Apple Previews New Privacy-Focused Ad Tracking Solution Coming to Safari Later This Year

Discussion in 'Mac Blog Discussion' started by MacRumors, May 22, 2019.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Apple today previewed a new Safari feature called Privacy Preserving Ad Click Attribution that it says will allow advertisers to measure the effectiveness of their ad campaigns on the web without compromising user privacy.


    In a blog post, WebKit engineer John Wilander explains that ad click attribution has traditionally been done through the use of cookies and so-called "tracking pixels," allowing both the advertiser and the website where the ad was placed to know when someone has clicked on an ad and later purchased something.

    Wilander says the traditional method of ad click attribution has no practical limit on data, allowing for full cross-site tracking of users using cookies. "We believe this is privacy invasive and thus we are obliged to prevent such ad click attribution from happening in Safari and WebKit," he wrote.

    Thus, Apple has proposed a modern solution that it says doesn't allow for cross-site tracking of users but does provide a means of measuring the effectiveness of online ads. The feature is built into the browser itself and runs on-device, meaning that the browser vendor does not see any of the ad data.

    Here is Apple's summary of its privacy considerations for the feature:Only links served on first-party pages should be able to store ad click attribution data.
    Neither the website where the ad click happens nor the website where the conversion happens should be able to see whether ad click data has been stored, has been matched, or is scheduled for reporting.
    Ad clicks should only be stored for a limited time, such as a week.
    The entropy of both ad campaign ID and conversion data needs to be restricted to a point where this data cannot be repurposed for cross-site tracking of users. We propose six bits each for these two pieces of data, or values between 0 and 63.
    Ad click attribution requests should be delayed randomly between 24 to 48 hours. This makes sure that a conversion that happens shortly after an ad click will not allow for speculative cross-site profiling of the user. The randomness in the delay makes sure the request does not in itself reveal when during the day the conversion happened.
    The browser should not guarantee any specific order in which multiple ad click attribution requests are sent, since the order itself could be abused to increase the entropy and allow for cross-site tracking of users.
    The browser should use an ephemeral session aka Private or Incognito Mode to make ad click attribution requests.
    The browser should not use or accept any credentials such as cookies, client certificates, or Basic Authentication in ad click attribution requests or responses.
    The browser should offer a way to turn ad click attribution on and off. We intend to have the default setting to be on to encourage websites to move to this technology and abandon general cross-site tracking.
    The browser should not enable ad click attribution in Private/Incognito Mode.Privacy Preserving Ad Click Attribution is available as an experimental feature in Safari Technology Preview 82 and later. To turn on the feature, enable the Develop menu and navigate to the Experimental Features submenu.

    Apple says the feature will be turned on for web developers later this year. The company has also recommended it as a web standard to the W3C.

    Article Link: Apple Previews New Privacy-Focused Ad Tracking Solution Coming to Safari Later This Year
  2. now i see it macrumors 68040

    Jan 2, 2002
    nice improvement, but does anyone really click on ads these days or even see them anymore now that there's ad blockers?
  3. SBlue1 macrumors 65816


    Oct 17, 2008
    I use ad blockers, not because I hate ads as I know websites need to make money too. But because of the tracking. So anything Apple does in this direction is welcome.
  4. BigBoy2018, May 22, 2019
    Last edited: May 22, 2019

    BigBoy2018 macrumors 6502a


    Oct 23, 2018
    This could be a nice compromise between letting advertisers survive in the brutal www environment while also keeping users safe.

    Personally I dont use ad blockers, I just dont click on the ads.

    Then theres websites that will have an ad pop up over their content (CNN is a big offender). I just avoid those sites completely if at all possible.

    P.S. and no, I don't have anything against CNN, except I hate the ads they allow on their site.
  5. FaustsHausUK macrumors regular


    Mar 11, 2010
    Chicago, IL
    I block ads on mobile, because I don’t need megabytes of junk slowing my experience, but not on desktop. I feel that’s a fair compromise. Brave, Apple’s Webkit team and Microsoft Edge are doing great work where privacy is concerned, glad to see more proactive work on this front - hope this approach becomes standard.
  6. JetTester macrumors 6502

    Feb 12, 2014
    My experience has been that ad blockers are a bit hit and miss about what they actually block, so hopefully having some smarts built into Safari will be both more reliable, and a reasonable compromise for users and advertisers.
  7. newagemac macrumors 68020

    Mar 31, 2010
    Is this a serious question? How did you think Google and Facebook make there billions? Of course people click on ads. All the time. In fact, a study shows that 65% of clicks on Google Search results pages are click on ads while only 35% of clicks are on the organic results. And this number has been increasing over time.
  8. KazKam macrumors 6502


    Oct 25, 2011
    I'd argue that's only because of Google's "dark" placement tactics, disguising ads as the top few search results. Users think they're clicking on legitimate search results, not placed/promoted ads.
  9. szw-mapple fan macrumors 65816

    szw-mapple fan

    Jul 28, 2012
    It's no longer so much about clicking the ads anymore, although it's still important. With fingerprinting and cross-site tracking, advertisers can find out your purchase behaviour and ad effectiveness without you even clicking on the ad.
  10. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    You don't even need to click anything.. Just visiting a website would get revenue..
    Ideally, "cookies" could be circumvented so track everything,, don't blame cookies as it's more convenient.

    Blame the browser for allowing this same cookie NOT to be verified.

    Similar to how firewalls work to verify its destinations, cookies could be checked its from only from the website as well, instead being 'ad based, (where ever the same ad appears" is not helpful, but useful to advertisers..

    A much better way would be "per-domain"... not where the ad re-appears again elsewhere on the internet. Just gives Apple an excuse for this tool

    I'm sure something like that can be achieved better...
  11. ILikeAllOS macrumors 6502


    Jul 28, 2011
    Tampa Bay
    You would be surprised how few people actually use ad-blockers.
  12. nvmls macrumors 6502a


    Mar 31, 2011
    Brave solved this long ago. Also, performance wise, it wipes off Safari without breaking a sweat.
  13. Vjosullivan macrumors 6502a


    Oct 21, 2013
    Interesting, but I'm not sure I want Apple regulating Internet usage. If regulation is required it shouldn't be at the whims of big corporations making rules that favour their own profit model, which is basically what this is, and claiming that they are doing it for our benefit.
  14. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    It doesn't have to be regulation, when you have the 'choice of browser to use'

    It benefits those who choose to use Safari on a Mac,, doesn't mean at all you must.. which changes the whole concept.
  15. weup togo macrumors 6502

    May 6, 2016
    The web, iOS, & tvOS are a cesspool of surveillance companies tracking literally your every move. Apple's browser-based bandaids are meaningless in the face of the corrupt ecosystem they've built.

    Run for your entire network. Never use anyone else's DNS. Always VPN home from any of your devices. It's the only way to have even a shred of control over this nightmare.

Share This Page

14 May 22, 2019