest was built in as margin for people further up the chain (sales, agency etc).
One of the big problems that the ad agencies are having now is that their business model relied on arbitraging the price of the client vs the cost of the service, and this doesn't work for Google or Facebook.
That being said, both Goog and FB make insane amounts of money, but that's because the ads are essentially free to deliver (in fact, the users pay to render the ads themselves), and they have huge amounts of users to serve ads to.
Citation needed. Somehow there was an app economy before the rise of massive data aggregation.
It's going to slightly impact the people profiting from the mass surveillance economy until they figure out how to get around it. This does nothing to impact the vast input feeds of location and traffic data from mobile carriers and ISPs, transaction data from purchases, etc. It basically forces those wanting to market to customers using Apple devices to remove the cameras from their customers' bathrooms and figure out another way to discover they are out of toilet paper. The pissing and moaning is because the industry basically was able to use the laziest possible implementation to get this information, now they will have to do a little more work.
It's probably gonna put a bunch of mobile game studios out of business. It was a tough business anyway, but the major advantage that they had was the ability to track at a device level and use that to be more efficient with their marketing spend.
More generally, it's gonna make FB and GOOG less useful for small, niche businesses. The big players will be fine, but lots of smaller businesses are likely to do less well.
Maybe the big players will do something to make cohorted ads work, but it will be less efficient and will lead to lots of small businesses having much more difficulty getting their products in front of the right people.
I think the market has said otherwise. Among aware engineers, sure. Among Suzie home maker and Tommy Q the support rep? Doesn't seem so. Facebook is free and has how many people now? ( Just one example I know )
The situation likely arose as a tragedy of the commons. It’s why Apple taking the hammer to the business model is worth watching. A dominant platform like Apple has the ability to change the economics so we don’t end up with everything being “free” and trying to learn everything about you.
There’s some concern about how Apple is changing the economics of free apps. I personally have always had a problem with free apps destroying the opportunity for those that charge the user cash instead of data.
I don't disagree. But, at the same time, especially in a more macro sense, if you theoretically make advertising less profitable, you tilt things towards a world that makes it harder for people to trade their attention for product. So there are fewer options not to just pay money for things. Which is probably fine for most people here, but not everyone.
Most people realize that Facebook's real value in their lives is negative or 0.
People are more than willing to pay for streaming content that they actually value, though.
If you give people the option to pay for, say, Doge memes, and they don't pay for them, that doesn't mean that they aren't willing to pay for anything, it just means that Doge memes have little to no value.
And a lot of people don't have money to pay and their attention is the only resource they can pay for apps. With ad economy broken, they'll lose access to the apps they're using now and that's a bad thing in my opinion.
Not if you put big “for free sign” in front of it. That’s what Apple is doing. “Hey do you want to give them more data? No? That’s totally cool, it’s purely optional and it doesn’t change anything for anyone else”.
It’s not presented to an user as a way to pay for the app. It’s presented as something that’s third party, not really related to an app.
Apple explicitly says that apps can't require app tracking in order to use their app, they're removed from the app store if they do.
Keep in mind "app tracking" here means reading your device ID, called the 'Identity For Advertisers' (IDFA for short). They do this so that they can cross reference that IDFA with data that other apps have collected on that same IDFA, allowing them to connect the dots that it's the same user.
This app tracking transparency feature makes it so that they can't access your IDFA, and can only show you ads based on info you provide within their own app, not from the other apps you use. It keeps your data silo-ed to each app.
Seems Facebook could nonetheless offer two tiers of service for those with and those without tracking.
Although a bit orthogonal, Instagram will not let me post from a Desktop browser but will from a Mobile browser. (So I switch my User Agent to a phone on the Desktop when I navigate to Instagram and wish to post.)
I've been wondering why people aren't asking what kind of data is Apple itself collecting?
Not only from users, but from the marketplace. Shouldn't users also give consent to what they share with Apple? Shouldn't businesses also choose to share info with Apple?
This is gave us a sense of "justice as been done", but now we should look deeply into what the gatekeeper is doing, to what benefit, and how balanced it made the playing field.
Truth be told, I'm biased because I'm always suspicious of Apple because I always believed that unlike what they preach, they put Apple first above everything else... but I only see them getting an exclusive view of user behavior on their devices.
> This is gave us a sense of "justice as been done", but now we should look deeply into what the gatekeeper is doing, to what benefit, and how balanced it made the playing field.
Interestingly, Apple's Ad tracking doesn't show up under 'Settings > Privacy > Tracking' but instead tucked away at the bottom of the 'Settings > Privacy' menu. Apple's tracking also defaults to opt-out instead of the opt-in route taken for other apps.
I am all for providing privacy settings but whats with the double standard?
Because Apple collects data in an anonymous manner and will make sure for user to benefit the most from that data, compared to other evil ad companies.
When you set up an iPhone or other Apple device, you're prompted and asked if you want to share you data with Apple, which makes sense because they make the device and OS.
While I’m sure Apple collects ample (pseudo anonymous) data from their respective stores about patterns, they actually don’t gather that much data about you.
For a long time they’ve had an “on device” policy to handling data. Buy a new phone and your frequently visited locations list is empty. Most of their AI stuff only lives on your device.
Of course there are limits to what can be handled on your device, but they’re generally pretty open about what happens where.
Make no mistake, the privacy stance is a profit maker for Apple, and that’s the real reason they’re doing it.
In any case, I’m way more likely to trust Apple with my data than Google or Microsoft. Google and (to some extent) Microsoft has based their business around collecting and/or selling my data, Apple makes a living by selling me hardware and software, and privacy is the one parameter that Apple can compete on that will directly reduce profits of its competitors.
I do agree with you that it's part of Apple new positioning, that they are a privacy first company, yet I think you missed my point: I'm talking about consent.
When you said:
>While I’m sure Apple collects ample (pseudo anonymous) data from their respective stores about patterns, they actually don’t gather that much data about you.
I don't doubt it, what I meant is that even for that there's no explicit consent in the way they are doing with the Apps on appstore (they probably mix it when you're setting up your account). Because you might have apps that collected even less data then Apple, and they are still subject the user consent message.
I can see from the downvotes that this is not a popular opinion, which is odd - I'm just saying that everyone should play by the same rules, else there's an asymmetry that will favor the ones who can circumvent this limitation, which in this case, it's Apple.
It's just not coherent, since it's not about collecting a lot, or very little data, it's about users giving explicit consent to share data.
Apple's apps have never done what the App Tracking policy stops App developers from doing. To be clear, this new policy is not about apps tracking their own customers—that's always going to happen. This policy is designed to stop companies like Facebook from tracking your activity across multiple apps on your device.
> you might have apps that collected even less data then Apple, and they are still subject the user consent message.
The consent requirement has got nothing to do with how much data they're collecting about you, rather with what they're doing with the data that has been collected.
> I can see from the downvotes that this is not a popular opinion
The downvotes are not because your opinion is unpopular, it's because your opinion is grounded in the aforementioned misunderstandings.
> Shouldn't users also give consent to what they share with Apple?
You give consent to share data with a company when you share it with that company. This straightforward relationship isn't an issue so long as the company's use of your data is in line with your expectations.
When you want to know what a company's incentives are, look at their financials. Money is the great truth teller. Does Apple have sources of revenue which rely upon use of customers' private data? I'm not aware of any.
Now ask the opposite question. Does Apple have a financial incentive to be a good steward of their customers' data? This is a very clear yes, as evidenced by their highlighting of privacy as a distinguishing feature. While it's stupid to trust a company's marketing, it's important to appreciate that Apple have wilfully staked a large part of their reputation on customer privacy. That would have been a monumentally stupid move if they weren't intending to live up to it.
> they put Apple first above everything else
A weird accusation. Setting aside immutable truths about the motivations of any corporation, Apple has famously placed their customers ahead of many other external concerns. Case in point—where they have actively defied the wishes of the FBI (and similar arms of many world governments) in the implementation of robust on-device encryption and cryptographic security.
> I only see them getting an exclusive view of user behavior on their devices.
Yes, and? Tell me, who are these other people that should have access to my data? Damn right it should be exclusive to Apple—people are paying them good money to be a trustworthy steward of their data.
Apple's apps have never done what the new App Tracking policy requires your permission to do. Apple doesn't need to ask for your permission in this instance because they're not doing it.
My observation is 95% of people will never change a default setting even if it's directly interfering with what they're trying to do.
I'm not sure why. Either maybe they don't know that there's a way to change settings, or maybe they're too afraid they'll break something, I don't know.
I try to show people where settings are in different apps and opperating systems and encourage them to explore the options, but it seems like they never do.
I think most people are just conditioned to live with the way things are. Some people will try to search for a solution online, but that's an extreme minority in my opinion. It seems like most people will suffer silently, and some others might complain, but they still won't do anything to fix it - just complain.
There are several of solid reasons to not change anything:
1. It might not be obvious that changing a setting could improve things. You need to have a solid mental model of how the specific tech works and how the setting could influence things. Casual users don't really have a model. Well, everyone has one, but for casual users it's more like a half-drawn sketch.
1. Changing a setting might break something - sometimes for good. Worse, it could break something unrelated (at least unrelated for the casual observer). Worst case scenario, it breaks something in a subtle way, that you only notice after a long time.
2. Changing a setting might break something that you can't fix on your own. Which takes us to a crucial social aspect: nobody like to feel dumb. Asking for help in many cultures and for many individuals makes them feel dumb.
An example from someone normally on the "just try it out" side:
Got a new laptop, it has a "high performance" nvidia GPU as well as the integrated AMD one. I was getting notifications that regular apps were using the wrong GPU and wasting battery, and I should use an option from the manufacturer to disable it. Once I eventually figured out that you needed to kill all such apps before enabling it does anything, everything seems fine, until weeks later I realise sleep isn't working.
Took a detour investigating "modern standby", which is Microsoft's new sleep mode that doesn't turn off the CPU and so was suspicious. But after messing around trying to force classic S3 sleep, messing with the powercfg command (which reported sleep as normal, wake on keypress, no wake timers, etc.), and testing with all apps closed, no change.
On the verge of giving up and assuming this was just the nature of modern standby, I booted a Ubuntu live USB, hit sleep, and saw all the usual pulsing LEDs. That reminded me of seeing the same thing when I used the laptop for the very first time, so I had enough confidence to "refresh Windows" (a reinstall that keeps files).
After doing so, I hit sleep, it worked fine, then had to gradually reconfigure the laptop, hitting sleep every time until it broke, which of course was just after I started feeling brave enough to make multiple changes every time. Narrowed it down to the GPU setting and all working fine after changing it back, but I'm going to be very selective about what I change and install for a while now.
I think most people who enabled the setting (as prompted!) would just be living with the battery drain though.
I tend to forget how customizable phone settings have become. When I had my first iPhone 3G the settings were quite meager. It feels like by now I'm conditioned to just expect the experience to be consistent throughout the life of the device. The thought of playing with settings rarely occurs to me unless I'm actively having an problem with an app.
> unless it's directly interfering what they're trying to do
That's where the trouble will come. I can see trend emerge where essential functionality could be blocked on account of tracking being disabled. I have some faith policies and people will work against this but i've seen so many dark patterns in freemium that I think this sort of dishonesty could just work.
It is okay for games to have limited gameplay until you use in-app purchases to unlock more features. You could easily have an app that provides a limited bit of functionality, but then allow you to unlock more just by changing this setting. Especially if any of the monopoly cases against Apple forces them to change.
The proper way of handling that would be to show less ads to those who enabled tracking.
Tracked ads have more value because it's more likely that you'll buy something targeted at you. So you need to show less ads compared to untracked ads to extract the same value.
I think that this kind of differentiation is allowed by Apple and probably will be implemented in some apps.
What about a feature that is both useful and, by its nature, requires tracking to even work? (not a dark pattern but technically depends on something that falls under the purview of tracking)
The switch allows the app merely to request tracking, so I'm surprised requesting that the user enable the switch doesn't violate the App Store guidelines (or maybe it does).
I haven't seen this option presented to me. How would I make sure that app tracking is turned _off_?
Edit: Never mind. I found it under Settings/Privacy/Tracking: "Allow Apps to Request to Track". I might flip it on just to see what nags me about allowing tracking.
I loth Apple. I am a Apple developer and it is painful. After thirty years sticking to Unix like systems, Apple is not!
