> Basically, IDFA was Apple’s attempt to work with companies to provide a way to offer a sanctioned identifier for advertising tracking that respected user privacy and user control over tracking. It didn’t work — these companies have no respect for user privacy or user control, even with IDFA.
I'd disagree with this part - I think IDFA worked as designed, Apple has changed in terms of what they're marketing and how much power they have to enforce their vision.
Apple created IDFA in 2012 to give users a way to control and reset their advertising ID. It worked as designed. Advertisers could track users, but users had control to reset their advertising ID to disassociate their data. Later Apple introduced the option to disable tracking but it was opt-in, not opt-out, so most users still allowed tracking and didn't realize it's happening.
In iOS 14, they've created an opt-in system, (which everyone knows most users won't opt into) and a ban hammer for apps that violate the spirit of that opt-in.
Ten years ago Apple wasn't running ads about privacy and they were working on building out the App Store. Hell, 2012 is also when they introduced signing into Facebook and Twitter built into the operating system. Smacking down ad networks and decreasing revenue for app developers would have been a lot harder. They're in a much better position now.
>Privacy means people know what they're signing up for, in plain English and repeatedly
>I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data
I think the issue was that Apple bungled IDFA by not making in opt-in initially and now are trying to correct their mistakes.
Apple was vilified 10 years ago for this stance, but at the end of the day they were right with their opt-in view on tracking and how pervasive silicon valley was going to become with collecting data.
> think IDFA worked as designed, Apple has changed in terms of what they're marketing and how much power they have to enforce their vision.
Companies improve their products and sometimes it changes the ecosystem. This is way better than, say, the car industry who fought safety enhancements for decades. This is improving safety for their customers; the people who believe they will suffer for this are like the high-interest payday lenders of the internet.
Apple has taken a pro-privacy position for longer than the iphone has existed. Execution has not always been great but I do believe their position is genuine. However I’ll let them defend themselves on this one: they have a communications group.
I’m not trying to claim they are saints, merely that I believe that their pattern of actions Has shown a longstanding interest in their customers’ privacy. Perfect? No, but higher than any others, AFAICT.
PS: if you want another car analogy: certain other actions by Apple remind me of the car companies’ proprietary extensions to the open OBD-II. So again, not saints.
Unfortunately their protections do not really apply to their own apps.
While 3rd party apps need to show individual dialogs to get access to location data, all their own services (eg. data collection for maps, or the "Find My" network) automatically get access to location data if you enable location data on your device.
Slight issue with privacy is that any persistent source with sufficient entropy is going to be a unique identifier, and even low entropy sources when used together create an n^n^n... sized field of identifiers. Same goes for browser fingerprinting, it's the same set of techniques.
> Through apps, CAID collects user device data, such as the device start-up time, model, time zone, country, language and IP address.
Any business whose gross margin per unit is as low as P&G's is effectively an advertising company with a smelly water supplier in the back. We can probably expect the same surveillance techniques from the other CPG manufacturers as well.
The browser itself has become parasitic, and the only viable way to mitigate this predatory advertiser and surveillance problem is to recognize and delineate the difference between what can only be described as the hegemonic internet (hegemonet?) and private channels like matrix/element, or previously irc and other ways of connecting.
You can win at "whack a mole" by hitting harder. Pass some real legislation and fine P&G a billion dollars. Works better than any amount of technology-level detection.
>And what is Apple going to do if they do identify apps in China using CAID in flagrant violation of the App Store rules, if those apps have the backing (implicit or explicit) of the Chinese government?
The CPC is on Apple's side when it comes to privacy.
> Doing this is clearly against Apple’s rules. The questions are: Can Apple detect these techniques? And what is Apple going to do if they do identify apps in China using CAID in flagrant violation of the App Store rules, if those apps have the backing (implicit or explicit) of the Chinese government?
As much as I love Apple’s move for more robust privacy policies, I doubt that they have a chance to prevent this from happening. From a tech perspective, because it requires a lot of effort to detect these.
But also from a business perspective. It's one thing to ban a game, but banning WeChat?
I don't get the connection to WeChat here. You need to log in anyways, so why should WeChat run any fingerprinting? The user ID is right there, given by the user.
WeChat may have a convenient way to track users within the app, but a "device ID" equivalent is still useful for ad agencies to transparently target users on other apps based on the things they do on WeChat. (Otherwise, they'd need to add more user friction - for example, forcing users to link accounts.)
For context, some have argued [0] that modern Chinese life, in many ways, revolves around WeChat - chat, payments, location sharing, games, and more - and I don't find any reason to doubt those claims.
Sure, Apple could say no if WeChat decided to integrate fingerprint-driven tracking on iOS, but because of WeChat being a "super app" in China, Tencent could just say "sure, we'll stop supporting iOS" and that would cut iOS devices off from one of the most used apps in China, and make everyday life harder for everyone in China with an iPhone.
With iOS being the minority player in China [1][2], Tencent can likely get away with it too - I don't foresee a competitor rising up out of nowhere especially when WeChat still has a deep network effect for the remaining 78-82% of the population that uses Android.
I would guess what they want is the ability to link behavior outside of WeChat (e.g. looking at computer monitors on Amazon, and then reading tech news on the Verge) with your profile on WeChat. Apple’s changes are in part designed to limit the abilities for entities to track you via third party cookies as you go around the web; device fingerprinting would be a substitute for those third party cookies.
Attaching a username to a legal name is one high-level fusion.
Attaching these names to a device ID is another.
Attaching that to a different app and username are a couple more.
This account information can be used in finding out when that user logs into another device.
If any of those devices are sharing browsing history then that can be fused to online accounts.
If any of those devices are active during daily commutes can fuse brick-and-mortar shopping destinations, place of employment, what daycare watches their kids, where Mom and Dad live.
Maybe, some of that data is embarrassing. Maybe, some of that data could be used to tell a story about you. Maybe, that story if false... but, would be very difficult to refute if made public. Maybe, you should just work with us (this one time, I promise) rather than have your whole life turned upside down...
No drop of water takes responsibility for the flood.
Ironically -- and I don't use that phrase lightly but this is Apple apologist Gruber -- the context of et tu is weaker persons banding together to stop an out of control tyrant.
Brutus was by at least a whisker on the right side of history at et tu time.
And his self-interest was raw mortal threat. Proscription lists were a thing.
As another halo company, P&G is an Apple rival and Apple doesn't cooperate with it in developing its policies. Apple develops its policies solely in its self interest. And changes them without input from stakeholders.
Thusly I argue that "ironically" is justified here. YMMV.
Maybe it's me being bad in reading diplomatic, but Apple directly states:
> Apps that are found to disregard the user’s choice will be rejected
So, if I'm reading this correctly, if the apps will be found violating the policy they will be pulled/rejected? This statement seems pretty clear to me, to be honest.
They probably won’t pull WeChat but they could easily refuse updates while disabling tracking points. After all, there is no reason an app can’t be told an iPhone booted up on January 1st, 1970.
Readit News
I'd disagree with this part - I think IDFA worked as designed, Apple has changed in terms of what they're marketing and how much power they have to enforce their vision.
Apple created IDFA in 2012 to give users a way to control and reset their advertising ID. It worked as designed. Advertisers could track users, but users had control to reset their advertising ID to disassociate their data. Later Apple introduced the option to disable tracking but it was opt-in, not opt-out, so most users still allowed tracking and didn't realize it's happening.
In iOS 14, they've created an opt-in system, (which everyone knows most users won't opt into) and a ban hammer for apps that violate the spirit of that opt-in.
Ten years ago Apple wasn't running ads about privacy and they were working on building out the App Store. Hell, 2012 is also when they introduced signing into Facebook and Twitter built into the operating system. Smacking down ad networks and decreasing revenue for app developers would have been a lot harder. They're in a much better position now.
Steve did
https://www.youtube.com/watch?v=39iKLwlUqBo
>Privacy means people know what they're signing up for, in plain English and repeatedly
>I believe people are smart and some people want to share more data than other people do. Ask them. Ask them every time. Make them tell you to stop asking them if they get tired of your asking them. Let them know precisely what you're going to do with their data
I think the issue was that Apple bungled IDFA by not making in opt-in initially and now are trying to correct their mistakes.
