Hacker News new | past | comments | ask | show | jobs | submit login
Intelligent Tracking Prevention 2.0 (webkit.org)
264 points by lunchbreak on June 4, 2018 | hide | past | web | favorite | 57 comments

While this doesn't solve the problem completely, it's interesting that they started. Apple can go all the way down to the system level to anonymize iOS and at make you look like everyone else, much more so than Firefox for instance.

Also some shade thrown at Facebook in the screen time demo, they called out Instagram and Facebook as great things to block. Not a full war declaration, just "how about less Facebook".

Some examples of why this doesn't completely block everything... All the cell phone companies have unique ids on each device which they seem quite happy to sell. [1] There are many ways to fingerprint people on the web (how fast code is running, gpu speed, touch and scrolling style) that will be wack-a-mole for awhile. Each website that is tracking you now could use it's own cookie to record user behavior and then send it to FB/Google on the backend to link them later. For your phone on wifi, your isp or cable company is selling data based on your mac address and ip address. [2]

Great that unlike GDPR, this isn't an enormous pain for every little website in the world. It just makes big company Facebook/Google tracking harder.

[1] https://www.igeeksblog.com/how-to-disable-data-tracking-on-a...

[2] https://hackernoon.com/what-youre-revealing-to-your-isp-why-...

> Each website that is tracking you now could use it's own cookie to record user behavior and then send it to FB/Google on the backend to link them later.

I dunno if this is realistically practical. Right now the reason people do this is basically because of a combination of a perception that doing so adds value to the page and the fact that it's incredibly trivial because the web frontend platform is relatively uniform.

Having to add and maintain a backend shunt for the data though? That's not something that's going to creep on to every single website in existence like facebook like buttons have. Hell, it requires you to even have a backend, which many sites that have these buttons barely even have.

With the sudden increase of data collection checkboxes in the last few days since the GDPR is in effect, I noticed more than one website claiming that for technical reasons I can't opt out of having my data resold unless I enable third-party cookies "to store my preferences". Yeah, right, I thought. But I really don't know if that's shady or just technically inept (likely both). Perhaps as you suggest many websites simply don't have the infrastructure to do anything non-trivial in the backend.

CDN proxies and hosting companies are rapidly adding these features. It won't affect the long-tail, but those sites don't get much traffic anyway.

> Each website that is tracking you now could use its own cookie to record user behavior and then send it to FB/Google on the backend to link them later

Which they need to document due to GDPR.

ITP 2.0 just got the Seal of Approval.


For those that don't or can't do Twitter:

Alex Stamos, CSO of Facebook, tweets:

"If this is about protecting privacy, and not just cute virtue signaling, then they should block all 3rd party JS and pixels."

Some funny responses:

""If this is about reducing the climate change, and not just cute consciousness about improving the world, then they should live in the forest with a wooden stick and nothing else" - you know exactly that Apple is trying to balance UX and privacy" @RL_Scharf

"Guy who set the house on fire is upset that he’s being denied access to matches, claims nobody should have them." @poiseavan

Even if "tracking" is allowed by the user for your domain (via the new API to request access), you must still get user interaction in the future to access the cookies that the user already allowed.

See: https://webkit.org/blog/8311/intelligent-tracking-prevention...

All in favor of these changes. Employing the user to control what is theirs is always good. The only part i do not like (from the power user perspective) is the auto save passwords. Prolly a good thing for the avg end user tho.

I wish at some point Apple would also include a built-in ad blocker so we don't even need to install third-party ones.

Built-in would mean they are actively at war with FB/Google. Safari's content blocker is their way to a) avoid the wack-a-mole game and let the blockers evolve along with their competition and b) stay somewhat neutral to their competitors.

It would mean they were actively at war with the tech press, which seems… unlikely.

Almost as if they were a cartel.

> they are actively at war with FB/Google

Why is that? They’re not at war with any particular company, mainly at war with a business model equivalent to cancer. Those companies will be welcome back anytime once they find out a proper business model that respects users.

> They’re not at war with any particular company, mainly at war with a business model equivalent to cancer.

Look, if you declare war on "primarily German-speaking countries", the end result is you're probably at war with Germany.

Not sure if you analogy works.

There’s only a very few countries where German is the main language.

There are unfortunately many businesses where ads (aka cancer) are the main business model.

> There are unfortunately many businesses where ads (aka cancer) are the main business model.

Few of which really matter at Apple's scale. A war with adtech is going to primarily be a war with Facebook and Google - the two companies look to have somewhere between 60-80% of US digital ad spend captured.

