Hacker News new | past | comments | ask | show | jobs | submit login

"Once the browser has matched a conversion against a stored ad click, it sets a timer, randomized between 24 and 48 hours. When that timer fires, the browser makes an ephemeral, stateless POST request to the same well-known location."

Alternatively, once the ad fraudsters have decided to scam an advertiser using this system, their ad fraud programs make a series of POST requests to the same well-known location pretending to be copies of Safari that have seen conversions from this ad campaign. The only way to detect this fraud would be to match up actual orders with claimed conversions from a particular site, completely bypassing the intended privacy protections. (Which probably wouldn't be that hard in some circumstances, but fraudsters would of course get to target the scenarios where matching up orders is hardest.)

Like, as far as I can tell, this completely fails to provide attribution data that advertisers can trust at all because it relies totally on the honesty of software installed on end-user devices. It will also fail to provide the stated privacy level in many situations, such as when the user keeps the same unique-ish IP address for several days. The only thing it seems to achieve is good PR for Apple, who will get a bunch of stories from credulous reporters about how they're trying to improve user privacy and the evil adtech industry is thwarting them because it wants to know everything about you.




Yeah I don't think this whole proposal works at all, and shows these people have very little experience with the actual adtech industry. To me it seems like they could only get a proposal this wrong if they did not even consult a single industry expert.


Yeah let's not even mention the super low count of campaigns and conversions an advertiser can have at any given time.

Some of the advertisers we work with have pretty small budget, i.e. less than 50k/month and even them will probably max out the 64 campaigns.

I'm all for having a privacy minded advertising industry but this proposal misses the mark big time.


The way I see it, the ad industry “survived” just fine when relying only on print ads and other mechanisms that had no concept of automatically-logged impressions. Ad companies do not have an inherent right to abuse tech just because tech exists.


Ignoring the advertisers for a moment, it's obvious that companies have a legitimate interest in knowing what portion of their ad spend is reaching people who eventually become customers. If the tech evolves to the point where that metric is knowable by some means that also respects consumer privacy, then that could be a net win.

It helps that Apple doesn't rely on advertisers for the bulk of their revenue, so they can actually pursue this sort of thinking without gutting their business.


Exactly this. If the industry has found there is no way to have solid and accurate tracking while maintaining user privacy, then the answer shouldn’t be the loss of privacy, the answer should be you can’t have that level of tracking.


This number doesn't necessarily have to remain 6 bits but note that if it got up to 32 bits it would be enough to contain a unique user ID (or even a unique ID for a specific click) which removes all privacy benefits.


  this completely fails to provide 
  attribution data that 
  advertisers can trust at all 
  because it relies totally on the 
  honesty of software installed on 
  end-user devices
Is that really much different from today’s world? Don’t many of these conversion tracking systems rely on links that could easily have spoofed data sent?


Not really. It’s a lot easier to heuristically validate link clicks when you can correlate them with a massive trove of other data about the visitor, which is exactly what companies like Google do.


We've started thinking about how to prevent conversion fraud. I think conversion fraud is possible even with current tracking pixel based conversion using a headless browser that scrapes the DOM of the purchase page. I also suspect fake conversions are only useful as a way to try to mask fake clicks, so if fake clicks can be detected, it might not matter.


>Like, as far as I can tell, this completely fails to provide attribution data that advertisers can trust at all because it relies totally on the honesty of software installed on end-user devices.

Which is great for Apple, since their bread and butter is locked down devices that users can’t tamper and they can presumable do a better job of filtering bad actors.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: