Hacker News new | past | comments | ask | show | jobs | submit login
Apple’s Ad-Targeting Crackdown Shakes Up Ad Market (theinformation.com)
316 points by salgernon on Dec 9, 2019 | hide | past | favorite | 330 comments

> Only about 9% of Safari users on an iPhone allow outside companies to track where they go on the web

> In comparison, 79% of people who use Google’s Chrome browser allow advertisers to track their browsing habits on mobile devices through cookies.

Something to keep in mind the next time you see someone from Google complaining about how Apple won’t allow Google Chrome to run natively on the iPhone.

Apple will let whatever browsers want to run on iOS. Chrome is, in fact, on there.

They just won't let them using any rendering engine but WebKit—and this restriction long predates Google's current level of draconian dominance in that sphere.

I don't believe the tracking settings are tied to the rendering engine, so I would be surprised if Chrome on iOS has settings that different to Chrome on macOS in that regard.

So they allow WebKit reskins, that's not the same thing as allowing competing browsers.

And it's not as dire as just a reskin of Safari. You have to use Webkit but everything before and after it are up to you.

The rendering engine also includes the entire network infrastructure. I can't think of how I would plug my own network infrastructure into WKWebView on iOS, which means I can't block any built-in tracking prevention.

I think you’re confusing WKWebView with SFSafariViewController. Content blockers are not used for WKWebView. You can use your own content blocking logic via the appropriate delegate calls, but the “system-wide” content blockers are not inherited from Safari.

Intelligent Tracking Prevention and content blockers aren't the same thing though. I don't know if ITP runs for WKWebView but I really hope so.

Chrome on iOS uses its own networking stack.

What's your source for this claim?

Right, there'd be no way Chrome on iOS could do the same things Chrome on macOS does when it comes to cookies, etc.

I hate tracking like everyone else but what you wrote is just pure FUD.

Apple forces Firefox/chrome to use their crippled engine but that has nothing to do with the parts that do the tracking.

For the record, Firefox has built-in anti tracker which is enabled by default and they do that on all platforms. And don't forgot the privacy enhancements Samsung added to their browser years ago.

Using “FUD” in one sentence and calling WebKit “crippled” in the next is not a good way to establish yourself as a rational analyst. Firefox is my primary browser but I don’t think advocacy like that is helpful.

3rd party browsers are forced to use a webkit engine instead of their own. By any definition, this adds a severe limitation => crippled.

I also think (I could be wrong) safari has access to a slightly different webkit engine than third party browsers.

This hasn’t been true for years. Yes in the past, the embedded safari engine (used by apps) didn’t have JIT capabilities. But since webkit2’s multi process model, and WKwebView in iOS which is now the only way to embed WebKit, it’s the exact same as native.

According to html5test.com, the latest Safari on iOS is rated at 463 while Firefox Mobile 48 is 466—not much of a difference.

However, Safari is faster, especially when it comes to JavaScript.

It’s hard to believe that if Firefox ran natively on iOS, it would be more memory and energy efficient than WebKit: https://webkit.org/blog/8970/how-web-content-can-affect-powe...

That doesn't feel like the right word: it's mandatory but you're still talking about a very competitive browser engine and the security rationale for blocking third-party JIT is not without merit even if I wish they'd relax it[1]. This feels similar to the IE 5-6 era: it got really bad by the end after Microsoft removed most of the team but there was an earlier period where they were forcing it on users but most developers would have acknowledged it having good performance and features relative to the competition.

In this case, it's especially complicated by the fact that iOS is the primary check on web standards meaning whatever Google chooses to implement. Mozilla isn't without influence but there's no incremental way to chip away at Apple's market-share the way they have with Google/Youtube.com pushing Chrome at Firefox users short of making Android phones far more competitive.

1. Say by requiring strong commitments to code quality and response time, which would allow e.g. Firefox and Chrome but not Adobe-level security commitments.

A forced choice is only a severe limitation if it’s significantly worse. That’s currently a guess as there are no iOS comparable options to consider at this point in time.

Further, Google has a competitive interest in eventually crippling their iOS rendering engine.Then again I don’t use desktop Crome so that could be my bias talking.

No, they wouldn't ever do that. That would be like making an anti-demo. Google has an interest in getting as big a market share for their browser as they can. In as much as disabling their web application functionality of you do not use chrome. Android is much less relevant than the browser.

And this does not even begin to touch on Firefox.

The problem is a policy one, with Apple really liking their walled garden and veto rights to any design.

Edit: I don’t think Crome has a better engine.

For sake of argument lets’s suppose Android Crome was a 90 and iOS Crome is currently a 70 due to the rendering engine. In theory they could replace the engine and hit say 85 given enough resources. But, they could also replace the engine hit 75 and blame iOS. Their still demonstrating an improvement and intentionally crippling it at the same time.

That said any such measurement is arbitrary. I personally like having a unified rendering engine because it’s less testing when developing mobile websites. There is no way to improve that situation by introducing a new engine.

Technically they are not introducing a new engine. Chrome is well established with a 60-70% market share. Not saying thats a good thing either...

But you have a very pro-apple and anti-google way of thinking here which I think misguided and does not actually benefit you. Even with those made up numbers chrome would improve from 70 to 75 which is by all means a win for the consumer (you!) but you are ready to dismiss it as it might be bad for Apple.

(For the record, I don't use chrome)

I edited the post to make it clear I don’t think Crome has a better engine having seen many issues on android phones. I was simply saying if they had advantages on other platforms you can’t assume they will carry over.

Anyway, I still test and find different issues with Crome on Android tablets, phones, and desktop due to significant market share and I would do that for iOS Crome. Sure, Chromes developer tools helps fixing some of these but I have had various CSS issues not replicate.

However, most companies don’t do this so adding more rendering engines with slight bugs seems to make things worse for consumers. There may be short term benefits, but long term it’s a net loss as many developers would only support a subset of iOS users.

> 3rd party browsers are forced to use a webkit engine instead of their own. By any definition, this adds a severe limitation => crippled.

Not only that but if WebKit has an exploit, all browsers have an exploit.

> I also think (I could be wrong) safari has access to a slightly different engine than third party browsers.

Correct, Chrome used to be based off WebKit's HTML rendering engine, which Google forked and created Blink instead. Firefox has their own engine (Gecko?) which is all being redone in Rust.

Isn't WebKit still native to IOS with regard to requiring a system update vs being able to update WebKit OOB like a normal App Store app as well?

> For the record, Firefox has built-in anti tracker which is enabled by default and they do that on all platforms

Firefox's anti-tracking protection doesn't block google analytics by default. They only block "third party" cookies - which in practice translates as: Google's competition.

The fox knows better than to bite the hand that feeds it.

Do you have a source for that?

Firefox docs and disconnect don't say anything about this



The above specifically shows you to make sure your site continues to function when Google Analytics is blocked by Firefox. I can't find any evidence that Firefox doesn't block Google Analytics.

I'm not sure where you got this idea but it's completely untrue.

He's 100% correct. Google Analytics is a "first-party" cookie and thus not blocked by any privacy helpers.

"Cookie blocking" and GDPR is just Google abusing its monopoly position, nothing more.

Source: I work in adtech.

Mainly 1st party but some features might use 3rd party.

-- For customers that are using Google Analytics' Display Advertiser features, such as remarketing, a third-party DoubleClick cookie is used in addition to the other cookies described in this document for just these features. For more information about this cookie, visit the Google Advertising Privacy FAQ.

Source: https://developers.google.com/analytics/devguides/collection...

And when there is a security vulnerability which exploits webkit by just visiting a website, one has to wait till Apple releases an OS update(if it decides to acknowledge and fix it[1]), where as one on Firefox 'if Apple had allowed its own engine' could get updated via the AppStore.

What Apple has done with the trackers is commendable, but the security argument when it comes to browsers is always in favour of allowing browsers with their own engines; which apple doesn't.


I may be misremembering but my understanding was that Apple disallowed other rendering engines not primarily for security reasons (although I'm sure they're a factor), but for performance and, by proxy, battery life.

It's not dissimilar to the argument against Flash: yes it was insecure and unstable, but mostly it was a performance hog and a battery drain, which isn't great on mobile devices with limited battery life.

What’s the practical difference between an OS update that can be one tiny patch and an app update? Not only does iOS 13 support all phones back to 2015. They released a patch for older devices going back to 2011 less than 6 months ago.

One requires you to restart your phone and one doesn’t. One allows you to get the security patch without other unwanted changes to the OS.

> if it decides to acknowledge and fix it

The reference does not back up your claim - Apple never disputed that there was an issue, and they had already fixed it when Project Zero published their report.

wdyt about the frequency of security patches vs you getting tracked on all sites you visit? Not to say Apple doesn't care about security.

>Not to say Apple doesn't care about security.

Not as much as it advertises itself as a torch bearer of Security & Privacy (or) Not as much its ardent proponents believe it to be.

Apple won’t let Firefox run either.

I'm not sure what you mean by "run"? I use Firefox as my browser on my iPhone.

iOS Firefox uses Webkit, not Gecko as intended. It does link to your Firefox accounts and so on but otherwise it is much harder to distinguish against other iOS browsers.

Chrome, Firefox and similar on iOS are just skins on top of Safari. This is only true on iOS not on MacOS.

The browser rendering engine used has nothing to do with tracking permissions, which is set by the browser itself. Chrome is on iOS for example, as is Firefox.

Or thinkpieces claiming that "Safari is holding back the web".

From Modern Day's Startup CEO, CTO or SVP that are under 30 or barely 30+ getting their 5 minutes of frame, while never actually programmed in the IE era and wrongly assumed IE era as IE 7 or IE 8.

As someone who worked in ad tech for half a decade, I fail to understand the fuss about cookie based targeting. We're speaking of databases mapping data to random numbers stored in a file that can easily be deleted. The real issue is ad targeting by a handful of large companies that have personally identifiable information.

It's not like cookie based targeting is very effective either. It's very difficult to get cookie based ad targeting right – you have to make significant investments into product, technical integrations and data buys. Given the fact that the cookies to which you are tying these investments can vanish at any time (and a large % do so regularly), it rarely makes business sense to make the right sort of investments. Instead most companies do the bare minimum and try to make a guess that is slightly better than a coin flip. I actually remember seeing a deck from a data company boasting how their gender data was ~ 60% accurate.

Why are we worried about this? Contextual targeting is far more effective. As an example, targeting an ad on Elle.com is more than 60% likely to reach women than an ad targeted based on cookie data.

Genuinely curious so would appreciate calm, non-aggressive responses. I'm wondering whether this is due to a generally poor understanding of cookie targeting effectiveness or if I'm missing something.

You probably would be well advised to read up on the economics of consumer differentiation and price discrimination.

All of today's ad-tech is set up and developed for that purpose. Whether overtly or covertly, it is the singular purpose, because the case is so clear cut: We are distributing the share of the pie between companies and consumers.

It is therefore clear why people aware of basic economics consider agressive tracking and privacy violations hostile, because they ultimately are or will be.

I am not worried about actually showing ads that are personalized in some way. But as others have pointed out, cookies are not for that. You can target based on the site's content and you are probably showing me a much more relevant ad anyway.

I am worried that every offsite ressource and every ad is used to track me across hundreds or thousands of shady services that operate under zero regulation or control, the combination of which allows market actors to determine how much of my consumer surplus they can extract in every sense, and thus actively devaluing the internet for me, in excess of what happens in the real world!

And the responses of the ad industry lobby groups pretty much prove to me what they think about choice and what they expect to get from consumers.

At this stage, it is entirely rational and ethical to consider the entire ad industry as hostile. As a group, with all side-effects, the notion of just "showing an interesting ad" simply does not exist anymore. At least for the collective industry. Any effort you took to track users, no matter how noble, will ultimately be hostile to me in the future.

>All of today's ad-tech is set up and developed for that purpose. Whether overtly or covertly, it is the singular purpose, because the case is so clear cut: We are distributing the share of the pie between companies and consumers.

That's not entirely true though. Better ad targeting increases the "size of the pie" by increasing the chances that a consumer will find something that's useful to them.

>At this stage, it is entirely rational and ethical to consider the entire ad industry as hostile.

At that point, why not consider the entire software industry as hostile? They're the ones that enable this, so clearly they are also the devil. Life is not this black and white. Ads do serve a useful purpose, to which degree cookie based ads do that, I'm unsure, but it would be very difficult to start a business without any kind of advertisement.

>That's not entirely true though. Better ad targeting increases the "size of the pie" by increasing the chances that a consumer will find something that's useful to them.

Most ads people see are not for novel products solving problems. The ads are just fighting for brand recognition and space in peoples brains. This parasitic and wasteful industry is squandering some of the brightest minds of several generations to dare. Ad cos are also wasting untold billions of dollars suffocating development of infrastructure and industries that increase quality of life.

The house of cards needs to come down.

> [...] the combination of which allows market actors to determine how much of my consumer surplus they can extract in every sense

That would only be possible if the online stores could perfectly discriminate users based on price. Which happens to some extent (booking flights is a popular example) but is difficult to pull off and also illegal in most countries. You are not allowed to make personal discounts for each customer for example. Better and stricter legislation to prevent these kinds of personalized discounts would be pretty straightforward to implement if it were a major concern.

One need not perfectly discriminate. Any discrimination eats consumer surplus.

It is a major concern. It is used in booking sites, and it will be used in other sites. We can not rely on regulation.

My point stands: User targeting is a threat and we, the users, are entirely justified in not liking it.

> You are not allowed to make personal discounts for each customer for example

It is surprising. Couldn't find anything about it in a quick search. It would also make flea markets illegal, wouldn't it?

I think that some forms of price discrimination are forbidden (but still practiced). Women pay no entrace in clubs, young students pay less etc.

Here's a recent example from the EU: https://eur-lex.europa.eu/eli/reg/2018/302/oj It addresses geo-blocking customers of online shops (and redirecting them to national versions of the shop with different prices).

Price discrimination itself is not illegal (for example in the EU), it is only so if it is based on certain parameters. And this you'd need to prove in court, which makes it unlikely that regulation will solve this issue any time soon.

Beyond the legality of the issue, the point remains: Here, companies and consumers are strategically at odds.

Why is price discrimination bad? It is about charging the highest price the customer is still ok with. Sure, if a merchant knows how badly you want his product he can increase the price. But, on the other hand, he will decrease the price for somebody who wouldn't pay the high price.

It's like bargaining on a fair. A method to determine a price suitable for both sides - instead of charging every customer the same price.

And it's not (only) about how much money the customer has. A rich customer can still be price sensitive and would get a low price based on price discrimination.

Also, in my opinion, ads and tracking are (mostly) orthogonal concepts. A website can track or show ads or both or do nothing. Tracking is often used for ads but not exclusively so.

Sometimes price discrimination may be overall good, but it easily leads to price gouging and I believe there a laws against it, for a good reason.

Should I pay 1.2x, 3x or 100x as much today, just because you know I desperately need the product/service today vs. yesterday?

What happens when I get (wrongly) classified as rich and now can't afford a normal life?

Should medication cost <som of your savings> if it is for life threatening issues? Should basic necessities cost more because my house burned down/got robbed/lost my luggage/whatever and you know I have money?

The argument against that is that if sellers cannot increase prices in times of crisis they have no incentive to stockpile for such events. This leads to shortages and even higher prices on an unregulated black-market.

I'm not saying that I buy this line of reasoning, but there's the counter-argument.

It's not really an applicable argument here. That's a general time/availability/word situation discrimination, which I think I would be ok with, to a limited degree.

I was arguing against people based discrimination, without any meaningful relevance on availability. Again, I think reasonable and reasonably qualified discounts are ok, but not increasing prices for the same product and service.

At best, price discrimination is a waste of time and resources. The buyer loses as much as the seller gains, making it a zero-sum game. But since price discrimination requires more effort than setting a single fixed price, the sum is actually negative.

Aside from that, "charging the highest price the customer is still ok with" means to eliminate the consumer surplus. Which is bad for consumers, i.e. everyone.

And aren't prices supposed to be signals? How are customers supposed to compare the costs of each good if you don't tell them? All you tell them is how much they're willing to spend.

They already know that. But you (probably) don't. If you did, congratulations: you've solved the economic calculation problem. This should raise red flags.

> But, on the other hand, he will decrease the price for somebody who wouldn't pay the high price.

I highly doubt that they would actually decrease the price. They maybe wouldnt increase it, but unlike the bargaining on a fair, the seller can not see that the prospective buyer is really struggling to make ends meet, and sell it at a loss to help them out.

Isn't charging different prices for the exact same product online -- i.e. price testing -- illegal, at least in California?

I'm interested how this works. Car dealerships do this all the time in person. I wonder why they can do it, but websites can't.

They don’t normally decrease the price below what the original baseline was. Would be nice if they did, but that’s not how it appears to be used by today’s companies

> Genuinely curious so would appreciate calm, non-aggressive responses.

My browser history is none of your business. That’s it.

I don’t take care if violating my privacy by stealing my browser history is less effective than the newest way of violating my privacy.

Doesn’t make it any better.

>My browser history is none of your business. That’s it.

Your browser was made to handle cookie data. It is publicly known. If it bothers you, you can turn it off. I do not see what all this sort of huffing is about.

If you walk in to Walmart you don't automatically think you're sharing your shopping habits with thousands of other companies who pay for that data[1]. People believe the web works the same way - when they visit someDomain.com they, entirely reasonably, accept they're sharing their data with someDomain but don't realise they're also sharing their data with whichever tracking/surveillance services someDomain has installed.

You're right that this is just how browsers and websites and the internet as a whole works, but what tech workers and tech companies are just recently discovering is that people don't actually like or trust how it works and aren't always willing to accept it. In Apple's case they can leverage that distrust to market their products.

[1] Today facial recognition and phone tracking means that you are 'sharing' that data with tracking companies, obviously.

> If you walk in to Walmart you don't automatically think you're sharing your shopping habits with thousands of other companies who pay for that data

You can literally buy that data. Either by targeting credit card transactions of people who shopped at a walmart via a broker or you can get more direct data (albeit probably more limited) from them directly here: https://www.walmartmedia.com.

That's the entire problem! Every store doing this should have a mandatory seminar before every shopping visit that outlines every single data point they collect, names every company, intermediary, and consumer of the data they collect directly and clearly, one. by one. These parasitic and disturbing methods only thrive because they have not been brought into the light of day so every consumer can consciously choose what data they want to share at every point. Any other methods except complete informed consent are fraudulent, invasive, and should be illegal. The sheer greed and lack of any morals in ad tech is sickening.

>If you walk in to Walmart you don't automatically think you're sharing your shopping habits with thousands of other companies who pay for that data.[1]

Isn't that exactly what membership cards for stores are for? Isn't credit card data also sold in a similar way? I find the credit card one to be a much bigger problem.

And cookies were meant to be used to provide value to the visitor, not to extract value from the visitor (especially without their consent).

And your email box is built to handle email. Doesn't mean you want hundreds of emails selling you crap everyday

Consider this: the vast majority of people you targeted more than likely didn't understand the terms of the deal (buried in ToS, hidden behind flowery language like "personalization", didn't understand the scope of such cookies, etc).

That is not informed consent.

What you were doing was exploiting people by going beyond the scope of their knowledge of the world and rationalizing it by working backwards from "well, they must understand what's going on" to "they must like it or get something out of it."

Problem is that's not true.

The reality is, even today barely any of them likely have the faintest clue what you did to them.

If they knew they would likely be far less than thrilled.

~ another ex-adtech worker

> It's not like cookie based targeting is very effective either. It's very difficult to get cookie based ad targeting right

Tell that to the likes of Amazon and Ebay. Their cookie-based advertising is extremely effective. They not only get to advertise things at you that they already know you like, they also learn about other things you like by knowing what websites and content you're viewing.

Why are we worried about this? Because megacorps learning everything about us isn't desirable. It only serves to intensify the advantage they have over individual sellers, and in doing so, lessening competition over many layers of business (all the way from manufacture to delivery).

I'll agree these things apply much less at smaller scale, but that's also why this is so important. Handing the biggest marketing advantage to the biggest players isn't good for anybody but them.

Amazon, Ebay, Walmart, etc. have persistent cookies. They are mapped to your profile in their database. If you delete the cookie, it reappears the next time you sign in. These companies can collect vast amounts of data on you, which allows their targeting to become highly effective over time.

But these companies are few and far between. Most ad tech companies have nowhere near this quality of data or access to users.

> they also learn about other things you like

if they do that it's very, very subtle. I get mostly product that I bought, with a handful of product that I saw recently, and zero original suggestions, even if I'm open to impulse buy, I am driven by new impulses, showing me something I haven't bought once is not going to tip me over as that decision was already rationalized.

You're thinking too linearly.

In the adverts they show you what is most likely to convert today. Stuff you've been looking at recently. But every adview is another blob of data to profile you with for future recommendations.

We talk about Facebook knowing too much about us but they really only have a social handle on us. Amazon knows where we live, what we buy, how much money we have, when we're going on holiday, when we're pregnant, how many children we have, what pets we have, what cars we drive, what we like to watch, what we like to listen to, when we're home.

Every new B2C service they launch is another intrusion. Advertising is just one ring in a long chain. It gives them reach over everything you view online.

Good point, for me it’s linking my cyberspace identity to my physical identity and having that sold on, stolen aggregated. Increasing my security vulnerability to phishing and identity theft

So you would agree if I store a cookie with a (randomly generated) ID in your browser to remember what you liked, what you bought, how you interacted with my website etc.? Also, I can sell this data to third parties and show personalized ads - all without knowing who you are outside of the web..

> a generally poor understanding

Probably this. Adtech (ironically) do not advertise what they do. Most people read and think that e.g. google literally sells personal files on themselves.

Another 5 year adtech worker here (and I'm still in it): it doesn't matter that it's a handful of large companies that have PII, it's that those companies keep getting more and more of adbudgets, and continue to build more and more products towards continuing to build real profiles.

Third party cookies should've never existed.

Let's rephrase that

> I fail to understand the fuss about cookie based targeting

...because he...

> worked in ad tech for half a decade,

To continue

> It's not like cookie based targeting is very effective either

Then why's it being done? Because it doesn't work, or because it does?

> Instead most companies do the bare minimum and try to make a guess that is slightly better than a coin flip

Uh huh. From https://en.wikipedia.org/wiki/Online_advertising

"In 2016, Internet advertising revenues in the United States surpassed those of cable television and broadcast television. In 2017, Internet advertising revenues in the United States totaled $83.0 billion, a 14% increase over the $72.50 billion in revenues in 2016"

That's the bare minimum. Right.

The fact that I worked in ad tech doesn't automatically make an advocate for ad targeting. I don't like being tracked either.

As to your question on why it's being done if it isn't effective, I believe there are two reasons for it:

1. A vast % of digital ad spend goes to a few companies that have personally identifiable information and very effective tracking. Google, FB. I did point of this exception in my comment. Frankly, these companies don't need to target you to be effective. They gather their richest data from your usage on their service.

