Small businesses count cost of Apple’s privacy changes

Small businesses count cost of Apple’s privacy changes

Enlarge (credit: Kentaroo Tryman | Getty Images)

Small businesses are cutting back marketing spending due to Apple’s sweeping privacy changes that have made it harder to target new customers online, in a growing trend that has led to billions of dollars in lost revenues for platforms like Facebook.

Apple last year began forcing app developers to get permission to track users and serve them personalized adverts on iPhones and iPads in changes that have transformed the online advertising sector.

Many small companies which are reliant on online ads to attract new customers told the Financial Times they did not initially notice the full impact of Apple’s restrictions until recent months, when price inflation squeezed consumer demand in major markets worldwide.

Read 21 remaining paragraphs | Comments

#advertising, #apple, #biz-it, #policy, #privacy, #tech, #tracking

Facebook is receiving sensitive medical information from hospital websites

Facebook is receiving sensitive medical information from hospital websites

Enlarge (credit: Aurich Lawson | Getty Images)

A tracking tool installed on many hospitals’ websites has been collecting patients’ sensitive health information—including details about their medical conditions, prescriptions, and doctor’s appointments—and sending it to Facebook.

The Markup tested the websites of Newsweek’s top 100 hospitals in America. On 33 of them we found the tracker, called the Meta Pixel, sending Facebook a packet of data whenever a person clicked a button to schedule a doctor’s appointment. The data is connected to an IP address—an identifier that’s like a computer’s mailing address and can generally be linked to a specific individual or household—creating an intimate receipt of the appointment request for Facebook.

Read 65 remaining paragraphs | Comments

#facebook, #healthcare, #meta, #policy, #privacy, #science, #tracking

Your iOS app may still be covertly tracking you, despite what Apple says

Your iOS app may still be covertly tracking you, despite what Apple says

Enlarge (credit: Getty Images)

Last year, Apple enacted App Tracking Transparency, a mandatory policy that forbids app makers from tracking user activity across other apps without first receiving those users’ explicit permission. Privacy advocates praised the initiative, and Facebook warned it would spell certain doom for companies that rely on targeted advertising. However, research published last week suggests that ATT, as it’s usually abbreviated, doesn’t always curb the surreptitious collection of personal data or the fingerprinting of users.

At the heart of ATT is the requirement that users must click an “allow” button that appears when an app is installed. It asks: “Allow [app] to track your activity across other companies’ apps and websites?” Without that consent, the app can’t access the so-called IDFA (Identifier for Advertisers), a unique identifier iOS or iPadOS assigns so they can track users across other installed apps. At the same time, Apple also started requiring app makers to provide “privacy nutrition labels” that declared the types of user and device data they collect and how that data is used.

Loopholes, bypasses, and outright violations

Last week’s research paper said that while ATT in many ways works as intended, loopholes in the framework also provided the opportunity for companies, particularly large ones like Google and Facebook, to work around the protections and stockpile even more data. The paper also warned that despite Apple’s promise for more transparency, ATT might give many users a false sense of security.

Read 8 remaining paragraphs | Comments

#apple, #apps, #biz-it, #ios, #privacy, #tracking

Apple reaches quiet truce over iPhone privacy changes

A privacy notice appears on an iPhone 12 under the new iOS 14.5.1 operating system. Developers of an application have to ask for the user's permission to allow cross-app tracking.

Enlarge / A privacy notice appears on an iPhone 12 under the new iOS 14.5.1 operating system. Developers of an application have to ask for the user’s permission to allow cross-app tracking. (credit: Picture Alliance | Getty Images)

Apple has allowed app developers to collect data from its 1 billion iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy.

In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to “Ask App Not to Track,” he clicked it and they vanished. Apple’s message to potential customers was clear—if you choose an iPhone, you are choosing privacy.

But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.

Read 15 remaining paragraphs | Comments

#facebook, #ios, #iphone, #meta, #policy, #privacy, #targeted-advertising, #tech, #tracking

After years of inaction against adtech, UK’s ICO calls for browser-level controls to fix ‘cookie fatigue’

In the latest quasi-throwback toward ‘do not track‘, the UK’s data protection chief has come out in favor of a browser- and/or device-level setting to allow Internet users to set “lasting” cookie preferences — suggesting this as a fix for the barrage of consent pop-ups that continues to infest websites in the region.

European web users digesting this development in an otherwise monotonously unchanging regulatory saga, should be forgiven — not only for any sense of déjà vu they may experience — but also for wondering if they haven’t been mocked/gaslit quite enough already where cookie consent is concerned.

Last month, UK digital minister Oliver Dowden took aim at what he dubbed an “endless” parade of cookie pop-ups — suggesting the government is eyeing watering down consent requirements around web tracking as ministers consider how to diverge from European Union data protection standards, post-Brexit. (He’s slated to present the full sweep of the government’s data ‘reform’ plans later this month so watch this space.)

Today the UK’s outgoing information commissioner, Elizabeth Denham, stepped into the fray to urge her counterparts in G7 countries to knock heads together and coalesce around the idea of letting web users express generic privacy preferences at the browser/app/device level, rather than having to do it through pop-ups every time they visit a website.

In a statement announcing “an idea” she will present this week during a virtual meeting of fellow G7 data protection and privacy authorities — less pithily described in the press release as being “on how to improve the current cookie consent mechanism, making web browsing smoother and more business friendly while better protecting personal data” — Denham said: “I often hear people say they are tired of having to engage with so many cookie pop-ups. That fatigue is leading to people giving more personal data than they would like.

“The cookie mechanism is also far from ideal for businesses and other organisations running websites, as it is costly and it can lead to poor user experience. While I expect businesses to comply with current laws, my office is encouraging international collaboration to bring practical solutions in this area.”

“There are nearly two billion websites out there taking account of the world’s privacy preferences. No single country can tackle this issue alone. That is why I am calling on my G7 colleagues to use our convening power. Together we can engage with technology firms and standards organisations to develop a coordinated approach to this challenge,” she added.

Contacted for more on this “idea”, an ICO spokeswoman reshuffled the words thusly: “Instead of trying to effect change through nearly 2 billion websites, the idea is that legislators and regulators could shift their attention to the browsers, applications and devices through which users access the web.

“In place of click-through consent at a website level, users could express lasting, generic privacy preferences through browsers, software applications and device settings – enabling them to set and update preferences at a frequency of their choosing rather than on each website they visit.”

Of course a browser-baked ‘Do not track’ (DNT) signal is not a new idea. It’s around a decade old at this point. Indeed, it could be called the idea that can’t die because it’s never truly lived — as earlier attempts at embedding user privacy preferences into browser settings were scuppered by lack of industry support.

However the approach Denham is advocating, vis-a-vis “lasting” preferences, may in fact be rather different to DNT — given her call for fellow regulators to engage with the tech industry, and its “standards organizations”, and come up with “practical” and “business friendly” solutions to the regional Internet’s cookie pop-up problem.

It’s not clear what consensus — practical or, er, simply pro-industry — might result from this call. If anything.

Indeed, today’s press release may be nothing more than Denham trying to raise her own profile since she’s on the cusp of stepping out of the information commissioner’s chair. (Never waste a good international networking opportunity and all that — her counterparts in the US, Canada, Japan, France, Germany and Italy are scheduled for a virtual natter today and tomorrow where she implies she’ll try to engage them with her big idea).

Her UK replacement, meanwhile, is already lined up. So anything Denham personally champions right now, at the end of her ICO chapter, may have a very brief shelf life — unless she’s set to parachute into a comparable role at another G7 caliber data protection authority.

Nor is Denham the first person to make a revived pitch for a rethink on cookie consent mechanisms — even in recent years.

Last October, for example, a US-centric tech-publisher coalition came out with what they called a Global Privacy Standard (GPC) — aiming to build momentum for a browser-level pro-privacy signal to stop the sale of personal data, geared toward California’s Consumer Privacy Act (CCPA), though pitched as something that could have wider utility for Internet users.

By January this year they announced 40M+ users were making use of a browser or extension that supports GPC — along with a clutch of big name publishers signed up to honor it. But it’s fair to say its global impact so far remains limited. 

More recently, European privacy group noyb published a technical proposal for a European-centric automated browser-level signal that would let regional users configure advanced consent choices — enabling the more granular controls it said would be needed to fully mesh with the EU’s more comprehensive (vs CCPA) legal framework around data protection.

The proposal, for which noyb worked with the Sustainable Computing Lab at the Vienna University of Economics and Business, is called Advanced Data Protection Control (ADPC). And noyb has called on the EU to legislate for such a mechanism — suggesting there’s a window of opportunity as lawmakers there are also keen to find ways to reduce cookie fatigue (a stated aim for the still-in-train reform of the ePrivacy rules, for example).

So there are some concrete examples of what practical, less fatiguing yet still pro-privacy consent mechanisms might look like to lend a little more color to Denham’s ‘idea’ — although her remarks today don’t reference any such existing mechanisms or proposals.

(When we asked the ICO for more details on what she’s advocating for, its spokeswoman didn’t cite any specific technical proposals or implementations, historical or contemporary, either, saying only: “By working together, the G7 data protection authorities could have an outsized impact in stimulating the development of technological solutions to the cookie consent problem.”)

So Denham’s call to the G7 does seem rather low on substance vs profile-raising noise.

In any case, the really big elephant in the room here is the lack of enforcement around cookie consent breaches — including by the ICO.

Add to that, there’s the now very pressing question of how exactly the UK will ‘reform’ domestic law in this area (post-Brexit) — which makes the timing of Denham’s call look, well, interestingly opportune. (And difficult to interpret as anything other than opportunistically opaque at this point.)

The adtech industry will of course be watching developments in the UK with interest — and would surely be cheering from the rooftops if domestic data protection ‘reform’ results in amendments to UK rules that allow the vast majority of websites to avoid having to ask Brits for permission to process their personal data, say by opting them into tracking by default (under the guise of ‘fixing’ cookie friction and cookie fatigue for them).

That would certainly be mission accomplished after all these years of cookie-fatigue-generating-cookie-consent-non-compliance by surveillance capitalism’s industrial data complex.

It’s not yet clear which way the UK government will jump — but eyebrows should raise to read the ICO writing today that it expects compliance with (current) UK law when it has so roundly failed to tackle the adtech industry’s role in cynically sicking up said cookie fatigue by failing to take any action against such systemic breaches.

The bald fact is that the ICO has — for years — avoided tackling adtech abuse of data protection, despite acknowledging publicly that the sector is wildly out of control.

Instead, it has opted for a cringing ‘process of engagement’ (read: appeasement) that has condemned UK Internet users to cookie pop-up hell.

This is why the regulator is being sued for inaction — after it closed a long-standing complaint against the security abuse of people’s data in real-time bidding ad auctions with nothing to show for it… So, yes, you can be forgiven for feeling gaslit by Denham’s call for action on cookie fatigue following the ICO’s repeat inaction on the causes of cookie fatigue…

Not that the ICO is alone on that front, however.

There has been a fairly widespread failure by EU regulators to tackle systematic abuse of the bloc’s data protection rules by the adtech sector — with a number of complaints (such as this one against the IAB Europe’s self-styled ‘transparency and consent framework’) still working, painstakingly, through the various labyrinthine regulatory processes.

France’s CNIL has probably been the most active in this area — last year slapping Amazon and Google with fines of $42M and $120M for dropping tracking cookies without consent, for example. (And before you accuse CNIL of being ‘anti-American’, it has also gone after domestic adtech.)

But elsewhere — notably Ireland, where many adtech giants are regionally headquartered — the lack of enforcement against the sector has allowed for cynical, manipulative and/or meaningless consent pop-ups to proliferate as the dysfunctional ‘norm’, while investigations have failed to progress and EU citizens have been forced to become accustomed, not to regulatory closure (or indeed rapture), but to an existentially endless consent experience that’s now being (re)branded as ‘cookie fatigue’.

Yes, even with the EU’s General Data Protection Regulation (GDPR) coming into application in 2018 and beefing up (in theory) consent standards.

This is why the privacy campaign group noyb is now lodging scores of complaints against cookie consent breaches — to try to force EU regulators to actually enforce the law in this area, even as it also finds time to put up a practical technical proposal that could help shrink cookie fatigue without undermining data protection standards. 

It’s a shining example of action that has yet to inspire the lion’s share of the EU’s actual regulators to act on cookies. The tl;dr is that EU citizens are still waiting for the cookie consent reckoning — even if there is now a bit of high level talk about the need for ‘something to be done’ about all these tedious pop-ups.

The problem is that while GDPR certainly cranked up the legal risk on paper, without proper enforcement it’s just a paper tiger. And the pushing around of lots of paper is very tedious, clearly. 

Most cookie pop-ups you’ll see in the EU are thus essentially privacy theatre; at the very least they’re unnecessarily irritating because they create ongoing friction for web users who must constantly respond to nags for their data (typically to repeatedly try to deny access if they can actually find a ‘reject all’ setting).

But — even worse — many of these pervasive pop-ups are actively undermining the law (as a number of studies have shown) because the vast majority do not meet the legal standard for consent.

So the cookie consent/fatigue narrative is actually a story of faux compliance enabled by an enforcement vacuum that’s now also encouraging the watering down of privacy standards as a result of such much unpunished flouting of the law.

There is a lesson here, surely.

‘Faux consent’ pop-ups that you can easily stumble across when surfing the ‘ad-supported’ Internet in Europe include those failing to provide users with clear information about how their data will be used; or not offering people a free choice to reject tracking without being penalized (such as with no/limited access to the content they’re trying to access), or at least giving the impression that accepting is a requirement to access said content (dark pattern!); and/or otherwise manipulating a person’s choice by making it super simple to accept tracking and far, far, far more tedious to deny.

You can also still sometimes find cookie notices that don’t offer users any choice at all — and just pop up to inform that ‘by continuing to browse you consent to your data being processed’ — which, unless the cookies in question are literally essential for provision of the webpage, is basically illegal. (Europe’s top court made it abundantly clear in 2019 that active consent is a requirement for non-essential cookies.)

Nonetheless, to the untrained eye — and sadly there are a lot of them where cookie consent notices are concerned — it can look like it’s Europe’s data protection law that’s the ass because it seemingly demands all these meaningless ‘consent’ pop-ups, which just gloss over an ongoing background data grab anyway.

The truth is regulators should have slapped down these manipulative dark patterns years ago.

The problem now is that regulatory failure is encouraging political posturing — and, in a twisting double-back throw by the ICO! — regulatory thrusting around the idea that some newfangled mechanism is what’s really needed to remove all this universally inconvenient ‘friction’.

An idea like noyb’s ADPC does indeed look very useful in ironing out the widespread operational wrinkles wrapping the EU’s cookie consent rules. But when it’s the ICO suggesting a quick fix after the regulatory authority has failed so spectacularly over the long duration of complaints around this issue you’ll have to forgive us for being sceptical.

In such a context the notion of ‘cookie fatigue’ looks like it’s being suspiciously trumped up; fixed on as a convenient scapegoat to rechannel consumer frustration with hated online tracking toward high privacy standards — and away from the commercial data-pipes that demand all these intrusive, tedious cookie pop-ups in the first place — whilst neatly aligning with the UK government’s post-Brexit political priorities on ‘data’.

Worse still: The whole farcical consent pantomime — which the adtech industry has aggressively engaged in to try to sustain a privacy-hostile business model in spite of beefed up European privacy laws — could be set to end in genuine tragedy for user rights if standards end up being slashed to appease the law mockers.

The target of regulatory ire and political anger should really be the systematic law-breaking that’s held back privacy-respecting innovation and non-tracking business models — by making it harder for businesses that don’t abuse people’s data to compete.

Governments and regulators should not be trying to dismantle the principle of consent itself. Yet — at least in the UK — that does now look horribly possible.

Laws like GDPR set high standards for consent which — if they were but robustly enforced — could lead to reform of highly problematic practices like behavorial advertising combined with the out-of-control scale of programmatic advertising.

Indeed, we should already be seeing privacy-respecting forms of advertising being the norm, not the alternative — free to scale.

Instead, thanks to widespread inaction against systematic adtech breaches, there has been little incentive for publishers to reform bad practices and end the irritating ‘consent charade’ — which keeps cookie pop-ups mushrooming forth, oftentimes with ridiculously lengthy lists of data-sharing ‘partners’ (i.e. if you do actually click through the dark patterns to try to understand what is this claimed ‘choice’ you’re being offered).

