The harder something is to find and disable, the shadier it seems.
A former contractor who worked for Apple in Ireland told EU regulators that he heard highly personal conversations as part of a project that transcribed portions of Siri recordings to improve the feature’s voice recognition. Apple apologized after the infractions were revealed and said it had suspended the project while it implemented better practices.
My point is that Apple disclosed to users that this will happen, so I am confused as to who would consider this an “infraction”.
I had to set up iOS multiple times (broke phone screens, got an iPad and so on), and as far as Siri was around I remember being informed.
During initial setup you have options to turn Siri on with continuous listening, on via button only (my preference), or off entirely. One tap and a short bit of text informs you of privacy implications, including that your voice recordings may be sent to and heard by humans in order to improve QoS.
I did not have to dig through a wall of ToS, it was a clear and concise paragraph set in large enough type that took single-digit seconds to read.
I wonder whether (1) I am missing some circumstances or a period of time where this was not the case, and therefore I should be offended as well, or (2) people are misinformed and piling on Apple for, as far as I’m concerned, little to no reason.
It was on by default - I toggled it off.
Nobody in their right mind would turn this on.
If Apple is indeed favouring their own ad services they might indeed be the target of very well funded antitrust-based legal campaigns. I assume the adtech companies would have at least threatened them with this.
So they are probably going to retune their own ad service to comply with the same before they go live with this change.
Nobody cares about individual users in the end, once in 50 years you might get a politician who rises to a populist challenge.
But when you take 1/2 of some major adjacent-competitors money away, then it's war. The stakes are 10's of billions and every lobbyist, lawyer, marketer, PR person is going to be engaged.
I wouldn't quite speculate on Apple's motivations here, but it's a very real and big issue. They can screw you and I, and even Fornite, but Facebook? An then 'self deal' with their own ads? Even that is a risk.
Ads to install apps, shown in App Store and News apps.
App install ads are also Facebook’s main mobile ad market. This crackdown specifically block’s Facebook’s ability to show attribution of app purchases for their ads, while preserving that ability for Apple by default.
I think you mean by design. Ads above search results can be tracked because they're shown within the App Store, so they don't require looking at "who is this user" from within the downloaded app, they can just differentiate based on where it was placed, like Google Ads. The only case I can see here is "why does apple get to be the only ones with ads on search results" but then you're arguing the same point you'd use against Google, so it all comes down to what the potential Google antitrust lawsuit says and if the DOJ cares about this enough to later file suit against Apple.
On by default -> financially the same as always on
Off by default -> financially doesn’t exist
Not even exposed in the UI -> no one would ever complain about it
Compare this with third-party advertising, where the use of IDFA does explicitly hand information to third parties that they otherwise wouldn't have. For example, the Facebook SDK is integrated into a bazillion different apps, so Facebook can track a single user across all of these different apps even if the user doesn't use Facebook login (or if they use Facebook login for a single one of these apps, Facebook can then associate the usage of all the other apps with that same login too).
The two are not remotely equivalent.
Now, I might go buy some ads from Facebook, because they provide a good value there. In the future, my only choice will be Apple, who won’t have to compete on price anymore because they cornered the market.
You're being downvoted because they still make money off of advertising:
"The iAd App Network was discontinued as of June 30, 2016. Since then the technology lives on in both Apple News Advertising and App Store Search Ads."
I think the settings should be combined, but Apple is in no way tracking users across sites, because they're not tracking users like that at all. Refusing to track users is the entire reason their "iAd" ad network failed!
If that is true, it absolutely contradicts Apple's claim that "Privacy is built in from the beginning":
I'd personally prefer not to have any of the ad tracking stuff, especially at the OS level.
Before the wave of whinging I'm not pro ads. I'm just pointing out this is a big disruption to the financial models of many free apps.
I feel like taking billions from Google to be the default search engine on iOS also did that
What a bummer! As an iOS user, I was eagerly looking forward to this feature, wanting to tell others about it and how the upgrade to iOS 14 would be worth it just to clearly expose apps that want to track users.
I already have ad tracking limited in my settings (Settings->Privacy->Limit Ad Tracking), but that was something I had to explicitly turn on, and there’s no notice on which apps use the ID for advertising.