2. As for the rest of ad tech: Media buyers at agencies tend to be fresh out of college grads. They don't fully grasp the capabilities/limitations of ad tech products, targeting effectiveness, etc. Agencies want to spend their digital budgets and not exclusively on FB, Google. They want to show that they're diversifying, innovating, etc. This IMO is how the rest of ad tech stays afloat.

> That's the bare minimum. Right.

That's not addressing the argument. Advertising follows eyeballs, so naturally it went online. There is no evidence that its effectiveness has increased however, despite all the claims about high ad tech.

> There is no evidence that its effectiveness has increased however

If you're right, those who commission ads are idiots because they aren't doing the most basic cost/benefit analysis.

And this in an area where doing so is very easy (don't run the ad then do run the ad, then see the immediate and longer-term difference).

Also, from the same wiki link I gave

"The EU limitations restrict targeting by online advertisers; researchers have estimated online advertising effectiveness decreases on average by around 65% in Europe relative to the rest of the world."

Further, by "There is no evidence that its effectiveness has increased" are you saying no studies have been done, or studies have been done but show no such evidence? In the latter case please post a few links, thanks.

> those who commission ads are idiots because they aren't doing the most basic cost/benefit analysis

i should clarify i meant the effectiveness of ads overall, not just targetting. there is no doubt that online ads work, and that tracking ads perform better than display ads. However despite the shift to online ads, advertising spending overall is similar and it doesnt seem to have increased consumption. So i dont understand if the rise in online ad spending means anything (imho it's purely because online audience is bigger now).

It used to be that Flash-based cookies were pretty solid, but now there’s no more flash...

What matters to ad campaigns is lift and not accuracy. What about conversion attribution? Don’t you need cookies for Amazon/etc to figure out what website led you to a purchase?

What the article lacks is a breakdown of who the ad buyers are. In particular, there’s probably a big difference between today’s Facebook vs display ad buyers (especially vs 5 years ago).

> It used to be that Flash-based cookies were pretty solid, but now there’s no more flash...

But there is so much more available today: https://en.wikipedia.org/wiki/Evercookie

Cookie based targeting is relative easy to remove. It is an early and easy vulnerability that can be quickly addressed before the big ones that takes more engineering and fundamental changes.

Contextual targeting is a bigg problem, and the fix will require a fundamental change. It is almost impossible to use technology to prevent contextual targeting in areas like email service and social media as long as the data is in clear text and available to the server. The current best bet is to use laws like GDPR but it is slow and not something a browser can dictate with a software update.

What if I want to target women who recently bought Chanel perfume? How would I go about doing that unless I do cookie targeting?

Is this a serious question? Just because you want to target something doesn't mean it is ok to do it. Geez, the arrogance. You want to do X, so the rest of us have to give up our privacy? Technical feasibility is not the same thing as ethical, courteous, or just plain being respectful of other people. The whole industry seems to have done some sort of massive mob rationalization of inappropriate behavior. It's not ok.

If I am on a tech site reading about disk drive failure rates, feed me an ad about an SSD sale. If I am reading about mountain climbing, show me ads about climbing equipment. Fine. But don't start following me around the web with adds about ascenders for the rest of the afternoon. Or travel insurance. Or ... It is none of your business what I browsed half an hour earlier.

Thank goodness at least one business (Apple) has enough customer focus left to try to address some of this nonsense. All the better that it helps them against some of their competitors. That just makes them more motivated. Bully for that. At least we are still the customers rather than the products with Apple.

Couldn't agree more. I hate it when people respond to concerns with "I make money that way, how could I possibly go on otherwise" as if it somehow legitimitized their unscrupulous activity. Their profits are nobody's problem but theirs and there is absolutely nothing wrong with putting them out of business if that's what it takes to stop their abusive surveillance capitalism. If people's use of privacy-focused software and products reduces their revenue, so be it.

You got too emotional when reading my response.

I was just asking the question because I was genuinely curious whether there was technically a way to do so w/o cookie targeting. I have no interest in doing such targeting. I was interested in whether a HNer had a creative workaround.

The way you asked the question suggested you were trying to find alternative methods to track people. That implies the method of tracking (cookies) was the problem rather than the tracking itself. My response to that is tracking people isn't something that should be done to begin with. People should not want to track others. It should not be possible to track people in any way, let alone make any money from the practice.

Ok I understand. Thanks.

>You got too emotional when reading my response.

I read a dispassionate rebuttal of your point. Calling the reply "too emotional" is not an okay tactic.

“Please respond to the strongest plausible interpretation of what someone says, not a weaker one that's easier to criticize. Assume good faith.”


And you just responded to the weaker interpretation of his argument (which is easier to criticize) when you called it "too emotional."

And you responded to the weaker interpretation of my argument. And so we are in a loop.

my orig response was an innocent, curious question while his was an impulsive rant/essay.

>You got too emotional when reading my response.

I'm not sure there is any stronger interpretation available here. You're baselessly speculating on gp's emotional state. That is the opposite of "assume good faith."

You are arguing with a straw man.

I actually agree with your point. I was just asking the question because I was genuinely curious whether there was technically a way to do so w/o cookie targeting. I have no interest in doing such targeting. I was interested in whether a HNer had a creative workaround.

> I was interested in whether a HNer had a creative workaround

There is still fingerprinting. If you take that away also then it gets trickier and fuzzier. But hey, if I can recognize you by the way how you walk then it should be even easier to do so by the way how you move the cursor or how you scroll. Or the time you usually visit my website. IP-address? Ping-times, animation delays.. And if somebody pays me good money I will find even more opportunities :-P

What if I'm a women who recently bought Chanel perfume and I want you to fuck off?

Let's translate this to brick-and-mortar:

> What if I want to target women who recently bought Chanel perfume? How would I go about doing that unless I do video surveillance and face-recognition targeting?

Suppose a woman walked into a dress shop, and the clerk said, "We find that our $LINE line of dresses over there works really well with the Chanel perfume you just bought."

Do I have to explain why 1) people think it's creepy, and 2) why people think you don't have a right to do that?

If those women gave you permission to contact them, that’s how. If someone bought Chanel, you don’t have a right to that information unless they explicitly gave you that right.

What about the retailer that sold the perfume? They'll usually auto sign up the customer to their product emails and/or adapt their landing page to customer's interests (like Amazon).

> They'll usually auto sign up the customer to their product emails

Fortunately, at least in the EU that's illegal.

Under GDPR this kind of self advertising falls under legitimate use of an email address, so if you inform the user you'll send them the emails, it's legal to do so without explicit opt-in. (AFAIK IANAL)

Get them to sign up to your mailing list and send them an email ad. Anything else should be off limits.

> The cost of reaching Safari users has fallen over 60% in the past two years, according to data from ad tech firm Rubicon Project. Meanwhile ad prices on Google’s Chrome browser have risen slightly.

This is a great metric for privacy.

I’m confused by this. If Safari users are harder to target, and demand for targeting Safari users hasn’t changed, shouldn’t the price go up?

The demand for highly-targeted users is what drives up prices. Since Safari users all look the same now and can't be highly targeted, they have lost that high-end demand and prices have fallen to generic display rates.

I would disagree. "People who can afford Apple gadgets" is a desirable high-income audience. I wouldn't be surprised if it was broken out as a special category for purchase by FB and GOOG soon.

The point is they are less valuable because you can't track them, so you can't take advantage of their potential value.

Lets say an average Android user is worth 100 value units, and you can get lots of uniquely identifying information about them, say 90% of the ideal amount of info, so their effective value to you is 90 value units each (90% of 100).

Uniquely identifiable Apple users info is potentially much more valuable, say 200 value units. However you can only get a very small amount of actionable information about them because they are so hard to track, due to Apple's security and privacy systems. So maybe you can only get 10% of the information you would ideally like to have about them. That makes their actionable value to you only 20 value units each (10% of 200).

> The point is they are less valuable because you can't track them, so you can't take advantage of their potential value.

This is simply bullshit. So-called “targeted” advertising is a giant scam pulled on non-technical marketers who don’t understand it at all and use “measurements” provided by the ad networks themselves.

Targeted ads don’t actually work in any meaningful sense: https://thecorrespondent.com/100/the-new-dot-com-bubble-is-h...

Real-time bid requests generally already contain the UA, often partially redacted. So bidders can do this already.

(Disclosure: I work on ads at Google)

That’s already priced in, and is likely the floor to which prices have dropped.

Usually ads care about more demographic data than just device type. Unless you are advertising iPhone cases you probably care more about other data.

There are billions of Apple devices now. Just having one is a very weak correlation to any particular action that a marketer is interested in.

It correlates pretty well with "does this person have money?"

I feel really comfortable being in that bucket. It’s a very large bucket.

At least in my experience, lots of iPhone users are rocking old models they bought used for like $200.

iPhones are popular across income distribution and Macs are a very small market compared to phones

Not really at all. iPhones are only "very" popular in US (high average income) and among the wealthy elsewhere.

A 20-second googling produces one example: https://www.forbes.com/sites/toddhixon/2014/04/10/what-kind-...

Google around for more.

Thanks for the explanation. The supply has become crappier while demand stayed the same.

Supply and demand have stayed the same in quantity, but the quality of both has dropped severely. It's the same equilibrium but at a much lower price point.

Demand has decreased. The curve of constant demand with decreased supply pushes the price higher.

Numbers below are just for making a point:

Let's say someone is trying to sell snowboards using ads. Previously they could target say "young male users who have previously browsed snow sports." Let's say the ad had a 5% conversion rate and they were willing to spend $100 per conversion (sale). This means they are willing to pay $5 per ad displayed. Now they can only target "all safari users" and their conversion rate is now 0.5% since not everyone likes snowboarding. They are still only willing to pay $100 per conversion, but now they are only willing to pay $0.50 per ad displayed since they need to display 10x as many ads per conversion. If the auction rate is >$0.50, they stop buying ads completely which decreases aggregate demand for ad slots.

In theory a "user" is more valuable the more you know about them because the extra info lets you better target them for higher response rates. Better privacy means you know less about the user, meaning you are less likely to bid high for that user's eyeballs, meaning the user is worth less ad spend.

The actual story is a little more nuanced: when you target an ad, you are usually bidding for users in an auction. You're generally willing to pay more for more specific filters because you're more confident of a higher response rate.

In ecosystems with a lot of data on every user, specific filters actually work, so you end up with higher bids on fewer users, which should drive the average spend per user up without necessarily driving total spend up. With less data, you have to use less specific filters, so you end up with lower bids on more users, which drives average spend per user down without necessarily driving total spend down.

There's also a countervailing force, depending on the market. First an example that supports what everyone is talking about:

* User X loves cola

Pepsi and Coke both bid more to serve their cola subscription services or whatever. Ad price goes up. Now add more data:

* User is a Coca Cola fanatic.

Even though this is the same user, the ad price goes down, because Pepsi doesn't want to bid.

Now add another Pepsi fanatic for symmetry, and you can see how "more data about users for better targetting" can in some cases reduce auction prices (while of course still increasing advertiser value.)

But if users were trending towards either side then the number of users in the middle would presumably be diminishing, driving up prices to target them even more.

Your scenario just seems to single out one particular example where more information can reduce spending on one group, while increasing it on another.

I think this is only on fake-scenario. In a real DMP, the user would be "loves cola","loves coca cola","loves fizzy drinks","drinks sugared drinks", and about 30 other related segments, and one of those would definitely sneak by.

Humans create audience segments, and it's in the interest of dataset producers to have each user be a part of the maximum number of members they can be to maximize monetisation.

> Humans create audience segments

Eventually there will be machine learning models involved (maybe there are already? I don't know ads.) Those models might move closer to "perfect targeting" where advertisers could compete less over certain users.

And no matter the incentives of the data providers, "increase customer value" is probably always a Nash equilibrium. If better targeting leads to less revenue, eventually you'll probably do it anyway.

Imagine you have two users. One who likes apples and one who likes bananas. Both like oranges. I sell apples and am willing to pay $1 per conversion. You sell bananas and are willing to spend the same. OP sells oranges and is willing to spend $0.75 per conversion.

If we can't tell which user is which, we know 50% of our views will lead to a conversion, so you and I will both spend $0.50 per view. The orange seller beats us and the price is $0.75 per user (assuming an old fashioned auction).

If we can tell which user's which, I can spend my $1 on the apple eater, and you can spend yours on the banana eater. Both of us will spend more than the orange seller, who is still only willing to spend $0.75 per view. The price rises to $1 per user.

Dollar per conversion is the constant, and the pile of converting users doesn't change. With less targeting, there's just more hay in the haystack. Dollars per viewer goes up as the number of viewers goes down.

This makes it clear why it's in the individual advertiser's interest _and_ advertising network/website's interest to get more data on the users.

The cost to the advertiser has stayed the same (or in reality, has probably gone down slightly, as it's likely fewer people are bidding on the impression) while the revenue per impression has overall gone up.

Pricing on targeted ads is linked to confidence that a person will perform an action (buy, sign-up, etc). This is a function of the "richness" of data collected -- does the data about you contain demographics, engagement, behavior, so forth.

So a shoe company may pay a lot for a "male/18-35/basketball-fan/shoe-blog-reader". But Safari does not easily allow for that richness of data to be collected, so the price is low.

It's still trivial to target users where browser="safari".

But with Safari's recent changes you can no longer target users on Safari where "non-empty cart"=true, because that relied on cookies and tracking which are no longer available.

On a per-impression basis advertisers are willing to pay (way, way) more if they know they are reaching someone who has already visited their site and been engaged enough to add-to-cart. There are plenty of other examples but abandoned-cart-retargeting is one of the most obvious ways advertisers can see good ROI on expensive ad impressions.

Me too.

Maybe its because the data that can be collected about safari users isn't worth as much.

You have to look at it as the companies buying ads pay more for users that are more likely to result in sales.

Exposure increases this value just by playing a numbers game; therefore, the larger the ad network, the more they can charge.

Targeting increases it more, by allowing companies to choose demographics more likely to be interested in their product, so again, they can charge more.

An interesting aside: While working as a mobile developer, I learned that many apps do not have an in-app-purchase to eliminate ads because it tanks the value of the in-app advertising. Why? Because the people most likely to drop $5 or $10 to not look at ads? They're the ones with the most expendable income, and therefore, users more likely to impulse purchase products advertised.

In other words: By allowing people willing to spend money to support the app, even if there is NO OTHER EVIDENCE they'd be interested in a product, decreases the value of your advertising.

I imagine it’s not that it’s harder to target whether someone is using Safari, but that it’s harder/less effective to try targeting demographics within the group of Safari users.

Advertisers look for a certain ROI on their ads. If Safari users are harder to target, then the absolute return on ad spend will be lower (apparently enough to offset the affluence of Safari users). The way to bring the ROI of Safari ads in line with the ROI of ads on other browsers, then, is to pay less for Safari ads.

Are ads a lot worse on Safari as a result of this price drop? I’ve tried going tracker-less before (e.g. on YouTube) and the ads get hyper spammy. There was a large shift, too, in the spamminess of display ads a couple years ago as Facebook took all the high-quality ad dollars. There are several news sites that run such spammy ads they usually crash the browser.

Any idea where Firefox lies in the spectrum?

Sometimes I wonder if the entire ads racket isn't a case of the emperor with no clothes.

Has anyone here actually had a meaningful increase in users and revenue by using targeted-ad services, that they couldn't achieve by more organic methods (e.g. posting on places like Reddit, word of mouth)?

The real goal for the big players using these services isn't actually increasing their own users and revenue. They have better ways to do that.

Rather, the goal is to lock everyone else out from even possibly doing so.

For example: AdWords isn't about reaching new audiences, it's about staking a claim on an audience in perpetuity (as long as your budget allows). This is completely apparent from the pricing model.

Google's brilliance is that via the ubiquity of their search platform, they have effectively managed to leverage a property tax on attentional real estate. If you don't pay, someone else will move in and hopefully develop the attentional property further, raising the value Google can charge you for it until you're priced out and someone else comes along to hold onto it.

That's like the 1000th ad-targeting article I've read, but the first time to hear this perspective. Absolutely fascinating, thank you!

Here's one question though: If you're the established player in one field and don't really need the online ads other than for staking a claim, would it really influence your sales that much if a competitor takes over that space? Probably just a downturn in number of sales to new customers? (Who presumably haven't heard about the other players in the field and just go with the one that's shown to them in online search results?)

Okay, that's more than one question, but maybe you'd like to elaborate a bit.

I very much doubt the small bump in sales of Coke after a major ad campaign actually pays for the campaign. That's not the point.

Lets suppose CocaCola stopped advertising completely. No TV adds, no product placement, no billboards, nothing, but Pepsi and the other soft drinks companies kept up their rate of advertising or even increased it to fill the gap. The only time anyone ever saw the name Coke would be when they saw it on a shelf. It might take a while, but the outcome would be inevitable.

> The only time anyone ever saw the name Coke would be when they saw it on a shelf.

Or, when it was posted/mentioned by people who liked Coke.

Or when someone digs up an old coke bottle.

It's known for quite a while that only a minuscule fraction[1] of the digital advertising results in actual conversion. But, marketers have come into terms that even it is worth spending large money; it's just that only those without a large budget and expecting miracles out of digital advertising end up as total losers.

Then again, with the influencers/celebrity culture, the landscape of digital advertising has changed. Hence, Instagram supposedly leads when it comes to organic conversions. Good news here is, those who don't want such ads can stay away from the platform (or) that influencer. Bad news is, it is resulting in creating hoards of gullible, programmable masses with little effort, who can be exploited for various nefarious activities which can have an effect even outside of those platforms.


Retargeting can be quite effective, along with other forms of first-party data used for targeting- such as CRM data to inform which ads are relevant.

Behavioral data using 3rd parties like Neustar / Lotame have more dubious results, but still rake in billions each year from ad buyers that fastidiously track their ROI.

Most online display works to reinforce messaging in other forms of media, or win over new audiences with sheer volume.

Good question, this [] article proposes that this is indeed a bubble. I tend to agree and generally avoid ad-tech related work, even though it is closely tied to the engineering work I do.

[] https://thecorrespondent.com/100/the-new-dot-com-bubble-is-h...

Personal experience shows that poor results from targeted ads is usually because of a) poor product, b) poor audience targeting, c) poor creative, or d) poor testing and tracking.

There's an entire cottage industry of marketers (especially affiliate marketers) who make a lot of money through targeted ads. Unlike big brands, they can't afford to throw money at branded campaigns; they have to see results. If they continue to patronize ads, it means that they are getting conversions.

Why isn't "e) targeted ads don't work as well as ads agencies want you to believe" a possibility?

Similar to the other day (https://news.ycombinator.com/item?id=21725985), we asked The Information to unlock this article for HN readers and they agreed. Thanks!

(Submitted URL was https://www.theinformation.com/articles/apples-ad-targeting-...)

Breaking News: Advertisers concerned feature is working as advertised.

Advertisers don't care and have never worried about this. It's the adtech supply chain, and the publishers who get paid that worry about the revenue and targeting.

Depends on the advertiser! Big brand who mostly wants to reach everyone in a geographic area? Targeting doesn't matter. Retailer that wants to bring someone back in to complete a purchase? Without targeting they won't buy ads at all.

(Disclosure: I work on ads at Google)

You suggest this as if the majority of ad spending comes from small businesses trying to retarget their customers; when the vast, vast majority of ad spending comes from big brands; and your mom and pop business isn't running a sophisticated ad targeting campaign.

Adtech is for the establishment.

How has this been so effective, when Panopticlick still says my Safari browser has "a nearly-unique fingerprint"? (And based on what I've read from other users's experience, this is normal.)

When you load Panopticlick, you'll notice it takes a minute or so to fingerprint you. That's a pretty long time and a lot of CPU.

Re/Targeted ads require the decision to be made in milliseconds, including network transit time. They just don't have the time to fingerprint you on every request. They could do it once, but then they are back to the problem of having to set a cookie to keep track of you after that.

>When you load Panopticlick, you'll notice it takes a minute or so to fingerprint you.

No, it takes a minute because it’s trying to load trackers in order to test your adblocker. Fingerprinting itself takes only a moment. Try TorZillaPrint: the results are instantaneous.


In practice, good content blockers (i.e. uBlock Origin) block most fingerprinting scripts. I don’t know whether Safari’s includes this.

> Re/Targeted ads require the decision to be made in milliseconds, including network transit time

If they're served on page-load when a user first visits a site, but I guess a significant minority are also requested+served in the middle of your newspaper article two minutes after page load, or in the middle of your Youtube video, or a refreshing sticky-footer ad, or just the next page loaded on a site.

Thanks, that actually explains a lot!

It's not accurate though. See other replies.

It's mobile Safari that is hard to fingerprint and getting harder with each version. Most adtech still runs off cookies to share data and store identifiers and those have been basically eradicated.

Having to fingerprint every pageview also creates latency and still isn't that deterministic so everything will need to shift to probabilistic and contextual targeting. That's a hard change to make for most legacy networks.

Aren't cellular providers tagging connections with unique identifiers to make targeting possible?

Telecoms like Verizon and ATT have their own adtech companies and were doing this, but regulations and encryption technologies have disabled most of it.

IPv6 with probabilistic modeling comes pretty close though.

Not over HTTPS they aren't.

Fingerprinting is much harder in reality than Panopticlick makes you believe.

For example, if you update your browser or add a new plugin, you can look like a new person so it makes it harder to find a match. A cookie would not change through that event.

Enough people have the same fingerprint that it limits its effectiveness. Maybe you can only reliably identify 40% of your user base that way.

It is like using your IP address as an identifier. For some people it can be 100% accurate, but others switch networks or share an IP with multiple other people which limits its usefulness.

What ends up happening is that companies will correlate IP address with other fingerprint information to get a probabilistic match but that is complex and still has flaws.

They say "nearly-unique" - I get an odds of '1 in 50,000'. Granted, that may be enough combined with IP or some other factor as a transient/session cookie. However the hash might change as soon as a plugin or some dependency is updated.

Combine my Canvas fingerprint (which a plugin update won't change) with my rough location (based on IP address), and I have to imagine you'd get very, very close to identifying me.

Canvas fingerprints are probably the same between other iphones of the same model and ios version. So unless you use a rare model and/or rare ios version, there's probably at least a few dozen people with the same fingerprint/ip range combination as you.

My understanding—only because another HN commenter told me as much, many months back—was that even the exact same model hardware would return different canvas fingerprints due to silicon differences. Not true?

That seems implausible unless there's analog logic involved. With digital logic a bit is either a 1 or a 0, and any "variations" (eg. a 0 where it was supposed to be a 1) would be considered flaws as they can dramatically skew the end result (eg. the MSB of an integer being flipped, or one of the bits in the exponent of a float). As far as I know, there aren't any analog logic involved in a rasterization pipeline.

That sounds unlikely. I'm sure there is some variation due to differences in OSes and GPUs, but there are surely enough iPhones with each to make it nothing more than supplementary entropy.

because pantoptclick is wrong!

you can be in California and using say an iPhoneX and it will tell you you're one in 500k. If you calculate the number of people with their iPhone set to English in the PST timezone (the only things there is to distinguish one iPhoneX from another) and then you divide that by the pantoptclick number you get it's claiming there are only 10-100 iPhoneXs in all of Seattle Metro Area, San Francisco Bay Area, Los Angeles Metro Area, and San Diego Metro Area combined. Clearly wrong

It's not wrong, it's just potentially misleading.

> Your browser fingerprint appears to be unique among the 251,543 tested in the past 45 days.

It only counts against those other people who visited panopticlick, and that in the last 45 days. That's explicitly stated, but hidden in the click-through for details section.

There are also things it can't detect, such as the existence of the Cookie Auto-Delete extension. So it thinks cookies are enabled and can be used for tracking, but in reality they get deleted whenever I close a tab (and links to new domains get opened in new tabs). Or user-agent randomization, which will make your fingerprint more unique but less useful for tracking.

I'd love to know this too--maybe fingerprinting isn't yet being used most places? Or maybe fingerprinting isn't that useful without additional cookie tracking?

From what I understand, a lot of the ad networks still work off cookies, they haven't moved to using fingerprinting yet. I think as browsers implement more anti-tracking features they may start to though.

My guess would be sample bias. ie. there aren't too many people going to Panopticlick from their iphones, so it thinks your iPhone is unique.

Not sure if this is the case but it would be possible to fool fingerprinting by randomizing parts of the browser so each request has a unique fingerprint which isn't useful for tracking.

Related. The next big change for privacy and ad targeting is the removal of the IDFA by Apple and the GAID by Google. Removal or aggressive randomization, but there is no way those IDs remain as persistent as currently.

It's a matter of months, maybe a couple of years.

When this happens, what is happening with Safari now will look like a minor issue.

You can set the IDFA on iOS to all 0's in Settings. See: https://support.apple.com/en-us/HT205223 under "Opt Out of Targeted Advertising" (at the end).

Yes indeed. And reset your GAID when you want and know how to do it. But my point is that such a behavior will be forced by the OS rather than offered as a choice.

It's what is happening with Safari (and the other browsers). First, knowledgeable users are empowered to make a decision, then, that decision is rolled out automatically to the masses. E.g., https.

Let us not forget that Apple isn't doing this out of altruism, but 50% because it hurts their competitors and 50% because it makes their users happy. That said, being 50% motivated by making their users happy is more than can be said about Google or Facebook.

Edit: To be clear, I am an Apple customer and it's mainly on privacy grounds. I just like to keep realistic expectations about their present and future behavior, instead of buying into Tim Cook's rhetoric of idealism.

It doesn't matter that a business isn't making a business decision based on altruism. What matters is that the incentives of the users are aligned with those of the business

I think it's considerably better when it's not based on altruism, because it's easier to predict how stable or sustainable an alignment of interests might be.

At an Apple all-hands around 2005, an employee asked Steve why they made the iPod, and he said "because we love music." And the answer was so simple and so earnest, that you just knew it was true.

Apple, for better or for worse, makes products based on what its executives personally want to use. That's not the only consideration, but it's unusually salient compared to other companies.

My guess is that Apple works to limit ad tracking because its executives personally do not want to be tracked.

> My guess is that Apple works to limit ad tracking because its executives personally do not want to be tracked

I'm going to guess that their CEO, growing up gay in 1960s Alabama, has a strong connection with the human need for privacy.

I'd believe that about Steve Jobs. I don't believe that about Tim Cook, and definitely not about the average Apple exec.

Apple under Steve Jobs 2005 and Apple under Tim Cook now are different beasts. Steve would go crazy at the executives releasing all the buggy/unpolished products Apple released recently. Imagine the Macbook keyboard or the Touchbar being released under Steve.

iPod was a great product. But time has changed, and I would be cautious in extrapolating that experience to Apple today. I can't imagine Apple executives saying "We change the keyboard because we love typing".

Apple had plenty of misfires under Steve as well. iTools, Apple Hi-Fi, etc. People forget.

The crappy MBP keyboard illustrates my point. I suspect that Apple neglected the Mac for a long time (in many ways) because its executives switched to using primarily iPads [1].

1: https://appleinsider.com/articles/15/11/09/apple-ceo-tim-coo...

I feel the same way. Imagine how Steve Jobs would feel if he found out you could go to an Apple store, buy a Macbook and an iPhone, and still have to buy an additional cable to connect them together!

You don’t. Anything you need to do can be done via iCloud.

Also the newest generation comes with a usb-c to lightening port.

No, Steve would correctly point out that the supplied cable isn’t for connecting to a computer, it’s to charge the phone or dock with a car.

Connecting an iPhone to a Mac is a niche activity these days, and anyone who needs to do that surely understands what USB-A and USB-C are.

"The future's USB-C! Convert!"

"So, the iphone charging cable will connect to USB-C?"

"What, are you crazy? Literally everything is USB-A."

You think that’s bad, you should’ve seen the work I had to do to plug my Model 3 into my Model S.

He would wonder why they need a physical cable to connect at all.

To charge, if you forget, misplace, or just don't want to carry your phone charger brick.

The iMac caught so much flak for omitting the floppy drive.

It's be less ridiculous if the iphone didn't come with a USB cable. It did, though, just the "wrong" one (I understand from elsewhere in the thread they've finally fixed that, however).

He'd probably be satisfied knowing that a significant fraction of iPhone users never connect their phone to their computer.

> Imagine the Macbook keyboard or the Touchbar being released under Steve.

Imagine the G4 cube, or the puck mouse, or the Motorola ROKR.

Watching video of Steve introducing the ROKR makes it very clear he was...underenthused.

Really? Remember Ping?

Nothing wrong with that.

"It is not from the benevolence of the butcher, the brewer, or the baker that we expect our dinner, but from their regard to their own interest." - Adam Smith

Apple now treats privacy as if it were another product in its lineup; they clearly feel it’s a competitive advantage: https://www.apple.com/privacy/

This is why I bought a brand new iPhone last week. It is my first Apple product.

I like this, and I am willing to spend a lot of money. Best I can do is probably let my wallet do the talking.

I like the term that Ben Thompson (who writes Stratechery) uses for this kind of thing: "strategy credit":

> Strategy Credit: An uncomplicated decision that makes a company look good relative to other companies who face much more significant trade-offs. For example, Android being open source

More here: https://stratechery.com/2013/strategy-credit/

> Apple isn't doing this out of altruism

Of course not - who said they were?

Agree -- total red herring. And I'm much happier that Apple has a financial incentive to keep this up. "Corporate altruism" has a tendency to go poof! the instant it conflicts with the bottom line.

One can make the argument that Google's "do no evil" was pure altruism. And indeed, it did go poof! the instant it conflicted with their bottom line. Astute comment, parent.

These days they try hard to sell themselves as "the good guys of tech". Tim Cook grand-stands about privacy rights, etc. It's easy to forget that it's all just business, so it's good to be reminded.

>That said, being 50% motivated by making their users happy is more than can be said about Google or Facebook.

They all have products to sell to users so in that sense they all have to strive to make those users happy. Some business strategies use lock in to keep consumers but unless you want to wage that accusation against one of these three companies it seems like they should all be equally motivated by consumer happiness.

The closed/open/free/freedom paradox of Apple is something people should be thinking more about:

They are in many ways the most closed of all the big tech companies. Their flagship platform (in revenue terms), iOS, is the most closed general purpose computing platform in history. Overall it's second only to things like game consoles for being locked down to everyone including the owner.

They are also the platform and OS that offers the best privacy and security to the average user, and the only mainstream platform/OS actively pushing back in any way against surveillance capitalism.