Apple was vilified 10 years ago for this stance, but at the end of the day they were right with their opt-in view on tracking and how pervasive silicon valley was going to become with collecting data.
Companies improve their products and sometimes it changes the ecosystem. This is way better than, say, the car industry who fought safety enhancements for decades. This is improving safety for their customers; the people who believe they will suffer for this are like the high-interest payday lenders of the internet.
Apple has taken a pro-privacy position for longer than the iphone has existed. Execution has not always been great but I do believe their position is genuine. However I’ll let them defend themselves on this one: they have a communications group.
I’m not trying to claim they are saints, merely that I believe that their pattern of actions Has shown a longstanding interest in their customers’ privacy. Perfect? No, but higher than any others, AFAICT.
PS: if you want another car analogy: certain other actions by Apple remind me of the car companies’ proprietary extensions to the open OBD-II. So again, not saints.
While 3rd party apps need to show individual dialogs to get access to location data, all their own services (eg. data collection for maps, or the "Find My" network) automatically get access to location data if you enable location data on your device.
> Through apps, CAID collects user device data, such as the device start-up time, model, time zone, country, language and IP address.
Any business whose gross margin per unit is as low as P&G's is effectively an advertising company with a smelly water supplier in the back. We can probably expect the same surveillance techniques from the other CPG manufacturers as well.
The browser itself has become parasitic, and the only viable way to mitigate this predatory advertiser and surveillance problem is to recognize and delineate the difference between what can only be described as the hegemonic internet (hegemonet?) and private channels like matrix/element, or previously irc and other ways of connecting.
What China wants may be completely different than what we want and they have space at the table too
The CPC is on Apple's side when it comes to privacy.
https://www.reuters.com/article/us-china-cac-personaldata-id...
As much as I love Apple’s move for more robust privacy policies, I doubt that they have a chance to prevent this from happening. From a tech perspective, because it requires a lot of effort to detect these.
But also from a business perspective. It's one thing to ban a game, but banning WeChat?
For context, some have argued [0] that modern Chinese life, in many ways, revolves around WeChat - chat, payments, location sharing, games, and more - and I don't find any reason to doubt those claims.
Sure, Apple could say no if WeChat decided to integrate fingerprint-driven tracking on iOS, but because of WeChat being a "super app" in China, Tencent could just say "sure, we'll stop supporting iOS" and that would cut iOS devices off from one of the most used apps in China, and make everyday life harder for everyone in China with an iPhone.
With iOS being the minority player in China [1][2], Tencent can likely get away with it too - I don't foresee a competitor rising up out of nowhere especially when WeChat still has a deep network effect for the remaining 78-82% of the population that uses Android.
[0]: obtained from Wikipedia: https://web.archive.org/web/20170103135948/https://www.fastc...
[1]: https://www.kantarworldpanel.com/global/smartphone-os-market...
[2]: https://gs.statcounter.com/os-market-share/mobile/china
If any of those devices are sharing browsing history then that can be fused to online accounts. If any of those devices are active during daily commutes can fuse brick-and-mortar shopping destinations, place of employment, what daycare watches their kids, where Mom and Dad live.
Maybe, some of that data is embarrassing. Maybe, some of that data could be used to tell a story about you. Maybe, that story if false... but, would be very difficult to refute if made public. Maybe, you should just work with us (this one time, I promise) rather than have your whole life turned upside down...
No drop of water takes responsibility for the flood.
Brutus was by at least a whisker on the right side of history at et tu time.
And his self-interest was raw mortal threat. Proscription lists were a thing.
As another halo company, P&G is an Apple rival and Apple doesn't cooperate with it in developing its policies. Apple develops its policies solely in its self interest. And changes them without input from stakeholders.
Thusly I argue that "ironically" is justified here. YMMV.
> Apps that are found to disregard the user’s choice will be rejected
So, if I'm reading this correctly, if the apps will be found violating the policy they will be pulled/rejected? This statement seems pretty clear to me, to be honest.