
Apple: Rotate tracking IDs on iPhone each month - tchalla
https://foundation.mozilla.org/en/campaigns/privacy-thats-iphone-but-is-it/
======
kgwxd
"That means we could still get relevant ads"

Ugh, if you're an advocate for privacy, please don't perpetuate the delusion
that users actually want "relevant" ads, or that these ids are solely used for
that purpose.

~~~
contravariant
Well I would actually prefer if ads were relevant. Relevant to whatever it is
they're next to though, not necessarily relevant to me (because frankly that's
no-ones business).

Same with youtube's recommendations. At this point over half the
recommendations are almost entirely irrelevant to what I'm watching, and
usually only have a vague connection to something I once watched, except for
the ones I'd actually already watched.

~~~
spinningslate
There's a risk we miss the point point in this discussion (as every time the
topic comes up). Even here on HN there are those who don't mind or even
actively want "personalised" ads. We'd assume the community here is aware of
the wider risks of surveillance or "social manipulation platforms".

The real issue is choice. I personally choose privacy over personalisation. I
also understand that businesses need revenue - so I pay for e.g. email rather
than using an ad-supported service.

My issue is that I can't choose privacy. I've taken reasonable steps to make
it difficult for Google, Facebook at al (ad blockers, pihole, etc.). But I'm
realistic to know it's an up hill struggle. I've never had a Facebook account
(nor instagram/whatsapp) but I know I'll exist as a shadow profile.

Whether ads are good or bad; whether they're personalised or not, and if so
how, isn't the fundamental issue. I've no issue with those that do want
personalisation (assuming they understand the consequences obviously). The
issue is that I can't choose. And everything G/FB/etc are doing is focused on
building ever more walled gardens, so it becomes ever more difficult to exist
outside them.

~~~
dvfjsdhgfv
You can't choose because your choice is expensive for the business. The famous
saying by Wanamaker is exactly about that: you can waste less money by
targeting people potentially interesting in the ads. This is the strength of
Google, FB and the rest: they can funnel the money where they're more likely
to generate more money and easily convince the accounts they're more efficient
than indiscriminate advertising via TV and other channels where you can't
profile the customer. You, a disobedient citizen, are just an obstacle in this
scheme. This is one big reason any revolution in this area is extremely
unlikely to happen.

~~~
spinningslate
Very well put, if depressingly so!

> easily convince the accounts they're more efficient than indiscriminate
> advertising via TV and other channels where you can't profile the customer

Does anyone know of any studies here? That is: is there demonstrably better
return on "personalised" ads vs. contextualised?

I don't expect Google/Facebook would publish anything other than support for
the former. I'd love to think there was some evidence to suggest they're
selling snake oil. That may be wishful thinking, but worth asking anyway.

------
bobcall
The posturing is quite strong with the Mozilla Foundation. It is quite
laughable that the Mozilla Foundation would take this "holier than thou"
position, considering that they (Foundation + Corporation) are pushing :
tracking (telemetry), ADs (Pocket), malware (studies), MITI[1] (Ministry of
Truth) and DRM (EME) in Firefox. The sad part here is the fact that the
Mozilla community does not seem to care one bit about these issues[2].

At this point, I trust Apple more than I trust the Mozilla Foundation or the
Mozilla Project (the bar is quite low for Apple). The Free Software / "Open
Source" community has a critical problem with project supporting organizations
pushing for things that undermine privacy, security and freedom to make a
little bit of cash. If we don't address these issues now, it might not be
possible to fix them in the near future.

[1] Mozilla Information Trust Initiative :
[http://archive.is/jcJWg](http://archive.is/jcJWg)

[2] For those who say : "you can turn these things off", this is not an
excuse! Telling a new user that they have to fiddle with `about:config`
settings out of the box is not acceptable.

~~~
folkrav
> For those who say : "you can turn these things off", this is not an excuse!

The telemetry is opt-in, the setting pops up once on first run. Ads are not
tracking, you may disagree with their very existence, but they're not a
privacy concern. Calling studies "malware" is just disingenuous. I don't see
what MITI has anything to do with the rest. DRM does suck, but _not_ having it
would be literal popular suicide, and in the current browser landscape, would
literally mean letting Chromium take over even more than it already does.