Your local newspaper is a) probably using Google Adsense and Doubleclick anyways and b) has no power to harm Apple.

But there are only really two companies that provide all these ads.

Nah, I think google would be pretty pissed if apple started directly attacking their business model.

How is that different than Google launching Android to attack Apple's business model?

Business is business. For a section of people the main reason to buy an iOS phone over a cheaper Android one is privacy.

The more privacy iOS can give you versus Android the more competitive advantage Apple can gain.

Let me guess: you’ve never had cancer.


But don't you agree that advertising is analogous to cancer in the tech world? It starts off slow, then gets bigger and bigger, consumes more stuff in its way and transforming/removing the company's core values (like Google's "Don't be evil", or "algorithmic" feeds in Twitter & Instagram) before eventually killing the host when users had enough and leave the platform en masse.

Some would say that paywalls, subscriptions, and in-app purchases ("freemium") models are also cancerous.

Generally, all business models favor growth, not steady state. No matter what Apple is saying now, they face the same pressure that everyone else is to show quaterly growth, continuously. Sooner or later, saturation will hit smartphone sales, performance will plateau, and they will need to seek out ways to either monetize their platform, or nickel-and-dime the users and developers even more.

It is the constant need for growth that is the basis for cancer, and sooner or later, a company either accepts it is no longer a growth company, or it starts to involve itself in little evils that accumulate over time.

Don't believe me? Look at Apple kowtowing in China. Moving iCloud users to unsecure platforms, banning VPNs, and who knows whatever backdoor deals they made with the CCCP to stay on good terms with Beijing. They have sold a little part of their soul in exchange for a huge market in China, and continued ability to manufacture their phones with cheap labor, all to preserve margins and growth. And now they're stuck, Beijing threatens, they'll bend over. In the US, they'll strenuously and publicly fight back against similar measures, but in China, Tim Cook will go to an internet conference and praise how they've managed the internet in China.

Once you're beholden to shareholders, you don't have much choice.

If they do that they better damn well block ads in their apps too. I don't like ads as much as the next person but they pay the bills, and I'll burn my top 50 app to the ground before I let Apple force me into their walled garden in order to make money.

As I think about this from a long term strategy standpoint, it might be to Apple's BENEFIT to actually eliminate advertising on their phones?

Given the current climate politically vis-a-vis privacy, such a move would put a lot of pressure on Facebook and Google. Here's the thing though, Apple doesn't really make their money from ads. They likely make a whole lot more money on premium apps, IAPs and store fees actually. (Not to mention hardware which just blows ALL of that out of the water in terms of revenue and profit.) I wouldn't be surprised if it's a COST center for them to run their ads infrastructure. They just have to run it because a lot of large developers, like Google and Facebook, want ads.

I'm not saying Apple would ever be this evil, but if they wanted, they could REALLY press their considerable advantages right now both politically AND in the market. Putting companies like Google and Facebook even more on their back feet than they already are and then going in for a crippling blow on them.

An iPhone is only as good as an ecosystem of apps. In your hypothetical, the only apps launched on iPhone would be those that are either paid apps or which have significant gating via in-app purchases. Many apps would just not develop for iOS if the business model doesn't work. Very quickly, Android would become the platform with a better ecosystem of apps. If 3 or 4 very popular apps are suddenly unavailable on iOS (let's say Snapchat, for instance), the next phone for many people will be an Android device. If Apple starts losing the high end of the device-sales market, they are finished.

What is the point of me putting my app on iOS if I can't make money from it? Not every app has a viable strategy for purchase based monetization, nor should it.

The first thing we as developers need to realize is that we are useful to platform owners as long as we are useful to platform owners. There is an old saying in business, "some customers are more trouble than they're worth." A harsh reality for developers reliant on ads is that it's entirely possible that we would be more trouble than we are worth. The revenue we generate for Apple via ads, frankly, pales in comparison to the revenue generated by the big IAP games for instance. (And I won't even bother sporting with the intelligence of any HN users by exploring the revenue gap between ads and hardware.)

Point is, if Apple wanted to go "evil", if they wanted to go for a knock out blow here, they could. It would probably benefit them in the end. To be honest, I could even see a LOT of other (NON-Ads based) developers loving it. As it would result in the removal of a lot of ads based riff-raff from the store.

So would it good for US? No.

But would it be good for a lot of other very important stake holders not to mention Apple itself? Absolutely.

It does put apple in an interesting position of subsidizing the infrastructure for apps which are 100% ad-supported (your $99/year fee probably doesn't cover all of it).