I think waiting until early 2021 is better than having anything that depends on ad revenue see a huge dropoff until the industry figures things out.
That's an excellent reason to do it.
I detest tracking just as much as anyone else here but I'm skeptical this is the right way to go about dealing with it. A more sensible system would give users the choice between accepting targeted ads or paying a fee for the service.
Whenever an unsustainable free service comes out on HN, and it's something people actually want, there's often a comment saying "this seems unsustainable, so I don't think I can count on it; please let us pay you". The same thing applies to apps.
Any computer I own (including a phone) is supposed to represent its users interests; It is not supposed to be some compromise between betraying their trust and making money for ad networks.
(Personally, I already have limit tracking enabled. And I use custom DNS filtering, and a bunch of other BS. But my friends and family shouldn't need to do that to have their phone refuse to give information about them)
It could probably be argued that "people in general" are willing to pay for services they value and that a few current generations have just been irreparably "mis-trained" to expect free services, but in any free-ish market economy businesses will be incentivized to offer services with costs as hidden from the user and as externalized as possible.
HN has become a rant fest whenever ad tech gets mentioned.
but this does fit the "minuscule but very vocal minority" trend of our times.
For that it's also one of the few sites I would consider paying a membership for.
Disappointed in Apple on this one.
That's why the conspiracy-theorist in me thinks the tech companies have been pushing for HTTPs so heavily this past decade. It's "privacy" enabling sure, but at the same time makes it next to impossible to stop ad content and to break up tech data silos.
In no other domain is implicit, cross-arena tracking by default acceptable. Computers _should be_ no exception.
Maybe you don't think it should be acceptable, but it's the norm everywhere. Computers aren't an exception.
Your purchases are tracked by credit card companies. Your license plate is tracked by road cameras. Your financial history is tracked by credit bureaus. Your phone calls are tracked by your telephony provider.
And you haven't opted into any of them.
In fact, except for the annoying cookie pop-ups on websites, I've never encountered opt-in tracking anywhere in my life. Everything is tracking-by-default, and you're lucky if you get an option to opt out anywhere.
Most of the tracking you mentioned is done for purely functional purposes (the product/service can't work without knowing who you are, etc) where as the majority of online tracking is purely there for wasting people's time with ads.
What's a domain analogous to computers without tracking? I suppose all those are "by computers" at the end of the day, but I can't think of anything I do that isn't tracked somehow.
Facebook's concern isn't oriented around their revenue - it's about the 3rd party advertising ecosystem on mobile in general ($2B of FB's $80B revenue). FB and Google will take a small hit from their 3rd party mobile ad networks going away, but they still have their dominant 1st party businesses to fall back on.
Who this really hurts are the apps that don't directly sell their own ads and rely on a 3rd party network to monetize. Those apps' revenues will be chopped in half overnight, sending a shockwave throughout the entire mobile ecosystem.
FB and Google get poked in one eye, but most ad-supported apps will be blinded.
"We are committed to ensuring users can choose whether or not they allow an app to track them. To give developers time to make necessary changes, apps will be required to obtain permission to track users starting early next year. More information, including an update to the App Store Review Guidelines, will follow this fall."
A few examples that come to my mind:
Current battery level, typing speed, phone model, OS version, battery wear (guessable from charge/discharge rate), charge rate (depends on the charger), finger width, propensy to use features differently (scrolling, zooming, selecting text), clipboard contents, RTC lag, microbenchmark performance... System preferences alone is probably enough (brightness level, airplane mode, dark mode).
If a fingerprinting library is present in more than one app, I find it unlikely that both fingerprints couldn't be linked to the same user. If one of these apps has a log-in, they can probably link that up with the rest of browsing history, on-device and cross-device.
Sounds far-fetched? I don't think so. I rather think I'm underestimating the issue.
I think one technical answer to that would be to "taint" every measurement of a potential identifier, and track its usage across the program. If the app tries to submit information that is somewhat related, block it.
Alternatively, compute a score and block it above a certain threshold (that will be gamed, but could help a transition). Or use a RR-like mechanism to change the measurement to a dummy value, and replay up to the exfiltration point.
The walled garden certainly has problems but in this case a real benefit is that Apple forbids these kinds of technical workarounds. You can implement them, but do you want to run the risk of your app being banned from the only distribution channel on iOS because of it?
We'll need to see how well this is enforced and whether they will challenge bullshit excuses. I can already imagine the Facebook SDK sending its usual amount of PII and them saying "this is only for fraud protection (or a similar BS reason) and we pinky-promise to never use this information for anything else".
With GDPR cookie warnings, you’re required to opt in, but everybody uses dark UI patterns to make you “opt in” (like forcing you to uncheck each tracker individually, and claiming it takes several minutes to “update your preferences”)
"The advertisingIdentifier is an alphanumeric string unique to each device, that you only use for advertising."
Apple created an API for advertisers that gives them a unique identifier, specifically for the purpose of tracking users. This has been available since iOS 6, released in 2012.
Shame, shame on advertisers for using the thing that Apple made for them to use!
If Apple cares so much about privacy, why did they make this in the first place? Where has Apple been for the past 8 years?
Didn't seem to work.
> The advertiser I'd had always been opt in so it was progress for privacy.
It's opt out:
Edit: It’s funny how on HN, you can tell the ones who get triggered when you say something disparaging about adtech. Just interesting to see here vs other tech media outlets.
SKAdNetwork was poorly designed, it did not involve publishers and channels and till this week it was literally impossible to test. A 3 month period will allow all actors in the advertising industry to integrate and come up with solutions that protect the user's privacy.
If this was released in the current state, you are giving the whole advertising market in a silver plate to google and facebook, who because of their huge share of SDK integrations are much better prepared to overcome the limitations. The market would also shrink instantly, many publishers and channels would disappear, specially the small ones.
As a user I really don't care whether they can measure what they want. The adtech business must realise they've undermined consumer confidence so much that the only reason they're getting away with it is that it's so hidden.
Though personally my trust is so far gone that I really want the whole advertising industry to die. But I'm pretty sure most people would still be OK with it, if it is proven to be done in a non-malicious way. I still hear a lot of "targeted ads are more useful because they annoy me less" from people around me :)
But really they have a LOT to make up for.
And hopefully that will become "was" at some point.
> it is not about being creepy
The ad industry is a poor judge of what's creepy; their interests are not aligned with user interests.
> A 3 month period will allow all actors in the advertising industry to integrate and come up with solutions that protect the user's privacy.
The advertising industry has had a very long time to come up with solutions to protect the user's privacy. The only way it'll ever happen is if it's inflicted upon them. The less ready they are, the better.
> their interests are not aligned with user interests
How do you propose apps monetize going forward? The vast majority of users do not want to pay for the apps/utilities on their phones, but still appreciate the value these apps provide them nonetheless. Targeted advertising enables apps to provide these services to users for free by having marketing budgets front the cost. The removal of IDFA really only cripples the little guy, and speeds up the consolidation of wealth among Apple, Amazon, Google, and FB.
I'm curious what revenue model you would suggest for apps that wish to remain free, if not advertising-based?
Chicken and egg problem. There are enough free apps that they drag down user expectations for pricing. It's hard to figure out value on an absolute scale ("hmmm, is this worth $4?"), and easy to compare value on a relative scale ("wow, $8 seems expensive for an app"). Ads push the app market downwards.
> I'm curious what revenue model you would suggest for apps that wish to remain free
The same revenue model I'd suggest for any other kind of regularly produced content that can't charge or doesn't want to: patronage, subscriptions, sponsorships, merch, add-ons or regular updates that people want to pay for, services people want to pay for. Have you ever read some of the behind-the-scenes details from YouTube channels that support the people making them? Ads don't even come close to paying the bills, even if you're huge. Patronage, subscriptions, sponsorships, and merchandise do.
Also re: the Youtube anecdote - YT ads actually pay out quite well, especially if you're huge. You usually see Patreons, etc. from the smaller channels or content creators that want to hit a certain quality of life/stability. The top 10 YouTube channels easily clear $10M from ad rev alone.
They can still opt-in; not to mention this is about creepy ad targeting that exposes the user to lots of risk if the targeting data ever leaks (it's a time bomb); advertising per-se isn't banned, it just can't stalk the user.
However this will hopefully open the door for alternative monetization options, like you know, the old-school, boring paper bills that some people might have in their wallet and might be willing to hand over in exchange for a good app, service or product. ;)
I firmly recognise that this would have a vastly different market structure, would cause tremendous pain to many in the transition, and really, that this is very likely nowhere near as remunerative, but it's not inconceivable that the game itself would be means to inject experience into people's sense of identity in order to sell them the clothing and accessories for signalling that identity to others.
I agree that it would probably make it impossible to financially justify investing in time-wasting games that would not be compelling enough for people to engage at that level.
As a disclaimer, I'm also not convinced that maximising the gross financial product of the app ecosystem is inherently the 'Right Thing' from a public policy perspective, either.
But is is creepy, regardless of the reasons behind it, and some people might not be comfortable with that. Collecting that data also creates an ever-growing liability with the risk of the data eventually leaking and falling into malicious hands (including intelligence agencies) even if the original owner of the data wasn't misusing it.
I know I'm looking at this too simply but, fundamentally, is it not an increase in sales that defines the success of a marketing campaign? If the other methods of measurement are click-throughs, or verified views, or whatever else there may be, aren't these all essentially of meta-value only in comparison to actual sales?
That's the perspective of a company that actually sells "things" though, do you mean from the perspective of an advertising company?
There's a lot of meta going on. I guess that, from an advertising company perspective, they need stats to prove their campaigns are more effective then those of their competitors, which means they need to have more accurate or complete data on the various markets - and the more accurate and complete the data, the more invasive and present the tracking must be. What a race to the bottom.
> There is a whole industry that depends on tracking IDFA to function
Just because an industry exists, doesn't mean it's right. There's a whole industry that depends on the US voice carriers taking no action on spoofed number scam phone calls too.
Having already pissed off the advertisers, Apple felt threatened enough to turn around and alienate its power users.
Couldn't have been an easy decision...
They certainly still get to claim they are focused on privacy even if they decide to kick the can a few more times, since the notifications/controls will come “eventually”.
If you want to flip the switch right now for all third party apps:
Go to Settings > Privacy > Advertising.
Turn on Limit Ad Tracking.
But, I bet this is mostly antitrust related, the risk is too big on that front in the current context. Now, what I wonder is whether they'll adjust to play by the same rules as everyone else (and not using some extra features as detailed in the Forbes article mentioned in another comment ) or revert in some way.
What was Facebook going to do? Pull out of iOS? They had all the power.
I was about to grab some popcorn.
I'd liken it to reading a post on mumsnet.com with 100+ middle aged women arguing about 5g.
The "Do No Track" header is the perfect example, largely abandonded because when ad companies realised how many people would set it they just ignored it altogether. Thankfully with Apple's changes they, as the gatekeeps of the walled garden, can ban apps that don't respect the user's "don't track me" signal.
The ad industry has had an abundance of chances to fix these issues, but haven't. As a user I welcome Apple forcing their hand even if the business models of many apps will be broken as a result.
It's a cleansing by fire if you will.
If adtech collapses, a lot of scum will go out of business and will be replaced by something more lean that people would be happy to pay for (a social network can easily operate on $1/month/user). Nothing of value will be lost.
The entitlement of ad tech is unbelievable.
> I'd liken it to reading a post on mumsnet.com with 100+ middle aged women arguing
Yeah, women, amirite?
That is already a thing and there are already countermeasures: https://sponsor.ajay.app
Ads without tracking are an even less effective business model. We don't have to make ads stop working entirely, we just have to make them sufficiently ineffective that they're not worth paying enough to make ad revenue worthwhile.
And no, without apps people would be able to discover new things. Current ads are not about facts but connecting feelings with products.
At least we're not buying pet rocks now.
The benign ads can still be seen in China when people write their service and a phone number on the wall, basically the only graffiti you will see there.
Are we seriously going to blame ads for people buying stuff they need? I mean come on, this seems like a South Park episode, the Ads are self-aware and made us do it.
Current ads are not about facts? Please do tell when was a time ads were not about trying to awake emotions inside prospective customers? Check out The 22 Irrefutable Laws of Marketing by Jack Trout and Al Ries, a book old almost 30 years yet still holds today. Marketing (offline or online ads, it's all the same basis) has and always will be part psychological.
I don't know for you, but I would rather appreciate an ad about something which I found useful (a sponsored job posting in my field of work on Instagram) than get a random ad like the early 2000s ("This russian young lady can't wait to meet you").
While we might not like or appreciate ads from a technical perspective, it is beneath a developer's pride we must come to terms that ads are what puts bread to our tables.
Innovation and progress, especially in the internet age has occured thanks to the business potential of marketing and ads.
Ads started using psychology and emotions around 1900.
I would prefer a world without those ads. Here in Germany I even still have to endure ads for tobacco.
Ads would be completely unnecessary where I work, we have solely customers that pay a recurring fee.
The only innovation in advertising is about lying better to people and spy more on them. Ads have wasted so much potential of talented developers and creative people.
Other people's issues with financial self-control isn't a solid basis for being against something. By that logic, alcohol, clothing stores, videogames, literally anything that might influence people to buy things they don't really need is bad.
P.S. Speaking of videogames, I'm of the opinion that many mobile "gatcha" games should be regulated like gambling products. Hoping legislation catches up in this regard.
Alcohol is rightfully regulated. Video games in their modern pay to win kind should be too.
As a disclaimer to this I actually pay for ProtonMail and OSMaps because they’re products I use daily and feel that they deserve the money, however they do have free tiers and there are free alternatives to most Google software. I’d strongly suggest looking into de-Googling, there’s an entire subreddit dedicated to it.
If you don't have an iPhone/ iPad/ Mac, how else would Apple's privacy/ tracking policies apply to you?
We're talking about advertising and apps on iOS, those apps are absolutely free (and ad free) on any devices under discussion here. Otherwise, please feel free to ask about any other specific app on any other platform, because in almost all cases there is a free solution without advertising.
The idea that the world needs to run on advertising is nonsense. Likewise that developers/ end users somehow "need" advertising.
I don't have any trouble with advertising and tracking... so long as it's clear and obvious that it's happening and you have an easy way to opt out. This should make both sides happy.
There are areas where a totally "free market" doesn't work in the long-term benefit of society and regulation typically steps in. This is why for example health and safety is a thing (even though not caring about that would make businesses more profitable) or that in most civilized countries you are not allowed to dump toxic waste in the river even though it's cheaper than paying to have it recycled.
I’m sure you appreciate the irony of this given your “banning invasive tracking will be the end of civilisation” shtick.
Let’s compromise and permit advertising generally, while absolutely working as hard as possible to crush creepy and abusive practices, like secretly tracking individuals without their permission. Seems like everybody could reasonably sign up to that.
Absolutely. We should have understanding and we ban shit that is harmful.
Google could mine Photos I suppose, but there's no user graph there, and no text blurb, and no "likes", so it's less valuable. Google is also more reliant on tracking due to DoubleClick and ad exchanges. Be that as it may, Google search ads should also be unaffected.
Where this really hurts are ads shown in apps which are not controlled by Google/FB. Those would need an ID to know who you are in order to boost relevance. And that's being withdrawn. I'm not sure how much exposure FB has to that, though. I know Google is heavily exposed.
I also wonder why, because their apps already require a user to sign in. It must reference to cross-app tracking, I'm also surprised they were so dependent on that.
They were telling their customers to find an alternative monetization strategy since this wasn’t going to be worth it for them.
Furthermore, it's absolutely hilarious to think that the most valuable company in the world, with enough cash reserves to be able to almost buy FB outright, would somehow be willing to walk back their core value message because their, allegedly, value adversary asks. Apple made the change because they would have cratered their app economy and they themselves weren't going to play by their own rules, FB maybe played a role because $2B are a lot of money for the free apps, but they aren't a lot of money for FB. It's really hilarious to think that Apple gives a crap about what FB writes on their site, specifically when it's about privacy. Apples cares about its ecosystem, not about what FB says. Totally hilarious.