
We’re asking Apple to change the advertising ID for each iPhone every month - soheilpro
https://blog.mozilla.org/blog/2019/04/15/the-bug-in-apples-latest-marketing-campaign/
======
netwanderer3
I really wanted to believe Apple but they need to try harder.

This is not on iPhone but on a MBP so it's still quite relevant to Apple. I
had disabled the "apsd" process, which serves as Apple's push notifications
service, completely blocked it off using Little Snitch, and yet the process
still found its own way to reactivate itself and keeping a persistent
connection back to Apple servers in the background. I personally don't use
FaceTime or Notifications on MBP, why couldn't Apple just let me disable this,
and instead the process even circumvented around my firewall protection to
make sure it could communicate back to their data center? This practice is a
little shady and does not promote trust or transparency. If I have blocked a
process permanently then I expect it to remain always blocked.

Their EmbeddedOS on the Touch Bar also keeps a couple always-on connections
that utilize its own bridged network interface which users are completely
blocked off and do not have access to. They were supposedly for TouchID, but I
was viewing bandwidth usage the other day and these connections used up to
almost 10MB of data. Why would something like TouchID need to send 10MB of
data back to Apple? Again, this makes no sense and does not promote trust.

~~~
kmlx
are you referring to:
[https://developer.apple.com/library/archive/documentation/Ne...](https://developer.apple.com/library/archive/documentation/NetworkingInternet/Conceptual/RemoteNotificationsPG/APNSOverview.html#//apple_ref/doc/uid/TP40008194-CH8-SW1)

Apple Push Notification service (APNs) is the centerpiece of the remote
notifications feature. It is a robust, secure, and highly efficient service
for app developers to propagate information to iOS (and, indirectly, watchOS),
tvOS, and macOS devices.

You may not be using FaceTime or Notifications, but someone you know will be
using them.

~~~
ChrisRR
Maybe that's not what they want though. Maybe they just want to use their
computer without a constant connection to all of their other devices and
servers

~~~
notimetorelax
Ugh, the use of they/their is very confusing in your last sentence. You refer
to OP and to Apple using the same “their”.

~~~
tialaramex
It's possible this was snark, e.g. suggesting that a Mac really belongs to
Apple and you're just paying them money to let them put it in your home where
it can snoop on you. But in the spirit of good faith, let me assume not and
just annotate your parent's they/ their use:

Maybe that's not what [netwanderer3] want though. Maybe [netwanderer3] just
want to use [netwanderer3] computer without a constant connection to all of
[netwanderer3] other devices and servers

English has some plural and possessive agreement rules that make this sound
like faux caveman speak, let's fix those:

Maybe that's not what [netwanderer3] wants though. Maybe [netwanderer3] just
wants to use [netwanderer3]'s computer without a constant connection to all of
[netwanderer3]'s other devices and servers

------
dymk
I don't understand Mozilla's ask for changing the cycling of these tokens to
monthly.

If this was implemented, it wouldn't be very difficult to associate a cycled
out profile with a new one. Only days of behavioral information. So if out of
a 30 day month, 3 days are used to re-associate user profiles, they're only
using a partial profile 10% of the time?

I don't even get why Moz thinks IDFAs are particularly bad for privacy
anyways. They're only shared across apps that come from the same developer;
your Facebook and Snapchat apps see different tokens. They don't expose any
personal information, they only identify a unique piece of hardware. It
wouldn't be particularly difficult for apps themselves to generate and persist
their own random token; how often do people reinstall apps anyways?

~~~
dfabulich
The IDFA is device universal, and is only reset when the user takes manual
action.

Apple was aware of the privacy challenges of this, and laid out the rules for
using IDFA in this WWDC 2014 presentation.
[https://developer.apple.com/videos/play/wwdc2014/715/](https://developer.apple.com/videos/play/wwdc2014/715/)

It's a video with no transcript, but if you click the link to the slides, you
can see on slide 7 that the lifetime of the Advertising ID is "Reset
Advertising ID."

Each time you submit an app binary to Apple for review, you have to click a
box that solemnly swears that you're using the IDFA to attribute activity to
an advertisement, proving that the advertisement did its job. "I, USER NAME,
confirm…"

I don't know whether the solemn vows really do anything; I get the impression
that IDFA abuse is detected via privacy researchers making noise in the tech
press. But it has been enforced a few times.

~~~
garrettr_
> It's a video with no transcript

While Apple only started posting transcripts of WWDC presentations last year,
[https://asciiwwdc.com](https://asciiwwdc.com) has been around for a while and
is a great searchable archive of WWDC transcripts. Here's the transcript for
the presentation you referenced:
[https://asciiwwdc.com/2014/sessions/715?q=user%20privacy%20i...](https://asciiwwdc.com/2014/sessions/715?q=user%20privacy%20in%20ios).

------
asimilator
> At Mozilla, we’re always fighting for technology that puts users’ privacy
> first

I would love to run my own Pocket server ...

2 years and counting.

~~~
mellow-lake-day
There is this: [https://wallabag.org/en](https://wallabag.org/en)

Their description: wallabag - a self hostable application for saving web pages

No idea on how good it is or how it compares to pocket but it seems to be what
you're after. And you can import your data from pocket.

~~~
dawnerd
I use it self hosted, it's excellent.

------
reilly3000
This would break a lot of standing marketing/long-term lead nurturing efforts.
It sort of forces marketers to engage with users they have in their actual
database or do everything in 30 days. Some sales cycles are a lot longer than
30 days. In publishing its pretty relevant to know if long term visitors stop
coming back in the aggregate. There are lots of legitimate business purposes
for anonymous longer term tracking.

Counterpoint: if a data collector stores the ad id or derivative of it with
anonymous activity then later links it to a user account with PII that could
break a lot of basic assumptions the user may have about their privacy. That
would be difficult to prevent from happening with a technical solution.

------
olliej
The Ad identifier isn't exposed to the web (thankfully)

(Edit: Apparently I was wrong - I’d swear it was per device? Hence the single
global “reset the id “ option. If it’s per app/app group/developer ID then
rolling doesn’t help because they can always just generate and store their own
ID)

~~~
dymk
IDFA _is not_ shared per app, only across developer accounts. Your Facebook
and Snapchat apps don't see the same IDFA.

~~~
olliej
Ok I edited my answer but literally all my research indicates that it is per
device - all apps irrespective of developer see the same ID. It was
specifically created to replace the UDID that could never be changed at all.

So I am irked I didn’t research before editing :-/

~~~
arcticbull
It's strange because I had the same impression. I remember the whole migration
from UDID to application advertising identifiers... I swear each app got their
own IDFA token, and that it didn't persist across app installs. I guess I was
mistaken also, because it only resets on manual reset or device erasure.

The APIs for this are very clear:

var advertisingIdentifier: UUID { get }

"Unlike the identifierForVendor property of the UIDevice, the same value is
returned to all vendors. This identifier may change—for example, if the user
erases the device—so you should not cache it."

~~~
olliej
Yeah, my original comment was correct unlike the very confident correction.

The problem is periodic rolling of the ID doesn’t get you anything as any
tracking service is simply going to track when the value changes in all the
apps, and so all different IDFA tokens can always be tied to a single
individual. Rolling, automatic or not, and irrespective of frequency gains you
nothing. Tracking companies have repeatedly demonstrated a complete disregard
for user privacy.

The /only/ way to fix this is to remove device centric ids from the platform.
Then tracking frameworks can’t tied one user to multiple different app
installs.

None of this “automatic rolling” nonsense - the API should not be there at
all.

------
gervase
I wonder if these kinds of painful (from a business perspective) choices will
act as a kind of forcing function on their whole privacy push, either by
highlighting the hypocrisy if they continue mining customer data while
preaching virtue, or alternatively, by really pushing them to put their money
where their mouth is and creating a more truly private system.

I think the biggest factor will be if they can convince the US population
(their core demographic / market) that privacy matters. If it does, then it
will be worth it to their bottom line - if not, they may have to capitulate to
market forces and return to squeezing as much data as they can from their
users.

The next few years could be very interesting from a privacy standpoint.

~~~
srwx
I'll believe they are honest about caring about users privacy when they
release imessage for other platforms.

~~~
dymk
Why is that your threshold for believing that Apple cares about user privacy?
The ecosystem they've built so far has had _significant_ time and effort
invested into it to make it privacy friendly.

~~~
srwx
Because it highlights their real motives. Why not give everyone the ability to
securely communicate? profits > privacy.

~~~
latexr
> Why not give everyone the ability to securely communicate?

Because their message isn’t “we offer privacy to everyone in the world” but
“we offer privacy to our customers”.

~~~
srwx
But they don't because when their own customers communicate with others
customers the conversation is no longer private and if they aren't
sufficiently technically knowledgeable then their own customers might not even
know it's not secure.

~~~
arcticbull
It would be if they were on iPhones :) Apple's not a non-profit. There's money
to be made selling privacy to those who care, and Tim's on the job.

~~~
srwx
[http://gs.statcounter.com/os-market-
share/mobile/worldwide](http://gs.statcounter.com/os-market-
share/mobile/worldwide)

~~~
arcticbull
Funny thing is Apple's competitors _don 't_ make money. Apple has ~50% of all
smartphone revenue and 87% of the world's total smartphone profit share -
iPhone X alone was 35% of global profit share with, to your point, only 22% of
the market. Less, even, my data shows 19% of shipments most recently. Samsung
is next in line off the back of approximately equal shipment volumes. Everyone
else effectively breaks even or loses money. [1]

I'd say Apple's got this one figured out.

[1] [https://www.forbes.com/sites/chuckjones/2018/03/02/apple-
con...](https://www.forbes.com/sites/chuckjones/2018/03/02/apple-continues-to-
dominate-the-smartphone-profit-pool/#69766dd961bb)

~~~
srwx
Money doesn't matter, you don't get it. When only 1 in 5 phones is an iphone
then keeping imessage.. you know what, I'm not wasting the effort.

~~~
arcticbull
I do get it, my argument was that money is the only thing that matters. Their
goal isn't to secure everyone's communication, it's to maximize profits.
They're doing that by saying if you both care about privacy, we have a one-
stop-shop that'll get you taken care of, but it's gonna cost ya - and your
friends. It creates an implicit pressure for others to get on the bandwagon
driving up sales.

------
dillondoyle
How would this make it at all harder to build a profile or change anything?
Correct me if im wrong:

Google, or whatever ad tech, gets data from an app which sends an email or
oauth data to the IDFA. The email or oauth data stays the same even if the ad
uuid changes month to month. Over many many apps.

I personally would actually rather have Apple control this and start competing
with FB as a mobile ad network. I think they could present a solution which
fits with their privacy appeal while also cleaning up fraud and dictating
better ads formats / rules

I would like to think that space isn't totally won yet.

~~~
madeofpalk
Apple tried to play in this space before. They didn't win
[https://developer.apple.com/support/iad/](https://developer.apple.com/support/iad/)

------
hartator
I rather them focusing on hardening their own privacy instead of cherry
picking issues at competitors.

~~~
Someone1234
They have been focusing on privacy for the last several years and rolled out
multiple improvements specifically in that area on the last year alone (e.g.
Anti-Tracking Protection, DNS over HTTPS, HTTP Referrer limits, Container
Tabs, etc). Plus products like Firefox Focus (essentially an in-private
browser).

If we're gatekeeping who is allowed to criticize Apple, perhaps it would be
enlightening to give some examples of people or entities who attain a high
enough level of moral purity to do so. If an organization like Mozilla fails
to reach it, I just want to get a sense of where the bar is set.

~~~
flukus
> If an organization like Mozilla fails to reach it, I just want to get a
> sense of where the bar is set.

Telemetry that's not on by default would certainly be one measure, I don't
know about apple but mozilla certainly fails. If they don't understand the
need to gain consent before collecting statistics on their users then they
don't understand privacy.

~~~
Someone1234
Apple themselves does the same. Therefore the position is that doing something
Apple does makes you unqualified to criticize Apple. That would by extension
make Apple themselves unqualified to criticize Apple, which is a rather
unusual bar.

What I find curious about many comments in this thread is that few want to
address the issue itself, but instead would rather either shoot the messenger
or argue that even raising the issue is unacceptable.

Why are people so opposed to discussing this and why is Mozilla's record or
reputation even relevant here?

~~~
floatingatoll
It might be because the point stands up well to argument:

\- Should Apple do it? Yes. No downsides are apparent.

\- Will it help many users? Yes. Many users will benefit.

\- Is it a panacea? No. Rulebreaking apps will rulebreak.

Thus the career detractors are forced to invoke unrelated topics to continue
their press conferencing.

------
exabrial
They don't hammer Google hard enough imho in their marketing campaigns in my
opinion.

~~~
baroffoos
When has google ever pretended to care about privacy?

~~~
whoopdedo
Wouldn't that give us even more reason to ask for privacy features from them?
If they don't show an initiative to consider it themselves then users should
take the lead. Mozilla wants me to sign a petition asking Apple to rotate
their advertising ID. Well where's the petition I can sign asking Google to do
the same?

If Mozilla speaks out against Apple while staying silent against Google it
gives the appearance that they are at best not willing to bite the hand that
feeds them. But at worst may raise concern that they are barking at the behest
of their master.

------
andrekandre
resetting the idfa doesnt realy help anyways because apps usually

a.) generate a uuid that is stored in the keychain upon first launch

b.) send the users iphone name to thier tracking servers

c.) other uniquing information such as screen size, device make, os version
etc

so you can bet that idfa doesnt matter one iota and is totally besides the
point...

------
arielm
What is Mozilla’s incentive to push for this? I get that tracking is a big
deal these days, but other than to get some press how is Mozilla related to
all of this?

~~~
cmelbye
Making the world better?

------
unfoldedCravat
Unless I'm missing something, the user can set this to all zeroes.

[https://developer.apple.com/documentation/adsupport/asidenti...](https://developer.apple.com/documentation/adsupport/asidentifiermanager/1614151-advertisingidentifier)

A sane default would be nice but there's a lot of other information that can
be used to fingerprint a user from their device, device names and carrier
names along with a bunch of other device settings are accessible without
asking for permission. Unfortunately there's no current way to limit these.

------
WD-42
ITT: Lots of people bashing Mozilla, probably as an excuse to feel better
about still using Chrome.

------
mmphosis
I wish I could "Sync" without connecting to Firefox, among other intrusive
things:

    
    
      geo.enabled              ,false,disable asking to share location
      extensions.pocket.enabled,false,disable pocket

