What greatly fascinates me is that apparently no one in the advertising industry looks at all the effort that goes into subverting their rather invasive tracking and comes to the conclusion that maybe, just maybe, they've turned the tracking dials just a tad to far to the right.
There seems to be zero self-reflection from the advertising industry. They'll try to find ways around these new measures in Safari, rather than wonder why the hell someone is going to great lengths to prevent their tracking.
You see this on places like LinkedIn as well. People in the ad business have zero reflections on why companies like Apple do this or why the EU is trying to regulate their industry. It's always whining about how their right to do business is infringed. The entire online ad business just seems to be completely morally bankrupt.
That revenue chart always has to go up and to the right! /s
I work in SEO so I work with advertisers quite a bit, and they absolutely do not care about privacy. I had one who thought that when a user clicks on our site from Google that we can grab their email since "they're logged into their Google account anyway, why not just get their email so we can do some email marketing?"
When I said we can't do that, he thought it was a bug, not a privacy feature.
If they could install cameras in your home, they would, and they have.
> There seems to be zero self-reflection from the advertising industry.
Back in the 90's, I can remember seeing a blog post from an advertiser trying to warn his compatriots that pop up ads and obnoxious animated gifs were counterproductive, but they did not get any traction.
Funny how we're coming back around to pop-ups, except they're called "modals" now.
I had to use a browser without ublock a little while back, and I honestly don't know how people use the web anymore if they don't have an ad blocker. The ads are literally trying to prevent you from accessing the content for as long as possible so you spend a few more seconds staring at their garbage.
I think you're right but it's not advertisers doing any of this. It's the ad networks (Google, Meta, Microsoft, Amazon) who are the ones who've implemented all of these things. The ad business is a shady one but the ones to blame are the ad tech companies. Google, Meta, Microsoft, Amazon, etc. are the onces who should be called out and not the more generic advertising industry.
The advertising industry is in some sense dead. Only SEO, tracking, and clicking around in the GUIs provided by the ad networks remains.
I don't think there are many true advertising agents out there anymore, nor are their work valued. What I mean are people who you can come to, who will help you locate your audience and buy ads on the right billboard, website, TV shows and magazines. I also believe that where all the hostility comes from. Many of the online advertising people know full well that they're not really good at advertising, they just know how to navigate Google Adwords and their clients don't.
Those people running Adwords campaigns are still not the ones creating the privacy nightmare. They use, and are in some ways complicit, with the privacy nightmare but the ad tech companies created all of it. Google and Meta are the frontrunners in ad tech and seem to do the most invasive things.
The distinction I believe is between selling ads on your own properties based on what people do on those same properties, and selling ads on other properties and/or basing it on tracked behavior on other properties.
I'd they distinction matters or not is up to everyone to device.
No to the first and kind of for the second. Apple doesn’t stoop to the levels of actual ad tech companies as far as tracking and linking data sets. They do sell ads but they are really limited. The only place I think they use customer info for ads is in their News app. App Store ads are search and possibly location based IIRC.
In any case, the info used for the ads is fairly generic and they do not have access to the level of info that the actual ad tech companies use. Apple does not know which articles you read, your location, your web browsing, search terms, etc. while using the News app.
Assuming that people are generally as good as I chose to believe I expect the advertising industry to realize that they are in the wrong and revert to content based advertising.
Realistically I expect that they'll find a way around the link tracking protection and not give a shit.
It's just that I fail to see how a group of people can be so insensitive, so fixated on profit that they ignore everything related to moral. How can an entire industry be so detached from everything from any concept of right or wrong.
If anyone from the Safari team is reading this: please, please document this stuff at a technical level.
As a web engineer I need to know the full details of how this works at the browser API level - the end-user targeted terminology really doesn't help me.
I want to understand things like how I can implement SSO across two different domains.
It seems like the tracking protection looks for specific parameter names. Won't people just start using randomized names?
Already now I have to rename my stats script from 'track' to 'res', otherwise I only see about a quarter of users. (I'm just using it to count how many views each page has, not for tracking.)
The endgame is to move all ad and tracking code to 'first-party', i.e. the website delivers the code in its source. (Un?)fortunately that is not happening quickly since advertizers distrust the publishers.
No, the UTM parameters have been standard for almost twenty years and everything is built to follow them. The whole point of UTM parameters is to follow a user from site A to site B (on site A you can just track what links people click), so randomizing it won't work. It needs to be coordinated.
The target site has access to all the query parameters. If they wanted to they could send all of them to Google/whoever who then looks up if any of those parameters are in their database
That's an API someone has to write, and Google just burned down Analytics for no particular reason. It won't happen. The UTM parameters were a Schelling point. They won't be replaced because once you try to coordinate something else, Apple will block that too, so no one is going to bother trying. Google will be happy to just keep the data to themselves instead of sharing with others.
>The endgame is to move all ad and tracking code to 'first-party', i.e. the website delivers the code in its source.
