Apple Does Right By Its Users... And Advertisers Are Displeased

Authored by Andres Arrieta via The Electronic Frontier Foundation,

With the new Safari 11 update, Apple takes an important step to protect your privacy, specifically how your browsing habits are tracked and shared with parties other than the sites you visit.

In response, Apple is getting criticized by the advertising industry for "destroying the Internet's economic model." While the advertising industry is trying to shift the conversation to what they call the economic model of the Internet, the conversation must instead focus on the indiscriminate tracking of users and the violation of their privacy.

When you browse the web, you might think that your information only lives in the service you choose to visit. However, many sites load elements that share your data with third parties. First-party cookies are set by the domain you are visiting, allowing sites to recognize you from your previous visits but not to track you across other sites. For example, if you visit first and then, your visit would only be known to each site. In contrast, third-party cookies are those set by any other domains than the one you are visiting, and were created to circumvent the original design of cookies. In this case, when you would visit and loads as well, would be able to track you an all sites that you visit where its tracker is loaded.

Websites commonly use third-party tracking to allow analytics services, data brokerages, and advertising companies to set unique cookies. This data is aggregated into individual profiles and fed into a real-time auction process where companies get to bid for the right to serve an ad to a user when they visit a page. This mechanism can be used for general behavioral advertising but also for “retargeting.” In the latter case,  the vendor of a product viewed on one site buys the chance to target the user later with ads for the same product on other sites around the web. As a user, you should be able to expect you will be treated with respect and that your personal browsing habits will be protected. When websites share your behavior without your knowledge, that trust is broken.

Safari has been blocking third-party cookies by default since Safari 5.1, released in 2010, and has been key to Apple’s emerging identity as a defender of user privacy. Safari distinguished between these seedy cookies from those placed on our machines by first parties - sites we visit intentionally. From 2011 onwards, advertising companies have been devising ways to circumvent these protections. One of the biggest retargeters, Criteo, even acquired a patent on a technique to subvert this protection. Criteo, however, was not the first company to circumvent Safari's user protection. In 2012, Google paid 22.5 million dollars to settle an action by the FTC after they used another workaround to track Safari users with cookies from the DoubleClick Ad Network. Safari had an exception to the third-party ban for submission forms where the user entered data deliberately (e.g. to sign up). Google exploited this loophole when Safari users visited sites participating in Google's advertising network to set a unique cookie.

The new Safari update, with Intelligent Tracking Prevention, closes loopholes around third-party cookie-blocking by using machine learning to distinguish the sites a user has a relationship with from those they don’t, and treating the cookies differently based on that. When you visit a site, any cookies that are set can be used in a third-party context for twenty-four hours. During the first twenty-four hours the third-party cookies can be used to track the user, but afterward can only be used to login and not to track. This means that sites that you visit regularly are not significantly affected. The companies this will hit hardest are ad companies unconnected with any major publisher.

At EFF we understand the need for sites to build a successful business model, but this should not come at the expense of people's privacy. This is why we launched initiatives like the EFF DNT Policy and tools like Privacy Badger. These initiatives and tools target tracking, not advertising. Rather than attacking Apple for serving their users, the advertising industry should treat this as an opportunity to change direction and develop advertising models that respect (and not exploit) users.

Apple has been a powerful force in user privacy on a mass scale in recent years, as reflected by their support for encryption, the intelligent processing of user data on device rather than in the cloud, and limitations on ad tracking on mobile and desktop. By some estimates, Apple handles 30% of all pages on mobile. Safari's innovations are not the silver bullet that will stop all tracking, but by stepping up to protect their users’ privacy Apple has set a challenge for other browser developers. When the user's privacy interests conflict with the business models of the advertising technology complex, is it possible to be neutral? We hope that Mozilla, Microsoft and Google will follow Apple, Brave and Opera's lead.


Arnold Mon, 09/25/2017 - 09:17 Permalink

I an buy an app in the Microsoft gift shop called Adblock.
May be effective with Windows 10, but I doubt it.

This Edge Browser they have is a piece of user unmanageable shit.

NiggaPleeze Joe Davola Mon, 09/25/2017 - 10:49 Permalink

"We hope that Mozilla, Microsoft and Google will follow Apple, Brave and Opera's lead."

LOL, Google?  The Big Brother/Police State/Globalist/Communist/Beast?Being unfortunate enough to be forced to use Android, Google goes out of its way to force you to upload everything to "the Cloud" (read: under their full control).  It's gotten to the point where the Maps app won't even save your search history, you have to agree to upload everything you do to the cloud first.  Obviously that is a punishment for not agreeing to share what little they don't take withour your permission already.  They want your total subjugation.No, Google most certainly won't be joining any meaningful privacy initiatives, ever.

In reply to by Joe Davola

GreatUncle NiggaPleeze Mon, 09/25/2017 - 12:04 Permalink

Microsoft, Google etc. are currently looking to shut down any and all unathorized outlets so you have to use theirs and be monitored.e.g. Microsoft intentionally block self signed certificates on a users own server and no fix for it even if you put the certifcate into your own certificate store.But ... hey that's okay now. The server does not have to be secure if the data upon it is.Pushed through an ecrypted data blob onto an ftp server today with a non standard program because you don't need sftp if the data is secured.

In reply to by NiggaPleeze

LyLo Luc X. Ifer Mon, 09/25/2017 - 09:55 Permalink

"Monetizing eyeballs."For those of us from the past, this is an extremely familiar phrase that was well known and bandied about like it had actual meaning.  It came into vogue about 20 years ago, and fell out of fashion almost as quickly a few years later...  When we all collectively realized that in order to add value to an economy one needed slightly more than access to a population blessed with sight.Speaking aloud the ingredients to the magic spell always negate its effectiveness.  Can't see it ending differently this time, sadly.

In reply to by Luc X. Ifer

pigpen Dr. Engali Mon, 09/25/2017 - 10:22 Permalink

Dr. Engali, So true. Brave browser is fantastic. While Safari does block tracking, it doesn't block advertising.Brave blocks tracking and advertising by default. Easy for your mother in law to install. Set it and forget it.Blocks all ads and tracking even when you run your social media apps out of the browser, even YouTube.I pay for data per gig and use 30% less data with brave. Good to know how much advertising is freeloading off my data plan.Destroy the digital advertising monopolies. Render advertising model useless. Block the delivery of the ads and viewability and the value of advertising goes to zero.Apple bees to destroy Google and Facebook and protect their customer by offering true ad free internet experience. Block advertising and tracking by default.Cheers,Pigpen

In reply to by Dr. Engali

FreeNewEnergy pigpen Mon, 09/25/2017 - 11:05 Permalink

Pigpen, as an internet publisher, I must object to your call to "render advertising model useless."If you are successful, you will find that the only places you'll be able to find information is from sites owned by the mainstream media. Many websites - myself included - rely on advertising for some of their revenue. Eliminating that revenue will force some of these independent websites either out of business or into a paid subscription model, which you will find equally distasteful.And, as far as this statement:

I pay for data per gig and use 30% less data with brave. Good to know how much advertising is freeloading off my data plan.

I have to submit that you are freeloading off websites by not showing their ads. As much as you want to protect your precious data from "freeloaders," I am quite certain that these websites also consider you a freeloader, because they make no revenue from you, albeit their "take" on your visit amounts usually to less than a penny per visit.So, go ahead and block all advertising. Do it to TV and radio, magazines and newspapers too. Then see what you have: a pay-only media run by well-heeled, well-connected companies which will feed you news and information only they want you to see and hear.You are, unwittingly, I'm sure, promoting censorship and anti-capitalistic practices.Instead, what Safari has done is good, limiting the tracking. Besides, tracking and showing "relevant" advertising is hardly a panacea. It's unproven and promulgated only because the technology was available. There are many ad serving companies that don't track and/or target. They're generalists. That's the way radio and TV ads work, and it's a proven method.Bottom line, don't wish too hard because you just might get what you want, but, I think you're just part of a small blinkered minority that doesn't see all the way through your selfish actions.Good day, sir.

In reply to by pigpen

pigpen FreeNewEnergy Mon, 09/25/2017 - 12:00 Permalink

Freenewenergy, the internet business model needs to change radically. I expect implosion as you referenced. News and information and advertising don't work. Media needs to be either sponsored as public good or consumers need to find value for your content and pay for it with subscription.Hate Facebook and Google for destroying media and the race to the bottom for valuing eyeballs.Consumers should never be the product. Looking forward to new business models to monetize internet. But glad to see the game board get flipped over in the process.Why shouldn't the eyeballs get paid in the advertiser publisher relationship?I will let you answer that question.Cheers,Pigpen

In reply to by FreeNewEnergy

WillyGroper FreeNewEnergy Mon, 09/25/2017 - 13:30 Permalink

"anti-capitalistic practices"that's funny!forced to upgrade Itunes with a cloud caveat which i do not these licensing're a hostage unless you agree to 3rd party crap being loaded & i don't care which OS you're upgrade the software on my scanner, i had to agree to 3 parties spyware.didn't agree.

In reply to by FreeNewEnergy

GreatUncle pigpen Mon, 09/25/2017 - 12:10 Permalink

TBH if you get off microsoft / apple and google OS onto Linux because all the monitoring is curtailed even Firefox is quick. Never have a problem with ZH if on Linux I do if on Microsoft and same browser.Hence my machine is now Linux and has been for a while running a windows PC only for custom programming for a company. 

In reply to by pigpen

napples Dr. Engali Mon, 09/25/2017 - 10:53 Permalink

I am a fan and former user, so if nothing else, use Brave!
However, for more granular control I use PaleMoon(yes, yes, out of date) with the uBlock origin to mitigate the vuln exploits, tracking & ads(my preferred add-on NoScript doesn't work at all). If anyone knows of a maintained, extension/addon capable mobile browser that isn't Google(or use spurious Google platform components, like Brave's password manager, etc), I'm all ears.

In reply to by Dr. Engali

Endgame Napoleon Dr. Engali Mon, 09/25/2017 - 18:51 Permalink

One thing: How do you think sites like this will survive if no one looks at ads? They have to pay the Tyler's with money from somewhere. They do not get government handouts for reproducing.

Google and all of the tech companies employ surprisingly few humans, including few American citizens, adding up to under 500,000 citizens if you count all of them. It is amazing given the tech companies' prominence on the stock market. But they pay the humans they do employ well, unlike most industries.

I do agree with you about privacy, though. I also do not like targeted ads. I think targeted ads inhibit consumption. Maybe, they did not always have that effect. But the more intrusive the AI, the more it feels like you have no privacy and no freedom in shopping.

But ads, in general, have always financed the publishing industry, even back in the 19th century, long before browsers, search engines, etc. So, if you like to read news that is not controlled by government, you should hate ads only to a point. If the ads go away, we will get a snowflake-run version of the BBC.

In reply to by Dr. Engali

cherry picker Mon, 09/25/2017 - 09:19 Permalink

Outlaw cookiesWhen a company puts a tracking device on your computer in your home that is trespassing, break and enter in my mind.The computer or phone is your property.This has gotten way out of control

ToSoft4Truth evoila Mon, 09/25/2017 - 10:14 Permalink

We don't have options if we participate in the modern world. I called Fidelity a few weeks ago.  I was auto-enrolled into their "MyVoice" Voice Recognition Technology for added security.  I had no choice. One day government will ask Fidelity to do a data-dump.  Then government will have my voice print. 

In reply to by evoila

silverer Mon, 09/25/2017 - 09:24 Permalink

This was addressed a while back by the open source community. It has several names. Liberty, freedom, the right to choose. IceCat, OpenOffice, TOR, NoScript, etc..

Monty Cello Mon, 09/25/2017 - 09:21 Permalink

So advertisers are beginning to decry the destruction of their economic model? Time to call up some friends in Congress and enshrine it in law. Cram it down our throats for a century.

Endgame Napoleon Monty Cello Mon, 09/25/2017 - 19:01 Permalink

Maybe, some tech companies need to come up with apps, payment options and such to help consumers preserve their privacy. You should have card options that do not involve giving all of your information to retailers, for instance. You should not have to identify everything about yourself--or anything, really, even your name--to buy a box of cereal. Westerners are less and less middle class and prosperous all the time, and we have even lost our privacy and freedom of movement in the most basic areas of life, like buying a loaf of bread. It is ridiculous.

In reply to by Monty Cello