Just a friendly reminder of the facts on the ground that the change that great folks at El Reg are reporting on and the folks at Facebook in their blog post are posting about is a toggle in iOS 14, which while there in previous operating system releases as an opt-out toggle, will be an opt-in sort of toggle. iOS will now ask for explicit permission on behalf of Apps to let them track you using an identifier Apple made available to developers like Facebook (“IDFA” aka “Identifier for Advertisers”) rather than relying on the implicit permission of an opt-out toggle.
This does not kill all forms of tracking, nor does it eliminate IDFA as an an option, but it does make it more obvious to iPhone/iPad users what exactly is going on behind the curtains with this tracking tool and let them make an informed and explicit choice about whether they want any part of that.
So do they still run but are limited like when ios gives the false location data? or can facebook apps just refuse to operate until they are given the required permissions? E.g. the way android apps just demand permisions for everything making the security benefit of permissions largely pointless.
> the way android apps just demand permisions for everything making the security benefit of permissions largely pointless.
That hasn't been the case for a pretty long time. Now the permissions are quite granular and you can accept and refuse specific one at any time. It's actually quite tiresome to go through 4-5 permissions popup on some apps, but it makes sense so it's okay.
The apps is informed of that decision, so yeah it can decide to not works without it. I suggest you to not use an app that require stuff that you don't want to allow.
>> the way android apps just demand permisions for everything making the security benefit of permissions largely pointless.
> That hasn't been the case for a pretty long time. Now the permissions are quite granular and you can accept and refuse specific one at any time.
This is technically a correct answer, but I've seen the bad habit of asking for many permissions (and sometimes refusing to work without) being more common on Android. An example is a bank's app that will refuse to launch (or I mean, provide any meaningful information/experience) unless location permission is given (this is when giving the permission means an "always allow") and unless it's connected to a cellular data network (not WiFi). On iOS, the app is better behaved and will work with some useful functionality when certain permissions are denied.
This could be due to an overly aggressive anti-fraud library/service like ThreatMetrix (I don't know if they do these things, they're just the only example I know).
Though it's bizarre to me what permissions require a pop-up and which don't. You think all you've granted is, say, looking at files, then you check the actual granular list and there's a dozen different ones including internet access.
Making full network access a mandatory always-on permission was a huge security mistake IMO. Every app can port scan your network, and probably some do as part of fingerprinting (some websites do at least, and I assume apps are more brazen).
Programmatically? Certainly. As a matter of App Store policy? Facebook shouldn’t count on it, even if that were allowed by the rules as written today (which I don’t think it is, but Apple has pretty much covered all of their bases as far as arbitrarily changing policy on the fly goes).
Yes. IDFA's full form is "The Identifier for Advertisers" which is generated by OS itself. Think of it like a proxy of IMEI number itself (back in the old days IMEI itself was used instead of this).
All of the Apps get the same ID and that's how your "persona" graph is constructed.
Sidenote: One of the bets people are making with this change is that now free apps will start forcing you to signup (via email/mobile number) which will be used to construct this "persona" graph again because who has time to create new emails for these purposes.
Well, your phone has the time to create new emails for these purposes with the Sign In With Apple feature[1]. You don't have to remember your email nor your password because iOS can create a secure one and save it on your phone. More secure than people using the same email and password across multiple apps imo.
I mean that they also saw the reaction to that change coming, ie. they realised if they got rid of the advertising ID, it would make apps force you to log in. I'd be impressed if that was deliberate, but it could have been.
My 10 year old gmail account has no associated phone number. Maybe it's valuable now. It's the only thing I use at all that is a Google product, and I'm always near deleting the entire account but it's just so convenient (Read, I've been lazy)
Regarding your side note. Apple is also, more and more, requiring you allow the login with Apple button. This would effectively shield most of the data off if you want.
Interesting workaround. I imagine this could in turn lead to more pressure on these same apps to implement Sign In with Apple - as a user, its email privacy feature becomes more interesting in this scenario.
> more pressure on these same apps to implement Sign In with Apple
Afair this is actually a requirement: if you have email/facebook sign in option, you need to implement Sign In with Apple as well
I use email aliases to sign up to services for this reason exactly. There is no way to link the aliases, and so tracking is limited to the registered site only. The Log In with Apple solves this more elegantly
Sign In with Apple is not a panacea. UPS on-boarded me a couple of weeks after my initial registration, and the two services I’ve used it for (UPS and Etsy so far) have received my name from the initial registration process (a radio button selection and a bioauth).
I wouldn’t treat it as a privacy feature, I would treat it as a convenience feature. When I needed some extra mask straps, I installed Etsy, didn’t previously have an account. So I used Sign In with Apple to register, picked out some mask straps, and Apple Pay to pay. The whole process only took as long as it took for me to make a selection and two biometric authentications, but some of my information had to be exchanged in order to make that transaction possible.
Also I can login to UPS and Etsy without a password.
My familiarity with it is superficial and only as an iPhone user, it is not an API I have ever concerned myself with, so first, I might be wrong about this next part but second, my understanding is that it provides almost nothing about you except a number or a string. I’ve never delved into Apple’s docs to find out because the “how they do it” has always been less important to me than the “how do I turn this off”.
If you go into Settings on iOS 13/iPadOS 13 and into the Privacy pane, all the way at the bottom you should see two tabs, one labeled “Analytics & Improvements” which is for information Apple collects for the device, Siri and iCloud, and another “Advertising”.
It’s in that second one that you can toggle “Limit Ad Tracking”, off by default today, on by default in iOS 14, at least that’s the plan and is the case in reports from people using the beta releases. Right below this toggle is a button labeled “Reset Advertising Identifier” which does exactly what it says. This is the “IDFA” that is the subject of discussion and will be the same value returned to Apps that request to use it. If you reset it, that will break continuity with your previous identifier, at least in theory.
Anything that doesn’t rely on IDFA, e.g. your Google account in Google’s Apps.
But I was thinking more about tracking within apps that isn’t concerned with tracking across apps or even tracking for advertising purposes, hence, “does not kill all forms of tracking”.
While Apple are limiting access to IDFA for apps that don't ask for permission to track i.e. it will be all zeros they are also changing App Store policy. Specifically you are not allowed to track users using identifiers such as user ids, fingeprint ids etc if they have said that they don't want to be tracked. Sure Apple doens't have technical control over this but we know that they are willing to wield the ban hammer.
It'll be really interesting to see this play out. The experiment with the "Do Not Track"[0] header on the web failed becaused it was largely ignored by everyone. With Apple's tight control over the App Store you simply cannot ignore the rules because Apple can outright ban you for it.
That might be true, and may involve backchannel negotiations. But Apple didn't hesitate to revoke Facebook's developer certificate (for internal apps) and make Facebook employees scramble for a day or so because of the "VPN" app tracking fiasco early in 2019. [1]
I don’t think it would be, however the party considered in breach would be the app developers and not Apple.
Consent should be opt-in and granular (a user might wish to opt-in for one app but opt-out for another one) so every app should’ve already implemented their own toggle (like iOS 14 would force them to) instead of just using it in the background and pointing users to the system-wide setting if they want to opt-out (which isn’t ideal if the user wants to remain opted-in for some apps only).
IANAL. Not sure about that. IDFA is essentially a tracking cookie.
First of all under GDPR, tracking can be for a legitimate interest, and thus it might not require opt-in. For example security, or even first-party analytics, with the purpose of optimizing the content, can be legitimate interests. However this cookie is meant for advertising, and user profiling for marketing purposes doesn't pass the test for legitimate interest.
The other problem, for Apple, might be the revised E-Privacy Directive. You can't set such tracking cookies without informing users. Such cookies must be opt-in, whether you use them or not.
AFAIK Apple is simply complying with the law, whereas Facebook is effectively arguing for unlawful tracking, because that's just who they are.
Your browser (probably) allows the use of cookies; however a website which doesn't ask the user for appropriate permission is still in breach of the law.
Isn't it down to the app developers though whether they allow the ID to be used to serve ads in their app (whether or not in practice there's a mechanism to do that, it's the app developer that's essentially choosing to use it by implementing ad networks and SDKs that use it, not Apple forcing it on them).
My understanding is, that it's a random and unique identifier, and therfore very high entropy. Pooling that data allows FB to identify you in different apps that use the SDK, even if they don't have any other identifying info.
And a friendly reminder that if you're on iOS you can go into Settings, search for "advert" and limit ad tracking if you managed to miss that setting before.
I was going to protest what sounded like a silly taunt of "great folks at El Reg". Then I went and read the article.
Holy mackerel, compared to this, the folks at Fox and MSNBC are paragons of neutrality. This may be the worst example of journalism I've ever seen. I'm looking all over for something that says "opinion" or "editorial", but no...
Have you ever read The Register? Its been this way as long as I can remember (1999?). I consider it more of a cheeky, poking-fun style rather than it being inflammatory. They've always created an air of not taking IT/Technology too seriously.
I feel like the fact that The Register has been the Internet home of the Bastard Operator From Hell stories (https://en.wikipedia.org/wiki/Bastard_Operator_From_Hell) since 2000 really sums up its attitude. It is tech news by and for BOFHs.
Neutrality in journalism was an artifact of the business model when consumers had far fewer choices of newspaper/channel (ie only < 5 local papers, 3 network channels), using neutrality as a strategy to avoid turning off potential consumers. The point of journalism is not neutrality; it's the communication of facts relevant to the audience.
This article communicated multiple facts/relevant quotes to me that I was not aware of before (eg iOS14 changing a default setting to improve user privacy, and the extremely revealing quotes from the FB Audience Network bloc [0]) and put them in a context relevant to the audience that values privacy. I don't see how this is an example of bad journalism.
Because everyone is biased due to the data they are exposed to as they live through lifes experiences. Even Judges are biased, so you would be advised to seek parole after lunch if I was you. https://www.theguardian.com/law/2011/apr/11/judges-lenient-b...
Besides The Register has always been that way, I dont see them preaching violence despite its efficiency, they are just telling the world how they and others see the IT world.
As they say, biting the hand that feeds them.
I was sincere, I love The Register! But there was an actual taunt in that sentence that was much more subtle. Notice what I didn’t say after talking about the “great folks at El Reg”.
I just wish people understood how much they’re being manipulated by Apple’s marketing here. Credit to them: they’re the best in the world —- if Tim Cook decided to sell cigarettes, he’d have most of us on two packs a day and believing it’s good for us by Christmas.
Apple is a giant corporation, they’re not your friend. They can be total jerks when it suits them. They happen to have failed at their own advertising network and had the brilliant idea to spin this as if they “care” about your “privacy”. It is a convenience of the moment to sell more devices like the iPad Pro I’m typing this on.
The level of rhetoric has reached foaming-at-the-mouth proportions, and we can no longer have a rational discussion that acknowledges the nuances. Even the word “tracking” is so loaded with evil connotations and indistinguishable in most people’s minds from the ever-cited, rarely existent “selling my personal information” that few can see beyond the word to make a conscious choice about what level of tracking is acceptable. (NONE! I can already hear the shouting.)
IDFA is a random identifier that’s been used for attribution and audience targeting (for which Apple provided it). Digital advertising has a fairly unique property, which is that it’s possible (at least sometimes) to connect the dots between “I paid for an ad for my product” and “someone bought the product”. If you’re spending money on advertising and offered the choice between casting it into the void and hoping your sales pick up, versus only paying for successful “conversions”, that second option is going to be pretty attractive.
I saw an ad on Facebook for a food delivery service. I signed up and have been enjoying their products and benefitting from fewer grocery trips. I’m ok with that. And I’m ok if there was a little anonymous tag that allowed Facebook to get paid for the service they provided to the company. I’m less ok if they collect information on how much red meat I’m buying and sell it to my insurance company, but that’s not what we’re talking about here and I pretty wound up when people assume that all “tracking” is the same.