Part of the reason you can't charge for your app (or at least this is true for many apps) is that you have to compete with ad-supported alternatives which are "free".

I really wonder whether the App Store would be a more or less pleasant experience if there were only two types of apps: totally free and paid (either freemium, one-time upfront or subscription). I'd also love seeing a new category that mimics the podcast model: "sponsored" apps that advertise 1-2 products for a month or two at a time, but don't transmit any user data back except aggregate views. (This is also similar to the Masters golf tournament in the US with its very limited commercial breaks from 1-2 companies each year. It's the only golf I really enjoy watching.)

Apple desperately needs a trial infrastructure so that devs don't have to do the very anti-user move of blackmailing them with ads every 12s. and an "ad free" IAP. That just puts me in a sour mood toward the dev and starts off the whole relationship on the wrong foot (yes, I probably take devs auctioning off my user data more personally than I should given that they don't have much choice in the matter if they want to eat).

This is the whole point of the measure: get the negative value, ad supported apps off the phone. How is that a loss?

Not all apps that are ad supported are negative value? We just don't believe users should have to pay for the app.

Look, I know the game in Silicon Valley is to be bound and gagged by whatever billionaire is willing to throw money at you in their desperate quest to catch a unicorn. Some of us like to do it a different way. And our users are okay with that! They understand the transactional value of ads!

No offense. But if you're ad based, you're basically using the business model popular among those who are "...bound and gagged by whatever billionaire is willing to throw money at you in their desperate quest to catch a unicorn..."

I use it too. But that doesn't make it a good model for all involved.

You can sell the app itself on the store. The idea that developers are pigeonholed into using ads is nonsense: it is just easier to “sell” a free app with marketing than to sell an app for real money sans ads.

No offense taken :)

When people say they are ok with ads, they mean content based ads like your tv or billboard show. Not stalking mad man following ads.

Do you mean Apple's own apps or third-party ones?

I'm not sure in-app ads should be completely blocked, but there should be strong policies around what is allowed, and possibly an approval scheme for ads just like there currently is for apps. Also, a paid tier that removes all ads should be mandatory if an app has any kind of ads in there.

All I expect is if Apple does any sort of blocking of web based ads, I would expect the same treatment in App Store apps. Without that, the web would be dead on iOS.

Or—novel idea here—offer an actual choice and get user approval.

I believe that would put apple in an awkward position because they also offer an ad platform to developers. This would put them in a situation similar to adblock plus where they allow a few websites to use ads (mostly if they are paid money in exchange and they don't seem to flashy/annoying).

I believe Apple would rather avoid such a position for themselves (especially considering that this might not even be legal -- Adblock has already has a legal battle in Germany over the conflict of interest which they have won but might lose in other jurisdictions).

What I would really like is a proper ad blocker. The ones available in Safari are not really good. They seem to be only using a blacklist and cannot have well defined rules like uBlock origin.

What's interesting about Apple's strategy is that after blocking or helping users to block all ad tracking, they are going to make their own "privacy-friendly" ad tracking unblockable, which will give it an advantage over other ad networks serving ads on iOS devices.

We must be extremely vigilant about this. I hope they stay out of any ad businesses.

AdBlock by FutureMind allows custom rules and lists.

1Blocker allows it too.

All web publishers supported by ad revenue would immediately block Safari.

Good luck with that. They are incapable of blocking people that already use as blockers.

Blocking a particular browser is much easier than blocking many different browsers that are messing with what is rendered.

And easily beaten, it would be a complete waste of effort to even bother trying.

With Apple's slow update cycle, the publishers would not have very much trouble. It's far easier to identify a browser by its capabilities and bugs than it is to add those capabilities and fix those bugs.

Until there is nobody left to see their content and they go out of business.

Perfectly acceptable outcome if you ask me!

The Safari users won't be providing them revenue anyway. The publishers would have everything to gain and nothing to lose by blocking them.

Original source is here (scroll all the way down) - https://www.apple.com/newsroom/2018/06/apple-previews-ios-12...

Is this a standard / proposed as a standard? All of the links are on webkit.org, but the properties it adds to the document don't bear any reference to webkit.

The Storage Access API that they mention in the blog post is proposed to WHATWG, but not accepted as a standard yet: https://github.com/whatwg/html/issues/3338

Or more simply, delete cookies on browser close.

Edited the title from iOS 12 Safari -> Safari because this applies to the desktop version as well[1]

[1] https://www.apple.com/newsroom/2018/06/apple-introduces-maco...

We've updated the link from https://twitter.com/BenedictEvans/status/1003701261064130560... now that there's an official source.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact