Apple appears to be bracing itself for a turf-war with the ad-tech community, stepping in to protect its users from Facebook’s increasingly nefarious privacy practices via an upgrade to its Safari browser across mobile and desktop.
At this week’s annual WWDC conference, Apple’s SVP of software, Craig Federighi announced that it will upgrade its Safari browser to limit the amount of data Facebook, Google and advertisers can collect on users without their consent.
“We’ve all seen these, these ‘Like’ buttons and share buttons,” said Federighi. “It turns out these can be used to track you whether you click on them or not. So this year, we’re shutting that down.”
When Apple’s next-generation operating systems, Mojave & iOS 12 roll out later this year, Safari will require users to opt-in to cookie and data collection, via a pop-up request, on a per-website basis.
The upgrade limits ‘fingerprinting’ technology that determine the specific device being used to access particular sites, along with font types, screen dimensions and plugins, which together can be used to identify users as they move across the web.
Users will also be better protected against having their contacts, photos, calendars and reminders accessed without their knowledge or permission.
The company also announced “App Limits,” which allows users to place a time limit on how much time they spend on particular apps.
The protections are designed to be a wake-up call for its customers regarding just how much of their personal information is being collected by Facebook, Google, Twitter and any site, business or advertiser that use their plugins.
Facebook users are tracked well beyond the borders of its network through ‘Like’ buttons, comment sections that plugin to other sites, and its array of ‘social plugins’ (or APIs) that are used to collect personal information from almost any website they visit.
Even for those who have not engaged in any way with content on Facebook, the recent controversy over Cambridge Analytica revealed that it and other companies, (like Google), track user activity all over the web, even if if you do not yourself have an account. (They get by with a little help from your friends).
Its decision to limit data-collection from third party websites follows the release of its Intelligent Tracking Prevention (ITP) feature last year, which deletes cookies after 24 hours, effectively placing a one-day time limit on ad retargeting.
Doubling-down on last year’s effort to secure user privacy will no-doubt be a significant point of contention for the ad-tech community which has become increasingly reliant on Facebook and Google data to ‘retarget’ advertising content based on user activity.
Retargeting company Criteo’s share-price ‘fell-off a cliff‘ last year following the introduction of the ITP feature. It is unlikely to be alone.
Dan Nolan, CTO of Proxima tells Which-50 that the privacy roll out is the first shot being fired in shutting down ad-tech on the internet.
“It’ll be interesting to see how cowed Google/Chrome is about this,” he says. “Firefox and Safari both releasing very powerful anti-tracking features that name and shame is going to be an incredibly powerful push to change the current models of advertising and tracking on the web.
“Google only built a browser so it could protect its turf. I believe other browser makers will be shamed into putting in similar tracking protections.”
Nolan says naming the brands tracking user activity will also help consumers make more intelligent decisions.
An ad-tech expert who commented on condition of anonymity as they are not authorised to speak to the media told Which-50 that this will not be the ad-apocalypse some are making it out to be.
“These types of limitations and changes to what is trackable have come and gone over time,” they said. “I recall times when we moved from Flash to HTML5 and we all thought it would be the end of the world. Then when we moved from HTTP to HTTPS, the same thing happened. Now we are seeing the same panic around GDPR and trackable elements online.”
The ad-tech expert says to never forget these two things when looking at the macro view:
“(a) Cookies have already passed their best-before date and will soon pass their expiry date. This means that smart publishers, agencies, brands and ad-tech providers are already thinking about how to market in a cookieless environment, and
(b) as long as there is money involved, there will be a technical work-around solution for smart digital advertisers.”
The AU digital advertising market is worth about $7 billion. The ad-tech expert says this means that any smart company will find a way to turn this challenge into an opportunity.
“For example, Liveramp is producing a device graph which is cookie-less and based on logged-on user information from multiple social media platforms. Lastly, if this was Google blocking tracking I’d be more worried. However, it’s Apple blocking tracking on Safari for people that log into social media applications via web browsers. How often will that happen, really?
“The structure of the digital advertising backbone will change and update periodically. It’s the job of all four factions (agency, advertiser, ad-tech and publisher) to adapt to these changes. It’s not survival of the fittest, it’s survival of the company that is best adaptable to change.”
However, Nolan says that the Safari privacy protections are not designed to affect how people browse Facebook, nor is it about people logging into social media applications via web browsers.
“It is about tracking their moves on every other site on the internet and then linking back to their profiles, that’s all that’s being blocked,” he said. “Almost all media and eCommerce sites include Facebook ‘Like’ buttons to collect this data. But it’s not just Facebook. It appears to be all third party cookies (Google Analytics, etc) that users will be asked to opt into, on a per website basis.
“That said, on iOS mobile, Safari is the only game in town. (Developers cannot build their own web engines on iOS, they have to use Apple’s, so even Chrome is using Apple technology behind the scenes). Once iOS 12 is live, all browsers will have this built-in protection.”
Apple is not a data company, nor has it expressed interest in becoming one. However, the latest announcement seems to contradict – or at least walk-back – a revelation by the New York Times that while Facebook was making promises to better protect its users’ privacy, it had secretly created exceptions for mobile, tablet and other device manufacturers – including Apple – that were provided with volumes of personal user information via third-party apps.
Facebook formed data-sharing partnerships with at least 60 companies including Apple, Amazon, BlackBerry, Microsoft and Samsung, potentially in violation of the US Federal Trade Commission’s 2011 consent decree.
Apple claims it relied on private access to features that included allowing users to post photos to Facebook without opening the app. However, it said it revoked smartphone access last September.
Facebook defended its decision, claiming device manufacturers were limited as to what user information they could use in order to achieve different versions of “the Facebook experience”.