As well as being a criminal waste of web users’ time, we now have the prospect of attention-seeking, politically charged regulators deciding that all this ‘friction’ justifies giving data-mining giants carte blanche to torch user rights — if the intention is to fire up the G7 to send a collect invite to the tech industry to come up with “practical” alternatives to asking people for their consent to track them — and all because authorities like the ICO have been too risk averse to actually defend users’ rights in the first place.

Dowden’s remarks last month suggest the UK government may be preparing to use cookie consent fatigue as convenient cover for watering down domestic data protection standards — at least if it can get away with the switcheroo.

Nothing in the ICO’s statement today suggests it would stand in the way of such a move.

Now that the UK is outside the EU, the UK government has said it believes it has an opportunity to deregulate domestic data protection — although it may find there are legal consequences for domestic businesses if it diverges too far from EU standards.

Denham’s call to the G7 naturally includes a few EU countries (the biggest economies in the bloc) but by targeting this group she’s also seeking to engage regulators further afield — in jurisdictions that currently lack a comprehensive data protection framework. So if the UK moves, cloaked in rhetoric of ‘Global Britain’, to water down its (EU-based) high domestic data protection standards it will be placing downward pressure on international aspirations in this area — as a counterweight to the EU’s geopolitical ambitions to drive global standards up to its level.

The risk, then, is a race to the bottom on privacy standards among Western democracies — at a time when awareness about the importance of online privacy, data protection and information security has actually never been higher.

Furthermore, any UK move to weaken data protection also risks putting pressure on the EU’s own high standards in this area — as the regional trajectory would be down not up. And that could, ultimately, give succour to forces inside the EU that lobby against its commitment to a charter of fundamental rights — by arguing such standards undermine the global competitiveness of European businesses.

So while cookies themselves — or indeed ‘cookie fatigue’ — may seem an irritatingly small concern, the stakes attached to this tug of war around people’s rights over what can happen to their personal data are very high indeed.

#advertising-tech, #amazon, #california, #canada, #cookie-consent-notices, #cookie-fatigue, #cookies, #data-protection, #data-protection-law, #data-security, #do-not-track, #elizabeth-denham, #europe, #european-union, #france, #g7, #general-data-protection-regulation, #germany, #google, #ireland, #italy, #japan, #noyb, #oliver-dowden, #online-privacy, #online-tracking, #privacy, #tc, #tracking, #uk-government, #united-kingdom, #united-states, #web-tracking

Google Analytics prepares for life after cookies

As consumer behavior and expectations around privacy have shifted — and operating systems and browsers have adapted to this — the age of cookies as a means of tracking user behavior is coming to an end. Few people will bemoan this, but advertisers and marketers rely on having insights into how their efforts translate into sales (and publishers like to know how their content performs as well). Google is obviously aware of this and it is now looking to machine learning to ready its tools like Google Analytics for this post-cookie future.

headshot of Vidhya Srinivasan, VP/GM, Advertising at Google

Vidhya Srinivasan, VP/GM, Advertising at Google

Last year, the company brought several machine learning tools to Google Analytics already. At the time, the focus was on alerting users to significant changes in their campaign performance, for example. Now, it is taking this a step further by using its machine learning systems to model user behavior when cookies are not available.

It’s hard to underestimate the importance of this shift, but according to Vidhya Srinivasan, Google’s VP and GM for Ads Buying, Analytics and Measurement who joined the company after a long stint at Amazon two years ago (and IBM before that), it’s also the only way to go.

“The principles we outlined to drive our measurement roadmap are based on shifting consumer expectations and ecosystem paradigms. Bottom line: the future is consented. It’s modeled. It’s first-party. So that’s what we’re using as our guide for the next gen of our products and solutions,” she said in her first media interview after joining Google.

It’s still early days and a lot of users may yet consent and opt in to tracking and sharing their data in some form or another. But the early indications are that this will be a minority of users. Unsurprisingly, first-party data and the data Google can gather from users who consent becomes increasingly valuable in this context.

Because of this, Google is now also making it easier to work with this so-called ‘consented data’ and to create better first-party data through improved integrations with tools like the Google Tag Manager.

Last year, Google launched Consent Mode, which helps advertisers manage cookie behavior based on local data-protection laws and user preferences. For advertisers in the EU and in the U.K., Consent Mode allows them to adjust their Google tags based on a user’s choices and soon, Google will launch a direct integration with Tag Manager to make it easier to modify and customize these tags.