~~~
bobcall
> The telemetry is opt-in...

It is not "opt-in". The popup tells you to change those settings and if you
don't do anything, it is on. Just by unchecking the box in settings does not
turn off all telemetry.

> Calling studies "malware" is just disingenuous.

I guess you don't remember the "Mr.Robot" incident[1] that we were not suppose
to know about and many did not consent? Pushing an update with "Studies"
enabled by default and then pushing this malicious software is not consent!

> I don't see what MITI has anything to do with the rest.

Mozilla* is not in a position to be calling out other companies when they
themselves are guilty of doing the exact same things.

[1] [https://www.engadget.com/2017/12/16/firefox-mr-robot-
extensi...](https://www.engadget.com/2017/12/16/firefox-mr-robot-extension/)

~~~
Dylan16807
> I guess you don't remember the "Mr.Robot" incident[1] that we were not
> suppose to know about and many did not consent?

That was not malware. I will explain this a thousand times if I have to. If
you didn't manually configure its secret setting, it did _literally nothing_.

~~~
FTLJohnson
So, we can install software on people's computers and take up space on their
hard drives without their permission now and it's not considered malicious?
OK!

~~~
folkrav
Malware has a definition[1] :

> Malicious computer software that interferes with normal computer functions
> or sends personal data about the user to unauthorized parties over the
> Internet.

Taking up a couple KBs of space to do nothing is not even comparable. From a
moral standpoint, was it okay from them to install that extension on people's
computers? No. Was it malware? No.

[1]
[https://duckduckgo.com/?q=define+malware&t=h_&ia=definition](https://duckduckgo.com/?q=define+malware&t=h_&ia=definition)

------
tpush
I don't even get why Apple supplies this functionality anyway.

Instead of rotating they should just do away with it; it's not like this
functionality is to their users benefit.

~~~
dwighttk
They provide the functionality for people like my friend who loves to see bass
guitar ads and does because he is tracked.

They also provide the ability to turn it off (set the ID to all 0s) for people
like me who spend a little bit of effort to avoid ads.

If you are in one group stop pretending the other doesn’t exist. (Also more
generally applicable life advice)

~~~
Zenbit_UX
> If you are in one group stop pretending the other doesn’t exist. (Also more
> generally applicable life advice)

I'd argue your friend would be better off not being tracked and just Googling
bass guitars whenever he feels the need.

Let's not pretend ads provide any benefit to humans, they manipulate us
psychologically with the intent to part us from our hard earned money. In
addition, they often drain our batteries at extreme rates and can contain
malware and or lead to outright scams.

Your counterpoint to this is you know a guy who likes to see new bass guitars?

~~~
dwighttk
Feel free to argue with him. He’s not ignorant of all the harms, trust me...
I’ve brought them up when we’ve talked.

~~~
hu3
People who want to see ads are the exception. I'd argue that it would be
better if Apple used id=0 as the default.

~~~
dwighttk
more likely people who care either way are the exception.

------
Doches
Previous (lively!) discussion from _this morning_:
[https://news.ycombinator.com/item?id=19670024](https://news.ycombinator.com/item?id=19670024)

------
anonymfus
Windows just asks user if they want an advertising ID during "out of the box
experience". Why not petition Apple to do the same?

~~~
yardie
Because Windows is complete garbage from a privacy standpoint. Even disabling
every metric visible to the user Microsoft still allows their own ad network
to track you. I do not believe they are honest in the user privacy sphere.

~~~
SmellyGeekBoy
Nice rant, but how is this relevant to GP's comment?

~~~
yardie
Microsoft is an ad network. They went on a buying spree 10 years ago snapping
up various ad networks. Windows 10 is riddled with ad tracking software and
even when you disable every checkbox during OOBE there are still more that are
enabled you cannot disable. If it was such a good idea they wouldn't use it.

I don't trust any of their ideas on protecting your privacy just as I don't
trust a fox to guard a hen house.

------
ignoramous
I can't help but think that initiatives like ad-id and DoNotTrack are a
diversion at best than actually addressing the real problem of user-tracking
and malvertising. This is simply Shirky's Principle at work [0].

Some people argue for tougher regulation and laws-- sometimes regulations have
resulted in solidifying hegemony of established players (telecom industry, for
instance), and laws have worsened the situation when government has its skin
in the game (key disclosure laws, for instance).

Can't leave it up to the _free markets_ either, but, they seem to get things
right. Privacy oriented alternatives to existing tech today are facing a hard
battle given the growth opportunities they leave on the table. I guess, we are
poised for a tech breakthrough that'd settle it in favour of the users [1]: I
hope when WASM goes non-web and cross platform, all kinds of apps are compiled
to WASM and something like uBlockOrigin would simply shut all the trackers
down on all platforms at the application layer. Of course, there are problems
at other layers, for instance baseband on mobile phones that are known to
track location, and ISPs that keep tabs on traffic flowing through their
pipes...

[0] [https://kk.org/thetechnium/the-shirky-
prin/](https://kk.org/thetechnium/the-shirky-prin/)

[1]
[https://en.m.wikipedia.org/wiki/Bullrun_(decryption_program)](https://en.m.wikipedia.org/wiki/Bullrun_\(decryption_program\))

------
mlthoughts2018
This is a foolish idea. Rotating IDs on a slow basis like a month would mean
that big players can still easily create statistical cross-device graphs based
on traffic and activity patterns and link your rotated IDs (or link them
probabilistically). Small players who can’t afford this effort would lose or
shift business to Android-only.

------
dontbenebby
So if I go into Srttings -> Privacy -> Advertising and click “reset
advertising identifier” once a month does that accomplish this manually?

It’s not a perfect fix but adding a once a month calendar todo seems like a
good short term fix for the privacy conscious.

~~~
wjossey
Yes. Technically speaking, it does what the Mozilla author proposed.

You’ll end up getting a lot of ads for apps and services you potentially
already own, which is the “downside”.

FWIW: Worked in mobile ad tech for five years so I know this space.

~~~
dontbenebby
>You’ll end up getting a lot of ads for apps and services you potentially
already own, which is the “downside”.

Thanks for the clarification.

I don't mind that. I usually get product recs from things like Wirecutter. I
much prefer the model where a site I trust recommends a product, then get a
referral bonus when I buy it on Amazon than tracking my web history to "nudge"
me.

Since iOS can't let me use extensions, many of the tools I use to protect my
privacy (adblocker, JS whitelisting, etc) aren't doable on iOS. So even small
hacks like this are interesting to me.

~~~
astkaasa
there's an App called AdGuard

------
negamax
I don't have Advertising option. Is this only available in certain
jurisdictions?

------
gesman
I’d pay extra $100 for the iPhone where unique ID is editable. Even manually,
no schedule needed. Win win for Apple and for customers.

~~~
sambe
You can reset the identifier already. I assume you are not looking to supply a
particular value?

~~~
gesman
How do I do that?

I used one app that banned me arbitrarily by iPhone ID. I’d want to reset it

------
jsgo
This seems strange to me.

If we're going as far as to advocate cycling tracking IDs each month, that
means that at each switch, we've lost our "relevant" ads until we rebuild them
up. So why not go full on no tracking IDs?

With Apple pushing privacy as being the factor that separates them from their
peers, I don't see why they wouldn't have privacy on by default in this area.
Apple Ads are gone now, right? So no skin in the game?

------
karulont
Apple seems to have a vested interest in privacy. I hope that this petition
falls on the right ears.

~~~
leowoo91
Interesting to find out more options, I didn't know about "location-based ads"
setting which was in a different place than the "advertising" menu. Plus, I
always wanted location-based ads, so wanted to enable it, but it was already
enabled.

------
brookhaven_dude
Not terribly relevant for those of us who use safari only for everything,
because content blockers.

------
founderling
Can websites read that ID? Or is this about apps?

------
layoutIfNeeded
Oh no, one more JOIN. That will show them!