That said I am very impressed that they turn off apps access to the UUID for the device by default. Bless them. There is more money to be made, I would have thought, by going down the well trodden path of avarice, duplicity, and self deception that Google has trodden. Well done Apple.
(Perhaps I am wrong and there is some nefarious plan for world domination behind their moves - just because I cannot see it does not mean it is not there!)
I'm actually quite surprised it's that high -- I've seen one prompt so far, and I was kind of running on autopilot so I accidentally clicked "Accept" before my brain even processed what it was asking me (and then I didn't bother to track down the setting to manually opt-out afterwards). I guess I'm in the top 5% of absent-minded users!
Don't you need to explicitly find the setting and enable it to be part of the 4%? I wonder if 4% are just curious which apps will ask... seems high though.
I just want to point out that Apple is ostensibly doing this in the name of transparency, and yet here we have a whole thread of technologically proficient people debating what the setting actually means.
Does it mean that if the users don't know about this option in the settings they will never be prompted to allow tracking, and just implicitly disallow it? If that's the case, the prompt is just transparency theater, Apple has already made the decision; and it's hard not to notice the conflict of interest.
[throwaway because I work in the industry, but not in ads]
Right next to the togglswitch, there’s a learn more link that explains in more detail...
Tracking
Apple requires app developers to ask for permission before they track you or your
device across apps or websites they don’t own in order to target advertising to you,
measure your actions due to advertising, or to share your information with data
brokers.
If you give your permission to be tracked, the app can allow information about you or
your device collected through the app (for example, a user or device ID, your
device's current advertising identifier, your name, email address, or other identifying
data provided by you) to be combined with information about you or your device
collected by third parties. The combined information can then be used by the app
developer or third parties for purposes of targeted advertising or advertising
measurement. The app developer may also choose to share the information with
data brokers, which may result in the linking of publicly available and other
information about you or your device.
When you decline to give permission for the app to track you, the app is prevented
from accessing your device's advertising identifier (previously controlled through the
Limit Ad Tracking setting on your device). App developers are responsible for
ensuring they comply with your choices.
In some circumstances, the app developer is not required by Apple to ask for your
permission. The app developer may combine information about you or your device
for targeted advertising or advertising measurement purposes without your
permission if the developer is doing so solely on your device and not sending the
information off your device in a way that identifies you. In addition, the app developer
may share information about you or your device with data brokers without your
permission for fraud detection or prevention or security purposes. However, the data
broker must be performing the fraud detection or prevention or security services
only on behalf of the app developer, which means the data broker cannot use the
information about you or your device for any other purposes.
You can control whether apps can ask for permission to track you. If you don't want
to be asked for your permission by each app that wants to track you, you can disable
Allow Apps to Ask to Track. On iOS and iPadOS, go to Settings > Privacy > Tracking.
On tvOS, go to Settings > General > Privacy > Tracking. When you disable Allow
Apps to Ask to Track, any app that attempts to ask for your permission will be
blocked from asking and automatically informed that you have requested not to be
tracked. If you previously gave apps permission to track, you can tell those apps to
stop tracking you at the same time you disable Allow Apps to Ask to Track.
You can also control the tracking permission on a per-app basis. On iOS or iPadOS,
go to Settings, tap an app, then tap to turn off Allow Tracking, or go to Settings >
Privacy > Tracking and tap to turn on or off each app displayed in the list of apps that
have requested permission to track you. On tvOS, go to Settings > General > Privacy
> Tracking and select the app in the list below Tracking.
You know... It just occurred to me that disallowing tracking from these apps would force them to seek a business model that is far less destructive to the fabric of society
That assumes that the tracking data is only used for display ad targeting. Would you be so happy if this was used to track behaviours which correlated to (for example) political affiliation, and this was used to place you on a different content track in another app?
With all the anti-trust stuff going on against Apple I wonder if this strong stance against cross app/site tracking gets overturned after some sort of legislation.
They’ve an ads business and have had one for years. App Store ads come to mind. And the iad network as well. I applied to a few ad related roles at Apple in the data engineering space.
If that's anything to go by, Apple will ship a shitty half-baked version of it and then take years to figure out a way to finally make it good without compromising user privacy.
That's a great point: the statistics in the OP might have been calculated by people who did not take into account the possibility that a large fraction of the sample might not be free to choose.
>The challenge for personalized ads market will be significant if the first two weeks end up reflecting a long-term trend.
Adtech is basically highly-paid people sniffing your underwear trying to figure out what you had for breakfast. And they get all indignant when you say "hey cut it out, that's kind of weird."
There's no harm in filming your daughter changing clothes at these booths we installed all over the beaches. We are keen at protecting her data and making sure her face stays blurred. If we'd stop the costs of going to beach would go up tremendously, so that's out the question.
You're probably joking, but the TSA has made that exact argument for their full-body scanners.
>"The (body image scanning) technology is sent to the airports without the ability to save, transmit or print the images," said Greg Soule, TSA spokesman, in an interview with CBSNews.com. "At airports, the images are examined by a security officer in a remote location, and, once the image is cleared, they're deleted."
And an alleged insider discussion of how those "remote" viewers respect passenger privacy:
"Personally, in the I.O. room, I witnessed light sexual play among officers, a lot of e-cigarette vaping, and a whole lot of officers laughing and clowning in regard to some of your nude images, dear passengers."
> The (body image scanning) technology is ... without the ability to ... transmit ... the images,"
> the images are examined by a security officer in a remote location
oh dear.
More seriously, at least TSA can at least make a proportionality type of argument, along the lines of, this invasion of privacy is justified on the grounds that it might save lives.
Adtech is just going to use it to try and figure out how to convince me to buy a motorized turnip twaddler.
Of the data that I've seen, adtech has about as much legitimacy in claiming they "might" save lives as the TSA does.[1] The last year the TSA released the stats on their Red Team tests, they failed to detect 95% of threats. Some of the threats that made it through were fully assembled handguns, fully assembled bombs, and partially disassembled versions of both. As many have pointed out, the TSA is largely security theater. It makes people feel better that we're doing something, and apparently the greater the intrusion on privacy, the more secure people feel.
FWIW, I'm not necessarily saying that TSA's argument works out in practice. I'm just saying that they can at least try to make it.
Versus, even if we give adtech a similar benefit of the doubt, and accept for the sake of argument that they really could more effectively convince me to buy the world's greatest fidget cube, there's still just no way that such an outcome is a great enough social good to justify the means they used to achieve it.
(Except perhaps from the perspective of the adtech and fidget cube people. And, even then, only if we assume that they have a slightly deranged opinion of the social utility of their fidget toy relative to all other fidget toys. Or that they're solipsists.)
So, this is a weird one. I mean, all of this stuff is pretty much automated, there isn't a team of people at adtech companies going hmmm user 621163091 is looking for PC's serve him an ad for Lenovo. Its a series of complicated ML models with large amounts of inputs and outputs that no human understands at a level where they could predict which ad a human gets.
In the above scenario, I'm not sure that I see a violation of privacy, but I suspect you would. If you could enlighten me as to why, that would be super helpful.
Data has a way of being used in ways other than the one for which it was ostensibly originally collected. Especially once you let data scientists get in there and start having fun with it. (Source: I should know, I am one.) Or maybe you've got a unscrupulous employee who uses their access to the data to dox people. (Source: I used to work at a company where that happened.) And since, in a country like the USA, they are not subject to any particularly effective data protection laws, they're also really easy to sell to just whoever, or maybe liquidate at a bankruptcy auction, or whatever. The buyer may or may not intend to use it for better or worse purposes than the original collector. There's no real way of knowing.
There's also the security question. Data breaches are real and happen all the time. I think that the crackers' perspective on this subject may be, if I may misappropriate the famous IRA statement, "remember we only have to be lucky once. You will have to be lucky always."
In short, the mere existence of these pools of data is a threat, not only to people's privacy, but to their personal security. Even when you can't demonstrate that a specific harm has occurred yet. It's like hazardous waste: given enough time, it will leak out and cause damage.
So, I totally agree with everything you've said, (I am also a data scientist, so appreciate that part especially).
OTOH, ads pay for a lot of stuff, so if you could delete the raw data after some short time, and only retain the model which was used for serving/prediction, then I think a lot of those concerns go away, and the whole infrastructure around data is made an awful lot safer.
Lots of your other points only really apply to the US (the cavalier attitude towards data and privacy, especially), so I wonder if this is something that would work better in the EU, because you do have much stricter laws around the use of personal data.
I don’t see why the TSA having awful reasons they can get away with is any better or any better hedge than any other player invading privacy unnecessarily.
Even if it may be awful on an absolute scale, on a relative scale, I find egregious privacy violations more justifiable if the claimed intention is mitigating supposed risk of bodily harm or death rather than showing me advertisements.
I have the right to simultaneously hate and be disgusted by the TSA yet hate and be disgusted by advertisers and ad tech even more.
Interesting. I feel the opposite. Theater and bad faith lying or trickery are far worse to me. The intent from the get go isn’t even trying to do the right thing while also trying to show themselves as the “good”.
you see this wrong. TSA is infringement of our civil liberty by government, avoid flying is not much option in this day. comparatively easier for to avoid ad surveilance and install ublock.
>> >"The (body image scanning) technology is sent to the airports without the ability to save, transmit or print the images,...and, once the image is cleared, they're deleted."
Perhaps from the machine, but what prevents a TSA viewer in the remote location from snapping an image of the screen with their smartphone, or wearing an always-on logging camera to the workstation?
I mean, at least the putative negative consequences they're trying to avoid are exploded jetliners and hundreds of deaths, not "advertising would be somewhat less effective and profitable" (similar to all advertising before about 2002).
Recently, a website I had only visited once somehow cross-referenced the cookies available through my browser to work out my email address & directly emailed me to invite me to sign up for their services.
This has to be a GDPR violation, I certainly didn’t give consent for them to email me, but people are still doing this kind of thing apparently.
For years I had a professional email and a non-pro email address that I kept separated. Personal email for job applications/linkedin/bills etc, non-pro for regular surfing. It's worked great until last year. I think it's Google cuz I login from the same browser/device, but they eventually linked it and I'm now being contacted by recruiters via my non-pro email which pretty much unmasks me and my social media accounts. To really have any kind of anonymity today, you pretty much have to hide as if a nation-state actor is after you.
I abandoned having a free (as in beer) mail account around the time google started doing their own advertising in gmail. At first I went for the ideology approach of fastmail, then tutanota/proton mail and finally runbox (or whatever the Norwegian service is called, which was my favorite by the way), but I just couldn’t live with going from gmail to any of those, and so I ended up with gsuite. When google decided to make having a gsuite for private usage harder, I switched to Office365 where I still have the smallest “only in browser” package.
I have to say that whole outlook isn’t as good as gmail, all the things evolving spam is super easy to handle with policies. I still have my old gmail address forwarding things that google would sort into “this is the relevant mails” part of its new inbox system, and 90% of it goes directly into my “unwanted stuff” or clutter or whatever it’s called in outlook.
As a benefit it also gave me a TB of storage and in browser office, and while I don’t use the office stuff much, I do use one drive to backup my photos because iCloud storage frankly is almost as expensive as the entire office365 account.
I doubt it was Google itself – Google is a one-way sieve when it comes to data. Google allows advertisers to tap into their user graph for targeting and attribution, but they don't actually give access to user-level info in any meaningful form, let alone in a form that would allow you to get your hands on user emails. The closest you can get is Ads Data Hub[1], which requires advertisers to import their first party data into the (very expensive) Google-controlled environment to work, and is designed so that Google's identifiers can be used for joins and aggregate functions but can't be directly returned in queries.
There are providers that directly exploit their graph by selling the PII within it, such as GetEmails[2] (and the publishers they source data from). But Google isn't one of them.
I agree: it won’t have been Google (and the email came to a non-Google email address), but some data aggregator somewhere who is cross referencing login emails with stored cookies.
I don't ever log in to my personal accounts on my work computer/phone or vice versa. Another perk of having a work only phone is that I can leave it at work or turn it off when not working.
I haven't had exposure to this space since the GDPR went into effect, but it used to be trivially easy to do this. A quick Googling shows there are still providers of this sort of service, such as GetEmails[1] which bills itself as '100% compliant in the US'.
If company has no operation in Europe it is not realistic for to enforce GDPR against. This are true for many company and it not is a surprise that some do not care on any GDPR restrict.
Alternative take: Ads give unethical actors a systemic advantage, where they are willing to slap ads on to their products that can't justify charging otherwise.
Expect more competition and higher standards as this artificial funding model is removed.
I do own the HTTP response. It's on my computer and in my control. Sites that require payment before responding could do something like return 402 Payment Required or simply refuse to send me anything. If they send me ads I'll delete them. I can rip out and trash the ads I find in magazines, there's no reason websites should work differently.
Honest question: are you, or have you ever been (or are you planning to be), someone with a direct financial stake in the ad industry? Employee, shareholder, board member, whatever.
The answer to that question will greatly influence what we think of your witticism in the previous comment :-)
I'm all over this thread, and the answer to your question is yes. I spent a number of years at an ad-driven FAANG (which narrows it down to three).
And I still think that firstly, this decision by Apple is gonna drive a lot of small niche products to the wall, and secondly, is a part of Apple's longer term plans to make a significant amount of money from advertising over the next five years.
I think the users have brought it on themselves. Almost everyone wants free content, more, more of it! Just say: “You know what? I’m not gonna watch these cat videos on YouTube cause there’s an outrageous number of ads!” Or (and I’m going to sound crazy) we could skip scrolling Instagram and just read a book or take a walk when we need to unwind. Google search is harder to escape, of course.
I find it hard to blame the users when (according to this article) as soon as they’re given a modicum of control, they clearly reveal their preference for not being tracked.
Nobody can be blamed for wanting free content, who doesn't? The fact most sites are free of charge does not mean the advertising industry should be allowed to surveil everyone and monetize their private information. If sites can't aford to offer content for free, they should charge money for it.
I'd say it is more the blame on the industry's failure to deliver a usable micropayments system.
I'd be happy to pay a few pennies or dimes for every article I open to skim or read. But I cannot and will not pay the 2-3 figure subscriptions demanded by every publisher.
There is a range of choice, all too high to commit to one, so the only one that gets my money is the Guardian, with a donate-what-you can model. The rest I put up with generally avoiding them, and reading only a few per month before the paywall goes up.
If micropayments don't work, I'd also happily pay a single subscription in the $hundreds/year for access to around a dozen of the publications, but no one offers that to my knowledge (if anyone knows of such a service, please post!)
But to blame the users when they clearly state their preferences at the first opportunity, and the industry has failed for decades to provide such an opportunity.. nope.
> Wait! They actually do. Apple allows targeting ads in the App Store by things that require data collection.
AFAIK Apple's ad targeting is largely based on self-reported stuff like demographic information and what you're subscribed to in Apple News or Music. It's not doing the kind of massive log-ingestion and cross-site tracking to do psychographic profiling that people tend to find most problematic.
It's great that Apple does this, but I think this should be mandated by law that tracking should be opt-in and for adult users only. I think people who decide to be tracked should also be compensated for their data.
That'd be a pretty rare position even amongst the most conservative economists, since markets are generally acknowledged to have 1. failure modes, like monopoly, and 2. externalities, which the economic actor should get forced to internalize.
It's how the US government operates, so it can't be that rare. Looking at the past 40 years, the answer to those "failure modes" is nearly always "less regulation". Economic actors are almost never forced to be responsible for their externalities. It's un-American to regulate any market: "Government is not the solution to any problem. Government is the problem."
Exactly - currently if you want to use Facebook (because your whole family and friends are on it) you have to give up your personal data and there is no other way for you to pay for the service. There should also be an option to pay with other means than personal data.
Nah, everyone would get behind this if we actually had politicians brave enough to lead the charge. No one wants Faceflixzon to dig their hooks into your kid's life.
Tech company regulation is popular with politicians on both sides of the aisle (with different motivations from each side), so there has to be more to it than this. I think at least some of it is because the politicians are afraid of their constituents (my parent 50% comment) and donors (affects both sides of the aisle).
I'm not sure why you're being down voted. As far as I can see you're not advocating one way or another. And you're not wrong, with apologies for being so US-centric, that about half this country would agree with you that the parent idea is "interfering with the free market". I happen to disagree with those people but that doesn't mean you're incorrect to point them out.
Government requiring car manufacturers fit seatbelts and airbags is intrusion in the free market. And a good one that saves hundreds of thousands of lives.
Well if consumers didn't want to die they would have upgraded to our premium safety module for only a $9.99/mo maintenance fee and $1200 installation (was $1700).
The government absolutely has the authority to mandate safety measures. Corporations don't have the right to violate users' privacy and security, I see this as completely fair.
But why does 50% are mostly fine with "only medical data is super special"? Your private data could be abused in a similar way.
Also why not a law for full transparency? You can have all your freedom you want just be transparent about all the tracking and information selling or sharing that is happening. Can't you convince the free loving americans that a simpler GDPR that only requires full transparency is "very capitalistic"?
What Apple is doing here is the free market solution to invasive tracking. The GDPR was the government's solution to that.
I'd much prefer the Apple solution which allows for a company to be _rewarded_ for taking a voluntary stance (a positive one!) on tracking, instead of coercing every business to follow a government mandated rule on something as relatively minor as advertising.
What Apple is doing is limited.
A law will force everyone (not limited to websites or mobile apps) to disclose if they track you, what data they track and who they share it with.
What Apple is doing is also a recent thing, so before this fancy privacy labels the market had no solution.
Let me know all the downsides to a transparency law and for each downside specify who is affected by the transparency.
What exactly is the benefit to the average user of not having apps track them?
Most people seem to welcome more relevant advertisments, and a significant number of people in my social circle - even in Ukraine - like to purchase products directly from Instagram advertisments.
If you can't make money from advertising, and paid apps have an enormous 15-30% commission, how exactly does anyone except Apple make money from mobile apps?
I think you're framing it the wrong way. You should be asking: What's the benefit to the user (and advertisers too!) of all this tracking and data collection?
Adtech often touts "relevant ads." But I think that's a red herring. I'm a fan of The Simpsons. That doesn't mean I want ads for Simpsons stuff following me from site to site. I'd probably get annoyed if I get Simpsons ads on a serious financial website. What's more important is that the ads are relevant to the context of the site they're displayed in. And that requires no tracking or personalization. It does, however, require human understanding and communication skills, not tech or data. People like ads if they're well-crafted and convey a compelling message in context.
It’s a false dichotomy for me. I understand many people make money off it, but I just don’t want to see any ads. And I believe if a person needs something, they should be able to find it. But buying stuff because you see a banner? If the banner was the only reason you bought an item, maybe you didn’t need it in the first place.
You might have too narrow a conception of what advertising tries to do. It doesn't necessarily try to induce demand. Instead, it tries to direct demand towards a certain direction.
Everyone knows what Coca-Cola is. But Coke still heavily advertises worldwide. It's not to make people thirsty when they see the ad. It's to make thirsty people think "Huh, a Coke would be quite nice right now" when they're at the store.
Not really. Well-crafted ads that convey a compelling message in context are fine the first time or two that you see them. Even the best ones get really irritating when they're played over and over and over, at which point they motivate me to ignore them.
You make money because your app is tied to a real-world useful product. Looking at my own usage, the only apps I have installed and use on any regular basis that didn't come preinstalled with iOS are Signal, Authy, Bitwarden, Amazon, and my banking app. Amazon and the bank provide me a service I can access other ways and mobile is just one of those ways. Signal is a non-profit and receives donations and Authy is owned by Twilio, which sells backend services to other software developers. I just pay Bitwarden.
Of these, Amazon also serves ads. Opening the app, three items on the home page are marked sponsored. One for some k-cup coffee pod product, one for dog food, and one for cat food. These are clearly targeted (I have bought cat food and coffee very recently from Amazon and Whole Foods). But to be perfectly honest, I'm fairly comfortable with a company I buy stuff from keeping a record and making suggestions based on it through their own storefront. That's just good customer relations. I'm not comfortable with my activity being tracked everywhere across all applications I ever interact with to create a grand unified profile of all my synthesized purchasing, viewing, reading, and searching habits that can be sold to all advertisers advertising anywhere. That's a panopticon.
If this holds, this will be cataclysmic for FB. You can't have a huge portion of your wealthy user base just disappear and expect advertisers to keep paying what they were paying previously.
BTW, this is also why the covid exposure notification apps failed miserably. They should have always been opt-out.