We’ve been talking a lot about sleazy ways in which the online advertising industry is conspiring with browser makers – who also happen to be in the online advertising industry – to weaken privacy features so they can still track you and the ads they serve you, but with “privacy”. They’re trying really hard to make it seem as if they’re doing us a huge favour by making tracking slightly more private, and browser makers are falling over themselves to convince us that allowing some user and ad tracking is the only way to stop the kind of total everything, everywhere, all at once tracking we have now.
We’ve got Google and Chrome pushing something called “Privacy Sandbox“, and we’ve got Mozilla and Facebook pushing something called “Privacy-Preserving Attribution“, both of which are designed to give the advertising industry slightly more private tracking in the desperate hope they won’t still be doing a lot more tracking on the side. Safari users, meanwhile, have been feeling pretty good about all of this in the knowledge Apple cares about privacy, so surely Safari won’t be doing any of this.
You know where this is going, right?
Today, the WebKit project published a lengthy blog post detailing all the various additional measures it’s taking to make its Private Browsing mode more, well, private, and a lot of them are great moves, very welcome, and ensure that private browsing on Safari is a little bit more private than it is on Chrome, as the blog post gleefully points out. However, not long into the blog post, the shoe drops.
We also expanded Web AdAttributionKit (formerly Private Click Measurement) as a replacement for tracking parameters in URL to help developers understand the performance of their marketing campaigns even under Private Browsing.
↫ John Wilander, Charlie Wolfe, Matthew Finkel, Wenson Hsieh, and Keith Holleman
A little further down, they go into more detail:
Web AdAttributionKit (formerly Private Click Measurement) is a way for advertisers, websites, and apps to implement ad attribution and click measurement in a privacy-preserving way. You can read more about it here. Alongside the new suite of enhanced privacy protections in Private Browsing, Safari also brings a version of Web AdAttributionKit to Private Browsing. This allows click measurement and attribution to continue working in a privacy-preserving manner.
↫ John Wilander, Charlie Wolfe, Matthew Finkel, Wenson Hsieh, and Keith Holleman
So not only does Safari already include the kind of tracking technology everyone is – rightfully – attacking Mozilla over for adding it to Firefox, Apple and the Safari team are actually taking it a step further and making this ad tracking technology available in private browsing mode. The technology is limited a bit more in Private Browsing mode, but its intent is preserved: to track you and the ads you see online.
I would hazard a guess that when you enable a browser’s private browsing or incognito mode, you assume that means zero tracking. We already know that Chrome’s Incognito mode leaks data like a sieve with bullet holes in it, and now it seems Safari’s Private Browsing mode, too, is going to allow advertisers to track you and the ads you see – blog post full of fancy privacy features be damned.
Do you know those “Around the web” chumboxes? Even if you’re unfamiliar with the term, you’ve most definitely seen these things all over the web, and really hate them. A major player in the chumbox business is a company called Taboola, a name that’s quite despised and reviled online. Popular Apple blogger John Gruber called Taboola a “slumlord” and the “lowest common denominator clickbait property“. Do you want to know which major technology company just signed a massive deal with Taboola?
Ad tech giant Taboola has struck a deal with Apple to power native advertising within the Apple News and Apple Stocks apps, Taboola founder and CEO Adam Singolda told Axios.
↫ Sara Fischer at Axios
Apple needs to find new markets to keep growing, and clearly, pestering its users with upsells and subscriptions to its services isn’t enough. The online advertising industry is massive – just look at Google’s and Facebook’s financial disclosures – and Apple seems to be interested in taking a bigger slice of that fat pie. And as Google and now Mozilla are finding out, a browser that blocks ads and ad tracking kind of gets in the way of that.
Anyone who can make and sell plug-and-play Pi-Hole devices even normal people can use is going to make a killing.
Welcome to the brave new middle ages! Choose your techno-feudal overlord wisely, dear peasant.
It pisses me off that businesses always feel the need to “keep growing”, even when they’re already so massive and profitable. Like, you’ve already made it! Now slow down and be a decent part of humanity. This is why corporations have no morals.
Shareholder supremacy is fun: https://www.wheresyoured.at/tss/
The article explains it better, but the short version is, how much money a company makes its shareholders (and therefore how “good” it is) at this point has almost no relation to how functional it is. Anything that makes the numbers go up is good, and hype and bullshit are better at this than actual productivity.
Generally speaking, small percentage of people have issues in regards to protecting their privacy online. To actually do something about it, still even such people need email or do search the web or use one of the services from big tech advertises. Majority of people doesn’t even care and is rather OK with giving away their privacy, willing to become a product and hence as they say to get something for free. As this news is about Apple, here it gets interesting as majority of Apple users will claim Apple doesn’t take their privacy away. That Apple is protecting their privacy. So basically all people in this day and age give their privacy away, to tech giants and states, it’s the perception that differs so much, that is rather interesting.
Thom Holwerda,
I sided with google when this lawsuit came out. People fundamentally misunderstood that “private browsing” and “incognito mode” were client side features and had no effect (or control over) server side data practices at all. I don’t think they ever claimed it did. Incognito mode WILL prevent your browser from sending identifying information on its own, but it WILL NOT prevent your data from being collected by the server if you expressly send it yourself while in incognito mode. I don’t believe Google had any malice here, but ordinary people (and the judge in the case) were ignorant of the limitations of client-side browser privacy modes and for that google were found guilty.
This is end-game capitalism for you!
Some routers do include adblocking functionality:
https://support.netduma.com/support/solutions/articles/16000133055-using-adblocker-on-xr1000
I still prefer adblocking in the client though as it’s more capable than a DNS based solution like PiHole. I also predict that one day DNS methods will stop working as DNS over TLS or HTTPS are enforced. Not yet, but maybe in a few years time you’ll need the enterprise version of the browser to set your own DNS.
Oh yes some routers do include adblocking functionality. They also have the ability to send metrics back to the cloud. I’m not sure what the ultimate privacy preserving recipe is right now, but consider that right now at a minumum the following have access to some of yuour brouwsing activity:
The page you visit
Third party tracking mechanisms built into the page.
The browser itself/vendor
Many plugins/vendors
The operating system/vendors
Your router/vendor
Your ISP
Thats a lot of gaps to cover.
Bill Shooter of Bul,
I try to avoid “cloud” devices because I don’t want corporations having control over my hardware, but these days almost everyone phones home. In principal IOT can be beneficial but too many companies are engineering products & services in bad faith, making devices spy on us and keeping us dependent on vendor locked services. I have gripes over a manufacturer for bricking my smart thermostat, I bought it specifically for the local API, but even that stopped working. Ugh! Companies need to be held accountable for their contributions to the ewaste problem. I think that a financial penalty is the only thing they’ll actually listen to.
Anyway I’ve gone off on a tangent, sorry, haha. An adblocking router doesn’t necessarily have to be engineered to abuse user privacy/ownership, but you’re right it’s something we all need to watch out for everywhere these days.
Is this part of only Safari or all iOS browsers (i.e. baked into Webkit)?
Also, can this be disabled in the settings?
It is not baked into webpositive in Haiku nor qt-webkit on kde yet afaik. And webkit-gtk will never accept such changes.
This is fud. You are superimposing your own bias on the information provided leading to a position based not on reality, but on your own perception of reality. You are not actually saying ‘Apple is doing this bad thing’ but rather ‘Apple is shady and so even though there is no proof they do anything bad you should expect they do this bad thing’.
You are not being tracked through Web AdAttributionKit. The ad unit is being tracked. There is no information about you. There is no way to get ad information about you. It’s actually so f*cking difficult to get data about you that even if a user does click on your ad, install your app, sign in and give you ALL their personal information, you still have no way of knowing which ad or which ad placement that came from.
If ( and only if ) there is enough volume around a data point that you can’t correlate it to a user will Apple share that data point with you. So if you have 10 clicks on a website leading to 10 installs Apple won’t tell you which website those came from because you could then tell that those 10 users visited that website.
Let me guess, an Apple user? Overall believing Apple is protecting your privacy.
Come on Tom. You know that people do not want to pay for content. So how do you do? You give your content for free? How many users are paying for OSnews? There is a big hypocresy here. People want everything “free” but they do not want to see ads.
I pay. Not much at all cuz I’m fairly poor but I still pay.
Now, onto something more relevant, if even Firefox betrays the FOSS principles, where does this leave us? Any true “alternative” browsers or are we standing on the brink of a dual set-up, one browser for for banks and another another one for free content like OSNews or TheGuardian (and Yes, I pay TheGuardian too)?
What percentage of all of the websites you visit you pay for? I imagine is at most 10%. But lets say 50%. What do the other 50% do about it?
While this is true, keep in mind that in Safari’s settings, you can turn OFF “Privacy Preserving Ad Measurement,” and then no data will be sent. It’s on by default, but you can turn it off.