1) Marketing alone is not why you have an iPad Pro. All other tablets kinda suck compared to it. It's at least 5 years ahead of anything else in hardware and the software is probably further than that.
2) Facebook also not your friend. Corporations can't be friends.
3) Why would anyone _want_ to be tracked if they can avoid it?
4) From a business' POV, sure tracking is useful, but as a consumer, I don't care. I would rather not be tracked - in this instance I think it's nearly even possible to say Apple are being my friend, working for my interests. Also IDFA was introduced as a more private device ID, I doubt they expected it to be exploited this way and are now fixing it.
5) The reason FB cares about this tracking isn't for tracking installs of other apps, it's about their ability (or not) to build up a comprehensive identity of who you, what you do, where you go and what you like, from all the apps and websites you've ever visited.
5 continued. Facebook is slurping every bit they can get by trick and treat. They bring business to other app developers and businesses who in turn hand over customer data and , while not insignificant, a small amount of money for advertising, or nothing for just the free services. A lot of people never leave Facebook, or Insta. It's a part of their identity. A huge part of peoples lives are on Facebook and Facebook will not relinquish a bit or back down from their methods without existential threats to their business.
> 3) Why would anyone _want_ to be tracked if they can avoid it?
People get value in return. Free to use product and ads about stuff they’re interested in. For some it’s not enough of value proposition, but for others consider it fair value exchange.
Nothing wrong with making the value proposition/tradeoff an upfront and obvious decision. Might even encourage competition from tools that have a different proposition.
I still wouldn't categorise that as wanting to be tracked, just begrudgingly accepting it.
I'd also say that's a better argument for google, where them knowing some stuff about me probably does give better search results - but facebook just want to give me better adverts, which is of marginal (approaching zero) benefit to me.
If the users are making a choice, then opting in would not be a problem. It’s informed consent, so they are aware of what they are giving away for the service, right? Nothing like companies helping themselves without the users even knowing the monetary value of what they are giving away.
In other words: if your demand is legitimate, you have no reason to whine about opt in.
I anticipated comments like yours in-thread which is why I posted my initial commentary.
I have no romantic attachments to Apple in particular, after all they were the SOBs that provided IDFAs and set the initial policy, which is why this was a “friendly reminder” on what this policy going forward is and what it isn’t. What appears to you to be a “scary dialogue box” appears to me to be an adequate and accurate description of what IDFAs are used for and why Apple provided IDFAs in the first place. Tracking users and across apps and websites from different companies is IDFAs working as intended.
Now you can be as cynical or romantic about why Apple is doing this now as you want, to me it’s a half-step towards correcting a mistake they initially made, and to others it is clearly something else, but let’s not kid ourselves into believing that just because Apple stripped the paint off of an advertiser’s favorite toy that this is somehow going to be the death knell of user tracking and the app-based advertising industry is doomed on iPhones and iPads. Facebook and Google are big boys, they may not like this new change, but they’ll learn to adapt around it because adapting to new situations and facts on the ground is just another cost of doing business. Business plans aren’t set in stone since time immemorial, sometimes they need alterations to remain relevant and operable.
Mind I wouldn’t care if I could install apps (native, not PWAs) through Safari distributed through a means that cuts Apple out of the loop and download them right to my home screen, or in future versions, my App Library.
> just wish people understood how much they’re being manipulated by Apple’s marketing here. Credit to them: they’re the best in the world —- if Tim Cook decided to sell cigarettes, he’d have most of us on two packs a day and believing it’s good for us by Christmas.
This is such a hoary old argument usually made by those who believe a product value is only measured by the cost of the hardware components comprising it, not how it was packaged or how it works or the experience it’s custom software enables.
Of course in this case, if your job is selling snake oil, you think everyone’s job is selling snake oil.
"We’re encouraged by conversations and efforts already taking place in the industry - including within the World Wide Web Consortium (W3C) and the recently announced Partnership for Responsible Addressable Media (PRAM). We look forward to continuing to engage with these industry groups to get this right for people and small businesses.”
Translation: "At least we have these guys house trained, so it's not a total loss."
To be fair though, don't you remember how the DNT header worked really well for everybody involved, and how all these advertisers today universally respect it, and how they totally didn't abandon the entire concept as soon as it started seeing mainstream use and platforms started turning it on by default?
What could go wrong if we give them another spot at the table?
I mean, PRAM has already released so many good plans, like... a mission statement. But that counts! I mean, come on, it has 'Responsible' right in its name!
I worked for an advertiser a while ago - they were totally respecting DNT header, _except_ on the browsers that had it on by default. The business argument was that "it's bogus/meaningless if the user didn't set it explicitly" - industry wanted that to be "opt-out-of-tracking" not "opt-in-to-tracking".
> they were totally respecting DNT header, _except_ on the browsers that had it on by default
This is a disingenuous argument for that company to make; it's totally reasonable for some browsers (particularly privacy-focused browsers) to have privacy respecting defaults. Microsoft didn't make the change because they wanted to hurt advertisers, they made the change because they had good reason to believe that's the default that the majority of their users wanted.
My take is that if consumers are informed enough that not opting out can be seen as as conscious consent to be tracked, then they're also informed enough that not opting in can be seen as conscious dissent to be tracked. We don't get to selectively decide that users are only stupid in one direction.
On a more cynical level, I've commented to the same effect elsewhere, but I do not believe advertisers when they say that browser defaults were the reason DNT failed. It failed because it was going to see adoption.
If it had remained off by default, but effective promotion campaigns and public education meant 90% of users went and turned it on anyway, advertisers would have come up with another excuse to stop respecting the header. Advertisers weren't ever interested in responsible user consent, they were interested in having some kind of meaningless gesture they could point to when other privacy-respecting solutions got proposed. As soon as that gesture had teeth and was being used by a significant number of people, then it was no longer serving its original purpose. The unspoken terms of the deal were, "most people won't have this header set."
Case in point, the iOS changes that Facebook is going crazy over aren't opt-in or opt-out. They force the user to make a choice, so it's exactly as easy to opt into tracking as it is to opt out of tracking. This seems like an extremely reasonable compromise -- there is no default behavior, the user gets to choose what they want. How can anyone complain about that?
And yet, Facebook is still mad, not because the new dialog is a dark pattern or because it's not capturing users' real preferences, but because Facebook knows that a substantial portion of their users are going to opt out.
Absolutely, but "browser defaults" were an easy excuse. I was not really defending advertisers here; though I do believe they'd have had a harder time finding justifications if the feature actually had organic adoption. It was a failed and poorly-thought marketing gesture from Microsoft, that only backfired on the end-users.
> Microsoft didn't make the change because they wanted to hurt advertisers, they made the change because they had good reason to believe that's the default that the majority of their users wanted.
I strongly disagree here. Microsoft did not make the change out of the goodness of their hearts - not any more than advertisers ignored DNT because they were convinced "it's not the user's real option". This was all marketing speak/ internal&external justification for their actions.
There is something to be said about that tbh, the do-not-track option should be an option on first launch.
Then again, I'm sure very few people are like "Sure do track me pls". I know Microsoft tries to package and word it nicely in their Windows setup (then ignores it at a next update).
Tracking needs to spelled in dead simple terms for people.
Eg:
Are you okay with contractors at the following companies:
[list of 54,683 companies no one outside the industry has ever heard of, with addresses in 162 different countries]
Having access to:
-every item you've ever purchased at Amazon, eBay, footlocker, hot topic, CVS, [your local sex shop], best buy, target, wall Mart, etc. Including your prescriptions.
-every picture you've ever uploaded to the internet, including ones you've never shared publicly
-your current location and your location whenever you ever use the app, as accurate as a few inches
-every single file on your device
- all of you emails
-recordings of your phone calls, video chats, and messages
-...
Sure, tracking may not be at this level yet. But has anyone actually seen the God mode panels at Google, Amazon, Microsoft, and shared the hard details of what is there?
That isn’t consistent with the difference in dependency on advertising that occurs from app to app. It could be, however, that the device-level prompt could set the default for future app-level prompts. (That sounds annoying in retrospect, but maybe the right way.)
Another consideration is your point that preventing ads will harm advertisers’ income. In some cases, hurting income is an acceptable loss, but in others where the service is sustained by advertising, less so.
Perhaps another compromise could be to allow apps that do not accept the tracking prompt to only access basic functionality, with an explanation that the tracking supports their premium service. That’s a very different world for Facebook and others.
If you want to make tracking opt-in, that's great. Doing so would obsolete the do-not-track header. But do-not-track was never going to do that itself. The purpose of do-not-track was to be an explicit declaration of intent. Trying to co-opt it benefited no-one.
I see what you’re saying. I generally agree with implementing designs and standards along the lines of their intent.
On this particular issue, I’ve pretty much decided for myself that individually tailored advertising, net-wide implicit tracking and surveillance capitalism in general need to be banned, or owned by the commons and walled with fine grained permissions. I’m waiting for the tech world to catch up.
Seeing this from the inside - I believe that large/reputable advertisers have no problem[1] with e.g. GDPR being opt-in, because it's a law that levels the playing field. With DNT, the question was "who blinks first" - it was all too easy for some players to take the stand that "it's not user intention thus it's irrelevant" in order to force everyone else to do the same. MS abused the industry-defined standard and twisted it into something that it was not meant to be, so then it became ignored.
[1] Ok, not "have no problem", it's a lot of technical work that is not "feature" and they need to pay for. But again, rules are the same for everyone, and "full GDPR support" can be sold as a feature, so they're largely fine with it.
There's also slightly inconsistent interpretation of the law, depending on company. That's also to be expected, some niche players will push the boundaries of the law hoping to get market share, while the larger ones/that have more to lose will remain somewhat conservative and just tell their clients "our interpretation is correct, if you want to go with the niche players suit yourselves, your risk". In time, as courts set legal precedents for the interpretation, this will smooth out.
It's a consortium, that is, it exists to represent the interests of corporate members. It's actually set up that way partly because his stupid toy hypermedia system made a lot of people very rich and Sir Tim would like some of that money.
Now, it should not come as an enormous surprise that most of the W3C's corporate members do not have your individual interests close to their hearts. And so you can't really expect them to consistently vote for things that help you and hurt them.
If you would like to work on technology standardisation but you aren't a corporation find an IETF Working Group that's doing something interesting to you and pitch in. Unlike the W3C the IETF isn't a membership organisation. Indeed it arguably isn't an organisation at all which makes it pretty unique among Standards Development Organisations...
Parts of this fall flat as the author doesn’t grasp what they’re satirizing.
>Facebook actually gave some of the money it made from running those ads through its system to the business that paid for those ads. Which doesn’t make any sense but shut up, Facebook is the good guy, ok? And Apple is wrong to be doing this.
Facebook Audience Network, affected by these changes, includes display ads running in 3rd-party (read: not Facebook) apps. App makers showing ads receive a split of the ad revenue in those cases.
So, by this logic Facebook is the good guy, because it is receiving less money by helping 3rd parties without its capabilities also invade users privacy, while taking a cut of the profits?
That's called contextual targeting:
"
If iOS 14 users opt out, they will still be shown ads, but they’ll be based on other methods like contextual targeting rather than based on their IDFA.
"
https://clearcode.cc/blog/apple-idfa/#apple-skadnetwork
The issue is not effectiveness as much as measurement. Advertisers value the insight obtained by tracking user response to ads. That is something they are willing to pay premium for. Without the ability to do measurements, Facebook does not provide as much value.
Sometimes I don't understand what advertisers mean when they keep reassuring that all the data they suck is totally anonymized with the objective of delivering more personalized and relevant ads. How can it be personalized if you can't pick me out of the anonymized lot? If you can, then what good is the anonymity? Probably its me who just doesn't get it.
This isn't necessarily a principled campaign from Apple.
Apple no longer has an ad network which means it can't take it's cut from ad revenue. By reducing the effectiveness of ads on the platform it pushes more people to in app purchases which it receives a heft chunk of.
If you have to rely on companies’ good conscience long term you will be lost and abandoned. As such individual acts of ethical behavior are maybe nice but not really very important or meaningful.
It’s much better if companies are structured in such a way that their own self-interest aligns closely with the self-interest of society at large.
Such a match will never be perfect, but if it works it’s quite nice.
I would argue that Apple is at least in some ways structured so that its own self-interest regarding privacy results in positive privacy conscious outcomes for everyone.
It’s of course good to know that generally speaking companies will always act in self-interest but if self-interest leads to positive outcomes then that’s much more stable and longer-lasting than some CEO acting out of the goodness of their heart. That’s fickle and can just disappear any second.
To say, what you're saying, but with fewer words; with Apple you pay for your privacy with money, rather than paying with your privacy instead of money.
At least for now, until they decide that they can get your money and also further monetize the private info that only they have, which will command a premium. Hopefully that doesn't happen, but who knows.
Indeed. Unfortunately none of us can predict the future. For now, the best we can do is make an informed decision based on what is presently the case. One day hopefully, steps will enter the mainstream to prevent the need for trust by guaranteeing our information isn't collected and thus can't be sold.
Apple has two sets of customers. They architected the worlds greatest casino through the AppStore, and the developers who make the machines are just as morally pure as Facebooks customers.
Look at the Epic controversy, which boils down to who should get the biggest cut of real money from selling bullshit virtual funny money.
> I would argue that Apple is at least in some ways structured so that its own self-interest regarding privacy results in positive privacy conscious outcomes for everyone.
Is it though? I thought they still had an ad network so I searched a bit to find it and how it was itself impacted by this button to find this:
So they only got ads on their store, perfectly fine, and it seems to be impacted as the button does say All advertisers. It even seems to show what information they use on the store, seriously that's well beyond what I was expecting A+.
And then I saw "Turn off location-based ads". Weird the first screenshot didn't have that checkbox... It's hidden in System Service, who really go there to set Advertising setting? Even more so while you got the perfect place already on the perfectly logical "Settings > Privacy > Advertising".
Their self-interest regarding privacy aren't aligned at all with yours. They are just trying to make the most buck out of you and they found one more profitable than ads. For location based ads, it seems like they still believe it will bring them more cash.
That means that the day ads will be back as the most profitable way for them, you'll be back to square one ;) with just much less competition. Good luck!
I think you do get this argument and we're actually saying pretty much the same thing.
I'm saying people shouldn't look at this decision as "Apple has our interests in mind" but rather "in this particular case Apple's self interested is aligned with our own because of their business model".
I'm cautiously optimistic about this, even if it is self-interested. Ads are very much a necessary evil rather than something desirable in society I think, and providing developers with an alternative business model isn't a bad thing.
Apple isn't blocking ads per se. They're reducing effectiveness of ads that don't respect user's privacy. The other kind of ads (e.g. sponsored videos, privacy friendly ads, etc) could still work.
I don't think ads that don't respect user's privacy are a necessary evil.
If you’re talking about indie game developers, the way to go is to sponsor popular Twitch streamers and YouTube producers. If you know who these content creators are, you know a great deal about the tastes of their audience without having any identifying information from the audience itself.
If you write a game that the streamer/producer really enjoys, they might even continue to play your game after the sponsorship ends. This is the dream scenario because it’s free advertising that can sustain your game long term. These content creators can also provide a lot of valuable feedback because they tend to become experts at your game over a long period of time.
There was a great article in Wired recently about NPO’s efforts in the space. Unfortunately it’s not available as a service and is only an internal platform but there is definitely a model ripe for working on there.
I'm actually ok with corporate self-interest if it benefits the consumers and their privacy.
I mean Google (the ad company) spent a lot of R&D money into making browsers and the internet faster. For me it means the internet is faster, for them they get more ad impressions and goodwill. Win-win, although they ballsed up the goodwill part.
An average web site isn’t any faster than it was 10 or 20 years ago (unless you still had a modem back then).
Overall the Web is in much worse place, with decentralized hyperdocuments replaced with centralized application server model. FB and Google turned internet into AOL.
They spent alot of money to make Javascript faster, so they could push apps from being local to being dumb terminals. Probably to ensure espionage and making the users reliant on big corp?
> Ads are very much a necessary evil rather than something desirable in society I think
You think advertising is 'evil'?
How far do you take that? For example does a listing in a local newspaper advertising a law cutting service count as evil? Is any form of telling people that you off a product or service really an act of evil?
Letting people know your product exists is fine. State of the art advertising, that is, propaganda aimed at maximizing sales, seems to have forgotten about ethics. I'd argue that advertising as a practice today is more evil than neutral or good.
Maybe they do, but using the idiom “necessary evil” doesn’t make it certain that they do. Probably nearly nothing colloquially described as a “necessary evil” is actually “evil”. It can be only a pain or an annoyance, but required.
>[…] the use of the term "evil" in the phrase does not necessarily indicate that the thing being characterized as a "necessary evil" is something that is generally considered an "evil" in the sense of being immoral or the enemy of the good.
I'm using the common idiom, I don't think it's actually evil but in my opinion it's definitely a fundamentally negative practice that is unfortunately required to be used in the process of doing something otherwise positive. Servers and programmers aren't free, and if what you're doing is positive then you're still socially net positive despite the negative impact of advertising.
I'm not saying that all advertising is bad either, it's the specific case of B2C online advertising that compromises privacy and massively reduces the signal:noise ratio of the platform you're using. Sales and marketing aren't inherently bad in themselves, obviously.
Listing in a local newspaper in a section devoted to listings of such things is perfectly fine and desireable. Placing your ad anywhere where users do not explicitly go to look for such information that the ad offers is evil, yes.
" providing developers with an alternative business model isn't a bad thing."
There isn't really an alternative here. People won't pay for apps.
Also - ads not 'evil' - or rather, it's what people generally chose over paying 50 cents a month, and it's absolutely a choice on our (ie consumer) part.
The problem ironically has to do with relevance. People don't mind relevant ads, but in order to have relevant ads, networks need a lot of personal information. Ugly paradox.
And yes, spammy web pages/apps full of terrible, spammy ads - this is really of no benefit to anyone.
It would be nice if they worked towards fixing that.
I don’t think ads are a necessary evil at all. Facebook and Google came along and ruined the market for paid services. Prior to that the market was healthy and operated just fine.
If we undo the damage caused by FB and Google we can go back to a healthy market where people pay for things with money instead of their privacy.
MS certainly got the ball rolling with their anticompetitive behavior. But it was not until Facebook and Google created their spyware empires that it became essentially impossible to create paid content on the internet. Now the entire internet economy is broken.
I don't recall much paid content per-se from 2000, when Yahoo ruled the roost. Now I have multiple subscription services which exist only because of the internet
>I'm cautiously optimistic about this, even if it is self-interested.
I'd say that I'm cautiously optimistic about this, especially if it's self-interested. They're less likely to change their mind later if they actually benefit from it vs. empty posturing.
The strange thing is that they split the setting in two and happily left the "let Apple keep tracking you" as ON by default while leaving third party apps OFF by default.
A principled stance would just flip the default to OFF for both Apple and everyone else. With the strange treatment of developers on AppStore, I'm afraid they'll start abusing this to give edge to their own advertising on AppStore and elsewhere.
Apple offers paid app discovery, and they want to increase that revenue. Facebook has historically been the paid channel for paid discovery. By limiting its effectiveness, Apple can grab that revenue.
Stratechery dug into this recently (see the "The Apple Vulnerability" section about 80% of the way down):
Apple no longer has an ad network because advertisers were unhappy that it was not willing share user data.
>Apple knows names and addresses, geographic locations and app and music-purchase histories, and can show ad buyers that a group with specific characteristics also likes certain types of apps or music. However, its user tracking and ad targeting are not cookie-based, meaning agencies can't do automated buys via their cookie-centric trading desks, which allow them to mesh lots of data from different sources. Instead, they have to go to Apple, ask to reach a given audience and, well, trust Apple that it will deliver it.
One person familiar with the situation exec said Apple's refusal to share data makes it the best-looking girl at the party, forced to wear a bag over her head.
Apple got $12 billion from Google to keep Google the default search engine in Safari in 2019. (See [1].) All that money comes from ads. If Apple was really principled about privacy, they'd develop their own privacy-preserving search engine or steer people toward another one. As it stands, the pro-privacy measures Apple has in place are good, but are only what's convenient to users, and they often serve to promote their own revenue channels. Further, Apple seems to be default-on-ing their own ad network, while default-off-ing tracking by others. (See [2].)
It's not necessarily a principled campaign from Apple, and others have raised anticompetitive concerns around the fact that Apple's own apps are exempted.
But, it's still a good move for users, and it's still better than no change at all. Privacy advocates can't afford to only accept help from ideologically pure sources. We need allies. I'm not going to bash Apple over a change that will be mostly positive for end-users, just because Apple might have a few non-altruistic reasons for doing it. The privacy benefits from this change greatly outweigh any anticompetitive risks.
Ironically, I've commented this to the same effect in regards to Epic, but I think the advice applies to Apple critics as well: if you're too picky about who is and isn't allowed to advocate for you, eventually normal people and institutions will just stop advocating for you altogether.
But they do spy on their users. There's plenty of telemetry telling them all sorts of things about you and use of "your" device. They merely spy in more acceptable ways and don't appear to sell any intimate info.
I'm not a big Apple fan. But if Apple thinks it makes business sense for them to be privacy-focused, that it would get more people to buy their products, i'm all for it!
And I know it doesn't block what could be an ads business for Apple but if we need to hand off our data to Big Tech, I'd rather have Apple get my data than Facebook.
Please let's not get confrontational, I didn't mean it as a nitpick. I just think that there is a point at which we have to ask ourselves whether we truly need any of this. If all the options sucks, perhaps the only move is to drop all the options.
This is a fundamental misunderstanding of what's going on. In a battle between global megacorps over my personal data, I choose Apple over Facebook and its ad buyers. Ascribe to Apple whatever ulterior motives you want, but it doesn't change the fundamentals. "Wouldn't it be nice if no one had control over your data except you" is a pipe dream (in the US, anyway) and the best you can do is pick your poison when it comes to who owns your data.
Apple made the choice to monetize via cuts of in-app purchases rather than selling ads on its platforms as e.g. Windows does. This was a principled choice.
The personalization makes it easier to lie with statistics.
For example, did you know that 80% of people who purchased Product X saw a Product X advertisement through our network?
Sure, that was achieved by showing a Product X advertisement to people who'd just bought Product X (reversing cause and effect) but are you sure your marketing people would realise that and not be excited about how powerful this network is?
You can't make these targeting claims for an untargeted advertisement, and so idiots will believe they work regardless and there is a lot of idiot marketing budget.
Conventional adverts will have to be cheaper to compete, which means they earn less money for the host, which means that - for the intended audience of this Facebook message - those conventional adverts are definitively worse.
I don't run an ad blocker, although I do happily pay people who offer to give me a service without adverts for money.
As someone who almost never makes IAPs I am fine with this being a side effect of this desire. I’ve been blocking ads and tracking since... somewhere around 2001-4, I think? and I am pleased to have Apple’s goals temporarily align with mine in this fashion.
I think one of Apple's biggest mistakes was in not setting the precedent of taking a cut of app's advertising revenue. It creates an artificial subsidy for privacy-invading ads and is responsible for app bloat and App Store spam that degrades the user experience.
I also think 30% is too high across the board, but my point is simply that an incentive to employ inherently anti-privacy ad SDKs is unfortunate.
Apples Ad network was never important to them ever. Their behavior is better explained by privacy being a hugely important part of their product value.
We’ll just add this to the long list of privacy and security features that Apple has implemented for not necessarily principled reasons. I’ll see you in the top HN comment next time they come out with another one.
As it is, I'd like to encourage what feels like the only large corporate entity that cares even a little about users' privacy.
If there was even a single other large consumer company with a slightly better record on privacy than Apple, your view would be more understandable. As it is, at every turn industry after industry is getting infected with the "extract value through users' data" disease. Apple seems to be resisting that trend at least for now.
Sorry I though my sarcasm was obvious there. I was more commenting about how predictable and consistent it is that any time Apple does anything that’s pro-privacy/security/consumer, the top comment in the HN thread is without fail ‘yeah but Apple doesn’t actually care about any of that, this is just part of a conspiracy to promote their business interests’.
Aside from how remarkably consistent HN is at reproducing this, the funniest part to me is the sheer volume of things it has been said about (and then voted to the top of HN threads).
The title should be that Facebook apologizes to its _customers_, not its _users_. Its customers are people buying ads, not the users using the social network. As the saying goes, if you're not paying, you're the product.
> “That’s right, Facebook actually gave some of the money it made from running those ads through its system to the business that paid for those ads. Which doesn’t make any sense but shut up, Facebook is the good guy, ok? And Apple is wrong to be doing this.“
So it appears the author has no idea what a mobile advertising network is/does...
FB aren’t wrong to highlight that this will have a detrimental impact for many thousands of publishers who offer content for free, due to the fact they run an ad supported model.
FB aren’t wrong to highlight that this will have a detrimental impact for many thousands of publishers who offer content for free, due to the fact they run an ad supported model.
Those apps will still show adverts, publishers will still get paid, and advertisers will still pay to show ads. The only thing that needs to change is the way Facebook choose which adverts to show. Instead of an algorithm based on huge swathes of personal data that they've tracked it'll need to be a simpler "what categories of ads should we show in this app?" form. Adverts will be a bit less effective, which could drive revenues down a bit, but the sky is not falling on the ad model.
The real thing that Facebook are sad about is the fact that they will no longer be able to sell access to the tracking data. That's a lucrative business, and it's one that only really benefits Facebook and data brokers. Cutting off their supply of tracking data isn't a bad thing.
Of course publishers will still show adverts...but if your main source of revenue drops 50% overnight - that's going to be a huge problem for a number of content creators...which is what Facebook are warning against.
Most of FB's revenue is direct inventory sold - so this won't be too much of an impact on their owned and operated inventory - but as I say, it's publishers who rely on Facebook's targeting to generate high eCPMs to efficiently monetize their audience that will suffer most.
Facebook's and Google's first-party businesses will be totally fine. It's the marketplaces (ad sense, audience network) along with all the smaller players in mobile measurement/attribution/advertising that are going to be harmed by this.
File this under actions by a megacorp that increase the power of them and other megacorps.
+1 on this. I expect Mobile Attribution Companies (like branch.io etc.) to die a slow death because of this.
In the short term I expect companies like Liveramp (which acts as DMP (Data Management Platform)) to get more business because one theory here is all free apps will start to force users to login (using email/mobile number) which effectively becomes another ID you can track folks with across-apps over time.
I don't want to be stalked online, and I'll raise a glass over their bankruptcy notices.
Also, forcing users to login may also be in breach of GDPR, if you don't have a good reason to need a login, you're unnecessarily collecting personal information.
One obvious example of this is NVidia, you've paid for the card, yet they force you to login to use their apps.
One thing I am curious to see (how it pans out) is if device fingerprinting (IP + Device+ Some other attributes etc. to map you) evolves to solve this problem.
In my experience, it is pretty bad (at best 30% compared to IDFA/Device Id solutions) but I see few companies pitching this as an alternative.
Another example is Razer, who thinks you should need an internet connected, tied-to-a-person app to configure your mouse buttons.
I'll never buy or recommend another product from them in any category.
I often see ads for something I just bought, but I can remember many experiences where targeted ads hit My eyeballs for something I was still contemplating. Whether I bought anything in particular primarily because of such an ad I can’t say, but it seems likely.
These thousands of publishers also, unwittingly or not, provide a third party way for facebook to track its users as they journey across the web.
I agree that it sucks for ad-supported sites to lose out. An ad model that doesn't require user tracking would be beneficial for these sites and their users.
They don't offer content for free, they offer content for the cost of giving up information about yourself and having to witness some consumerist propaganda, which puts cash on their pocket. It's a transaction not a gift.
To play devils advocate, App developers will loose revenue from ads as they're not as efficient at showing ads users are likely to click on. Those developers may change their business model from 'free - ad supported' to 'features locked behind an in-app purchase' which Apple receive around a 30% cut of.
I personally don't feel strongly one way or the other, both contain shady practices.
There's three independent issues here affecting users and developers:
1. People are tracked in ways they don't understand without their knowledge or consent.
2. Apple requires that in-app purchases go through the App Store.
3. Apple does not allow 3rd-party app stores.
These can all be independently tackled and it would be a shame to gate solutions for one problem on solving the others first or at the same time. For now, apps can change their business models to ensure profits. Later, when the other issues are taken care of, they can take advantage of that as well.
I've honestly been surprised at how much traffic Facebook has in my household [1]. I use a Ubiquiti UniFi system at home and have the UniFi controller installed which gives stats on traffic. It's just two people at home.
Facebook's traffic clocks in at 5.22GB on the network (from the beginning of time for the controller). To give context, my wife and I don't use our Facebook accounts at all. She hasn't logged in in 3 years and I log in maybe once a month to once every two months. Surprised by how many apps in our household use the Facebook SDK and pipe data to them.
Additional context, I don't even have "fun" apps. Just food delivery, Office suite (outlook, word, etc), streaming services, etc.
LinkedIn makes sense, we've both been looking for jobs and use it on a daily (if not hourly) basis but seeing Facebook APIs on the same level as LinkedIn is astonishing.
I don't have anything insightful to add, just wanted to say that's a pretty cool dashboard. I wonder if OpenWRT has any plugins that achieve the same result.
Good. Let Facebook’s app die in a fire. Their propensity for user data is second maybe only to Google. It’s creepy. And doesn’t really do much in the way of good. I laud Apple for their move here.
Interesting that you say that. Personally, I thought the article’s use of sarcasm was unprofessional. It is not at all objective, a core tenet of journalism.
As a result, I noticed errors like the statements that Facebook can no longer sell user data. Actually, FB does not sell data. FB sells ad placement based on user data. Still bad, but much less so.
If the Reg got that fundamental fact wrong, what else did they get wrong?
"Dylan might want to buy this jacket" transmits a lot less information than "Dylan skis, Dylan lives in zip code XYZ where he might not own a jacket naturally, Dylan's household income range is M, and Dylan was looking at ski vacation packages".
What do you think micro targeting means, then? Because I think it means there is a different version of the ski jacket ad for each zip code and income range and for whether someone is a skier. And they're probably only showing it to people that have expressed a relevant interest. So effectively that's the same information.
Giving an advertiser the somewhat opaque output of a totally opaque black box transfer function conveys less reusable information than giving the advertiser all the personalized inputs to that black box.
It's not exactly the same, but the claim was that it's "much" less bad, and in the presence of microtargeting I don't think that holds up. It's not all the information but it's a lot of important parts. Combine several ad outputs and it's way too much.
It's laughable at best that anyone would believe Apple isn't continuing to make use of their massive personal information collection to appease their partners, "official" and "unofficial".
They have a ton of data, and they certainly get some value from it. But unlike Facebook, profiting from the collection of data isn’t an existential issue for Apple. They could lose all of the data tomorrow and still be an extremely profitable business. That’s not true for a company like Facebook.
I’m not saying that Apple occupies any kind of absolute moral high-ground, but their business model lets them safely and publicly take this kind of posture on privacy.
> While it’s difficult to quantify the impact to publishers and developers at this point with so many unknowns, in testing we’ve seen more than a 50 per cent drop in Audience Network publisher revenue when personalization was removed from mobile app ad install campaigns
Yessss. Hopefully this is just step one in the collapse of Facebook but I’m not that hopeful yet.
My impression is that this might make it more difficult for facebook to track people in the short term only. Surely facebook can and will find other ways to achieve the same result through device fingerprinting, etc. It probably won’t be as simple and easy as the IDFA but I don’t imagine it will be particularly difficult for facebook either. And considering how much revenue they claim they’ll lose it seems it would be a worthwhile use of resources. I’m not really familiar with how facebook advertising works and I hope I’m wrong but it doesn’t seem like an impossible ask to me and I’m guessing most of the engineers at facebook are far more skilled developers and data harvesters than I.
I think Apple made this move to increase their Search Ads business. Now that those app install ads on Facebook and such are going to be a lot less effective, iOS app developers and publishers will flock to Apple’s Search Ads. I see this as a double win for Apple - free publicity, and more revenue.
Im seriously pissed that Garmin Connect iOS app has Facebook SDK in it. I found it googling what apps were crashing because of recent few FB SDK bugs. My Garmin watch has most sensitive data ever, health data like exercise, sleep and heart rate, and location from GPS.
So Facebook users are not the people using its service, but the advertisers that pay to collect data from them. Glad they made this abundantly clear.
Facebook users are the product they're selling.
another comment suggested Apple may really be doing this because they aren't getting their 30% cut of the money going between facebook & these add providers. Honestly it wouldn't surprise me.
It's not specifically targeting facebook, they're just massive benefactors of the way it works currently.
Basically Apple is going to force apps to request permission to track users outside of the app they're currently in, which at the moment they can do by default. Facebook just happens to do this a LOT, so this will sting them particularly badly.
I think Facebook should blame itself and other ad-networks for opening their platform to all kind of abuses like fake information and political campaigns with nasty agendas.
They made tracking so harmful with no respect to users privacy that everyone hates it now. It used to be that at least half of the users would prefer to see relevant ads until tracking become the evil thing that is right now.
I also hope these changes disincentivize the use of FB sdk (which I think benefits greatly from the current cross app tracking system) for other app developers. I am not sure how much value log in with FB adds to an app anymore.
This is going to be epic (accidental pun). A vs FANG gang[0].
Follow the money. Apple gets its money from consumers buying devices. Amazon from selling stuff to consumers. FB and Google just feed on people's data.
I appreciate HN generally for its measured, evidence-based and logical approach to most things.
But I can't help but feel that the anti-FB sentiment on HN goes too far when parody articles with no substantial points made shoot to the top of HN within minutes.
Personally, I found this article super useful. We've had long discussions at my company about what Facebook's announcement about not supporting IDFA opt-in means:
https://twitter.com/rjonesy/status/1298662658934222848
This article made it much more clear. It's one of the only ones that addressed why Facebook says advertisers have to create a separate advertising account for iOS 14 ads, for example.
What Facebook tells you:
"
To help preserve the fidelity of app install campaign measurement, we will require the creation and usage of a dedicated iOS 14 ad account
"
What the article explains:
"
Unfortunately, however, it will require them to set up a completely new advertising account to run campaigns for iOS users, because it’s not going to apply Apple’s new privacy protection measures any further than it has to
"
Makes sense. Facebook's recommendation to apps showing ads is to implement Facebook login or uploading hashed user information (Advanced Matching). Apple is already cracking down on those approaches, like saying any app that has social login must also support Apple login.