Why is this? Three reasons I think, listed in order of importance:

(1) Economics: Apple's closed premium brand gives them pricing power, causing the majority of their revenue to come directly from their users. This makes it at least economically possible for Apple to prioritize their users' privacy and security at the expense of other potential secondhand sources of revenue. If you're playing in the bargain bin or worse are "free" then you must seek revenue elsewhere, and monetizing users via surveillance and other scummy methods is the easiest and most lucrative way to do that.

(2) Security: being unbelievably locked down is a double edged sword: it robs users of choice, but also robs malware and adware of attack vectors. Android is more open and as a result is a spyware disaster and seems to be getting worse. There's so much un-policed attack surface that Android's permissions don't really mean very much.

(3) Corporate DNA: Apple still has some DNA left over from the personal computing era back when PCs were about empowering users rather than monetizing them and the Internet was supposed to be about communication rather than manipulation. Apple still thinks it's making products for people, not productizing people.

  > iOS, is the most closed general purpose computing platform
  > in history. Overall it's second only to things like game
  > consoles for being locked down to everyone including the
  > owner.
So, overall it is not "the most closed".

Yes it is. Game consoles aren't general purpose computing platforms.

And what makes phones "general purpose" computing platforms?

A wide range of applications. For example, games are available as well as mapping and image editing software.

There’s a whole bunch of non-games in the Xbox store

It's fair game, that is why competition is healthy. If other companies don't try other formulas you end up with having all tech companies be ran by ad revenue.

people are too prone to anthropomorphizing companies. capitalism in two words: incentive alignment. people should really never be expecting business decisions to be motivated by morals.

People are going to unpleasantly surprised by the way the internet changes after tracking for personalized advertising stops working. Already, I see tons of complains about paywalled news sites, micropayments everywhere, and the death of the "old internet". Just imagine how much worse it'll be when only two or three giant social media companies can make money with advertising (since they can rely on first-party data) and everyone else is relegated to a high-friction ghetto. If you're sad about the death of the "old internet", look out, because you haven't seen anything yet.

As for tracking: the current "privacy" push looks like a moral panic to me. I've yet to see any actual personal harm come to anyone as a result of cookie-based tracking. I have, on the other hand, seen billions of people benefit from the monetarily-free services that personalized ads enable. Whipping up an anti-cookie hysteria is making the internet worse for everyone but the big established giant companies.

It will likely make fake news less profitable, since I would bet that a lot of value in advertising on those sites is driven by the audience, not the type of content being posted.

I think that would be a nice return to the "old internet".

Also, it isn't clear to me that the larger sites you talk about would not recoup more value from their audiences and thus need to paywall less.

I've yet to see any harm from that lion hiding in tall grass over there, stop panicking and get back to grazing.

I have yet to see any harm from eating badly and not excercising for this young person, stop panicking and let them enjoy their double-upsized extra-bacon Monsterbuger.

Is there supposed to be an argument in there?

All of that cookie blocking makes for smaller, and sometimes fewer requests. In total that represents a non-zero effect on battery life (and bandwidth) that Apple gets to use to bolster their battery benchmarks.

> For instance, a publisher can track what people do on their own site—just not on other sites. So they can sell targeted ads based on the information they have.

This is what I believe is fair. Unfortunately we are seeing the difference between first-party cookies and third-party cookies gradually vanish. Publishers are already encouraged by ad tech companies to set up CNAME records so that a subdomain on a publisher site points to an ad-tech company domain.

That may help the one adtech company but they still wouldn't be able to "sync" (https://www.adpushup.com/blog/cookie-syncing/) their cookies with other companies in the supply chain.

Does this cover iOS apps, too?

If so, that could mean fewer iOS apps will get written.

If not, is that only on technical grounds (it may be easier to hide what data apps send out) or (also) because it is good for Apple if one has to write an iOS apps to better track users?

I don't think it does and, as an advertiser, people mostly exclude apps from a lot of display/video campaigns at the moment but it's being touted as the next big opportunity because of moves like this.

iOS apps have an advertising identifier that can be reset by the user.

There are of course other ways to fingerprint the devices, but they will get your app removed from the App Store if you're using them for advertising. (If you're caught of course.)

Apple is “cracking down” on ad targeting, while simultaneously helping iOS apps track and target users through a unique advertising ID.

It keeps the advertisers happy while still allowing users to opt out of tracking.

Safari “opts out” of (blocks) tracking by default iirc. But users have to explicitly choose to opt out of iOS tracking.

Most people don’t even know about the tracking ID.

Edit: Apple ought to prioritize the privacy of users over “keeping advertisers happy.”

The difference is that users can go to privacy, and switch a single option and they are opted out.

In Android, and with Google in general, you have to go through many different menus and hidden option in different places. And then, you can't really stop tracking either, because you'd need to also go to several of these "ad alliance" scam websites and try to disable tracking for hundreds of services. And of course, these websites never actually work for more than a couple of those.....

From my perspective, coming from Android, iOS is really good. I am soo jaded by Google and Android that I just expect a company to try to obfusicate options and generally be hostile to my privacy.

I regret using Android for many years, especially since Google, while I wasn't lookin, quietly moved from innovative and user-friendly to literally user hostile.

Nobody is talking about android here. The point is that Apple doesn't care about privacy because it allows ios tracking (Why is that even a thing?)

> A Criteo spokeswoman said that by making the ad-blocking feature automatic in Safari, Apple “does not truly promote choice for the users of its browser.”

That's an... interesting take on the situation.

Whenever I hear a lobbyist or business person talk about “choice” or “freedom” it’s usually bad for people....

You’ve forgotten to include politicians.

I think it's reasonable to think of politicians as mouthpieces for lobbyists - most of them will become lobbyists after losing a reelection anyways.

Solution would be pop ups asking for each choice on the device....kind of like the way ad agencies like it.

People don't use browsers to look at ads. So from a user standpoint ads shouldn't be there in the first place.

People don't go to the grocery store to give their money to the cashiers. So from a user standpoint the cash registers shouldn't be there in the first place.

The ads typically are paying for what the users are going to the website for. I don't like it, but most users seem to prefer visiting sites with ads over sites they have to pay directly for. I hate how intrusive and abusive many ads can be, block ads on many sites, pay to subscribe to some sites, and hope other models succeed someday, but have to acknowledge that ads do serve a purpose.

I agree that ads serve their purpose. Their proceeds allow websites to exist and motive entrepreneurs to create them in the first place.

My point is indeed that people go to grocery stores to buy food, not to spend money. Doesn't mean cashiers aren't justified.

> Their proceeds allow websites to exist and motive entrepreneurs to create them in the first place.

The desperation about monetising ads usually makes them crappy website creators. They would just fill pages with low quality articles propped up by SEO. I prefer the sources that don't earn money on advertising for quality of content.

Everything Criteo says is just terrible. They're about as borderline legal as it gets. I'm 100% expecting them to get massive GDPR related fines in 2020.

Apple doesn't promote choice, but it's not because Intelligent Tracking Prevention is on by default. (Also, it's not an "ad-blocking" feature…)

Breaking: more updates to ITP, including the ability to block all 3rd party cookies— https://webkit.org/blog/9661/preventing-tracking-prevention-...

Is this Apple's subtle revenge for Google's Android ripping off the early Iphone?

More likely that Apple employees simply hate their data being shared with every advertiser like the rest of us do.

You can read the article for free if you make up an email. It does not ask for confirmation.

I was enjoying the irony of reading the article on safari only to have it cut off so they can ask me for my personal information to track me.

It's a paywalled site. They're not tracking you other than to ask you to pay for the content. This will only become more common as sites shift from ad revenue to subscriptions.

I’m not too sure about that. There’s no guarantee they won’t both get your payment and then track you (with confirmed personal details you provided during payment).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact