
Apple's WebKit team proposes a way ads can be measured while maintaining privacy - fauigerzigerk
https://www.theregister.co.uk/2019/05/22/apple_browser_privacy_scheme/
======
makomk
"Once the browser has matched a conversion against a stored ad click, it sets
a timer, randomized between 24 and 48 hours. When that timer fires, the
browser makes an ephemeral, stateless POST request to the same well-known
location."

Alternatively, once the ad fraudsters have decided to scam an advertiser using
this system, their ad fraud programs make a series of POST requests to the
same well-known location pretending to be copies of Safari that have seen
conversions from this ad campaign. The only way to detect this fraud would be
to match up actual orders with claimed conversions from a particular site,
completely bypassing the intended privacy protections. (Which probably
wouldn't be that hard in some circumstances, but fraudsters would of course
get to target the scenarios where matching up orders is hardest.)

Like, as far as I can tell, this completely fails to provide attribution data
that advertisers can trust at all because it relies totally on the honesty of
software installed on end-user devices. It will also fail to provide the
stated privacy level in many situations, such as when the user keeps the same
unique-ish IP address for several days. The only thing it seems to achieve is
good PR for Apple, who will get a bunch of stories from credulous reporters
about how they're trying to improve user privacy and the evil adtech industry
is thwarting them because it wants to know everything about you.

~~~
lapnitnelav
Yeah let's not even mention the super low count of campaigns and conversions
an advertiser can have at any given time.

Some of the advertisers we work with have pretty small budget, i.e. less than
50k/month and even them will probably max out the 64 campaigns.

I'm all for having a privacy minded advertising industry but this proposal
misses the mark big time.

~~~
makecheck
The way I see it, the ad industry “survived” just fine when relying only on
print ads and other mechanisms that had no concept of automatically-logged
impressions. _Ad companies do not have an inherent right to abuse tech just
because tech exists._

~~~
rch
Ignoring the advertisers for a moment, it's obvious that companies have a
legitimate interest in knowing what portion of their ad spend is reaching
people who eventually become customers. If the tech evolves to the point where
that metric is knowable by some means that also respects consumer privacy,
then that could be a net win.

It helps that Apple doesn't rely on advertisers for the bulk of their revenue,
so they can actually pursue this sort of thinking without gutting their
business.

------
founderling

        Traditionally, ad click attribution has been
        done through the use of cookies and
        so-called “tracking pixels.”
    

No. Clicks are not tracked via cookies but via urls. The search engine in
their example would send the user to
someshop.com/someproduct?clickid=7e82jv927x748342

They say nothing about how they want to prevent this and other tracking
mechanisms. Yet, they propose an overly complex system to send even more data
to advertisers.

Also they do not say anything about the ip that their additional ping will
send out. I definitely do not want my browser to communicate with an
advertiser days later and without my consent.

Also, click tracking is not even a big problem in the first place. Tracking
you wherever you go is. Even if you do not click on any ads.

~~~
om2
We (WebKit team) know of major ad platforms that use cookies as their
preferred mechanism to track clicks, in part so that a tracking pixel can work
without requiring the merchant landing and conversion pages to include script.

We are also aware of tracking via link decoration (not just for ads) and our
first steps at defending against it are described here:
[https://webkit.org/blog/8828/intelligent-tracking-
prevention...](https://webkit.org/blog/8828/intelligent-tracking-
prevention-2-2/)

------
Someone
_" Google can scan users' Gmails to see what items they bought," he said.
"That is why Amazon removed the list of products from order confirmation
emails and require the user to click and login to Amazon to see the order
details._

Does Google do that? If so, only for a limited set of email senders, or
globally? Would they, for example, read email sent between doctors and
patients?

~~~
msbarnett
Google _absolutely_ does that:
[https://myaccount.google.com/purchases](https://myaccount.google.com/purchases)

They scan your email and extract what you purchased, when, for how much, and
when it was delivered. It appears to be as close to universal as they can get
it — they’ve extracted info from some pretty niche retailers emails on my
account.

There’s no publicly viewable equivalent for scanned health info but,
internally, who knows. It wouldn’t be at all surprising if some of that data
went into a training set for ad targeting, at the very least.

~~~
jobigoud
Wow, that's eerie. And I thought I had everything disabled.

Can this be disabled?

~~~
leokennis
Yes. You can disable it by switching to Fastmail or a similar email provider.

(Sorry.)

~~~
Someone
And never send email to gmail accounts, and make sure nobody ever sends you
mail from gmail accounts, I presume? That’s quite unworkable.

~~~
leokennis
Of course you’re right; perfect privacy is impossible.

But at least we can pick the low hanging fruit and not give our own info to
Google voluntarily.

------
AJRF
Forgive the pessimism but isn't this article rewritten every year? It's always
along the lines of "ad tech company begs apple not to enable X". Doesn't
really seem to be that effective as there is always something to replace the
newly blocked method each time.

~~~
paranoidrobot
That would probably be why the subheading is:

> Safari tech ready to be ignored by online ad giants like all other privacy
> proposals

~~~
anoncake
Reading this made me think "The Register?"

 _scrolls up_

The Register.

------
IloveHN84
Simple reminder that this can't prevent browser fingerprinting, making this
technique useless

~~~
om2
We've done things to make it harder fingerprint Safari users. It might still
work sometimes but will be less reliable.

------
libertine
So... the contextual advertising is not sticking uh?

------
tssva
> The proposal is consistent with Apple's attempt to occupy the moral high-
> ground of technology by championing privacy at the expense of the
> surveillance capitalism embodied by Google and Facebook.

Shouldn't this be "The proposal is consistent with Apple's attempt to disrupt
the largest revenue stream of their main competitor Google." If Apple actually
cared about "the moral high-ground of technology' they wouldn't be so
desperately fighting right to repair laws.

~~~
simonh
If right to repair really was just about user rights that would be fair
enough, but it’s also about requiring bigger, heavier, more fragile and more
expensive products. As a user I’m all for user rights, but I personally doubt
the advantages of the government telling companies how to design their
products beyond things like health, safety and environmental protection.

I don’t think users should have to worry about products being safe for
example, but I think the trade off between repairability versus other
desirable attributes is something best left to user choice.

~~~
bo1024
There are many kinds of right to repair. One proposal would be not to make any
requirements on the hardware, but just to require that _software_ cannot
disable the device or otherwise prevent third-party repairs.

So if you get the screen replaced by a third-party, it might be illegal for
software to try to detect that and refuse to work or update. This doesn't make
any requirement that the screen be easy to repair in the first place.

------
dvfjsdhgfv
Google has a million ways of tracking us anyway, this is going to be just a
minor problem for them they will solve sooner or later.

~~~
StreamBright
Actually there are ways to stop Google like pi-hole for example

~~~
sixothree
I wonder how many people they have working to circumvent pi-hole specifically.

~~~
StreamBright
How would you go about "circumventing" pi-hole? I do not allow DNS requests
going towards Google's DNS servers by firewall. The only option would be to
use a DoH but it is also blocked on standard ports. The only option is to use
a non-Google associated IP with a non-standard port which is not worth it at
the scale of Google.