I don't know why this hasn't been happening. I can think of a thousand ways of making sure that users see my ads. The fact that you can block ads via /etc/hosts is... pathetic.
The original sin of the web is that publishers let third parties take over advertising, then surprise, surprise, the third parties kept all the money to themselves and choked the publishers to death.
There's a reason we don't do that anymore and it's that there's too much noise and it's easier to filter it out if you aggregate the data somewhere (bot traffic, scraping etc.). Sometimes you also don't really have access to HTTP server lots depending on where you deploy your frontend.
> The endgame is to move all ad and tracking code to 'first-party', i.e. the website delivers the code in its source. (Un?)fortunately that is not happening quickly since advertizers distrust the publishers.
The other issue with this is that advertisers use Google/TradeDesk/Etc because it gives them access to a ton of supply (publishers) with one interface to handle all of their reporting/metrics. If the publishers own the tracking/targeting/reporting there will be 1000 different implementations. Which is probably good for the end user and publisher but bad for the advertisers. It will be interesting to see where adtech goes in the next 5 years.
Can't trackers change to using a credit-card-scheme-style "dynamic" tracking ID system (you know, the same way you can tell if a credit card is Visa or MasterCard)? For example, if instead of looking for "gclid", a site looks for "f(query-key) == 39", where "f(query-key) = char1 + char2 + ... + charN % 64". Under this system, each advertising provider simply needs to own a mod number instead of a query-key (Google would look for 39, Microsoft for 23, etc.). You can then have infinitely many tracking keys, that don't even need to be consistent within the same session. At this point, you would probably feel a lot less confident about arbitrarily removing these from the URL, since it becomes increasingly difficult to know for sure that you aren't breaking a legitimate use-case query parameter.
They could, in the same way ads/analytics can be served from your own domain (or more likely subdomain) to avoid various adblock/analytics-block tools. It's a cat and mouse game.
I have doubled down on using Apple’s privacy and security capabilities but I also don’t feel so great about living in a walled garden and it is not totally clear to me how they might use my data.
I use it all: I run all of my Apple devices in Lockdown Mode, and I try to use private browsing tabs as much as I can.
Lockdown Mode breaks a lot of stuff in Safari. I wouldn't recommend it. The only purpose of Lockdown Mode is for high value targets who are in danger of targeted attacks, e.g., government officials, so if you're not one, then Lockdown Mode is not for you. It's not for normal users.
I find just small occasional annoyances. I tend to not use Apps, preferring web versions of Twitter, Reddit, etc., etc.
Reddit is the only platform that can look visually bad running in Lockdown Mode.
I do online banking and sometimes have consulting customers' data on my devices, so for me Lockdown Mode is worthwhile. Online and digital crime must surely be one of the largest business sectors on the planet, right?
> I try to use private browsing tabs as much as I can.
I regularly open websites and searches in private mode, but cookie notices are killing me. iOS Safari doesn't even share cookies between private tabs, so there's one notice per tab, even if you already accepted/denied it.
Given you use private browsing a lot it might not be something you’re willing to trust, but I find Consent-o-Matic[0] to be fantastic and indispensable. I have it set to blanket deny all non-essential cookies and the mobile web is a far less miserable place now.
I tried it for a couple of days and found that it clicks the wrong button, landing me on a secondary “cookie page” where I have to still manually tap. This happened on Google.com and I think YouTube and Yahoo (or some of its properties). I tried several cookie extensions and often either they don’t work or break the website (hiding the notice, but leave an invisible wrapper that causes the website to be completely unclickable)
FTA: Why does the StopTheMadness extension want to disable input field max length? That’s a very useful feature for developers to give instant feedback to the users. I get it: a minority of people have 64+ char email addresses, but if you know the server is going to reject the POST, why not stop it before the submit?
> Why does the StopTheMadness extension want to disable input field max length? That’s a very useful feature for developers to give instant feedback to the users.
I'm the developer of StopTheMadness, and it doesn't disable input field max length. Rather, it warns you when you paste something longer than the max length; otherwise, without the warning, your paste gets silently truncated, and you wouldn't know it.
In Safari for iOS 17, I am seeing a gray inline box appearing on some websites asking about "disabling tracking detection" (or something like that). It looks suspicious as if it is part of the webpage, and not part of Safari. Anyone know if it's legit?
Do you use Private browsing and then refresh the page? That box appears because private browsing protections are much stricter than regular browsing and can break websites.
Yes! I find the UI confusing because I can't tell if it's really from the website or from the browser (it's part of the screen the website has control of).
I don’t want these features. This will inevitably break certain experiences. Some features like query parameters are part of HTTP and shouldn’t be tampered with.
There seems to be zero self-reflection from the advertising industry. They'll try to find ways around these new measures in Safari, rather than wonder why the hell someone is going to great lengths to prevent their tracking.
You see this on places like LinkedIn as well. People in the ad business have zero reflections on why companies like Apple do this or why the EU is trying to regulate their industry. It's always whining about how their right to do business is infringed. The entire online ad business just seems to be completely morally bankrupt.