How Consent Mode works today.

What’s maybe more important, though, is that Consent Mode will now use conversion modeling for users who don’t consent to cookies. Google says this can recover about 70% of ad-click-to-conversion journeys that would otherwise be lost to advertisers.

In addition, Google is also making it easier for bring in first-party data (in a privacy-forward way) to Google Analytics to improve measurements and its models.

“Revamping a popular product with a long history is something people are going to have opinions about – we know that. But we felt strongly that we needed Google Analytics to be relevant to changing consumer behavior and ready for a cookie-less world – so that’s what we’re building,” Srinivasan said. “The machine learning that Google has invested in for years — that experience is what we’re putting in action to drive the modeling underlying this tech. We take having credible insights and reporting in the market seriously. We know that doing the work on measurement is critical to market trust. We don’t take the progress we’ve made for granted and we’re looking to continue iterating to ensure scale, but above all we’re prioritizing user trust.”

 

 

#advertising-tech, #amazon, #analytics, #articles, #computing, #european-union, #gm, #google, #google-analytics, #ibm, #machine-learning, #operating-systems, #tc, #tracking, #united-kingdom, #vp, #web-analytics, #world-wide-web

AirTag review: They work great—maybe a little too great

Apple’s AirTag is not a revolutionary new product. Rather, it’s a significant refinement of an idea that, up until now, has been fairly niche. It works very, very well, but it works so well it seems to undermine Apple’s attempts to focus its products on privacy and security.

We spent several days testing AirTags in different situations, and we found that they work stunningly well—at least in a dense urban environment with iPhones all around.

I can’t imagine recommending any of the preceding attempts at this concept over AirTags if you have an iPhone. (Sadly, Android users are quite literally left to their own devices—in more ways than usual, as you’ll see later in this review.)

Read 38 remaining paragraphs | Comments

#airtag, #apple, #bluetooth, #privacy, #tech, #tracking, #u1

Google illegally tracking Android users, according to new complaint

Google illegally tracking Android users, according to new complaint

Austrian privacy activist Max Schrems has filed a complaint against Google in France alleging that the US tech giant is illegally tracking users on Android phones without their consent.

Android phones generate unique advertising codes, similar to Apple’s Identifier for Advertisers (IDFA), that allow Google and third parties to track users’ browsing behavior in order to better target them with advertising.

In a complaint filed on Wednesday, Schrems’ campaign group Noyb argued that in creating and storing these codes without first obtaining explicit permission from users, Google was engaging in “illegal operations” that violate EU privacy laws.

Read 10 remaining paragraphs | Comments

#advertising, #eu, #google, #idfa, #policy, #privacy, #tech, #tracking

Google starts trialing its FLoC cookie alternative in Chrome

Google today announced that it is rolling out Federated Learning of Cohorts (FLoC), a crucial part of its Privacy Sandbox project for Chrome, as a developer origin trial.

FLoC is meant to be an alternative to the kind of cookies that advertising technology companies use today to track you across the web. Instead of a personally identifiable cookie, FLoC runs locally and analyzes your browsing behavior to group you into a cohort of like-minded people with similar interests (and doesn’t share your browsing history with Google). That cohort is specific enough to allow advertisers to do their thing and show you relevant ads, but without being so specific as to allow marketers to identify you personally.

This “interest-based advertising,” as Google likes to call it, allows you to hide within the crowd of users with similar interests. All the browser displays is a cohort ID and all your browsing history and other data stay locally.

Image Credits: Google / Getty Images

The trial will start in the U.S., Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand and the Philippines. Over time, Google plans to scale it globally. As we learned earlier this month, Google is not running any tests in Europe because of concerns around GDPR and other privacy regulations (in part, because it’s unclear whether FLoC IDs should be considered personal data under these regulations).

Users will be able to opt out from this origin trial, just like they will be able to do so with all other Privacy Sandbox trials.

Unsurprisingly, given how FLoC upends many of the existing online advertising systems in place, not everybody loves this idea. Advertisers obviously love the idea of being able to target individual users, though Google’s preliminary data shows that using these cohorts leads to similar results for them and that advertisers can expect to see “at least 95% of the conversions per dollar spent when compared to cookie-based advertising.”

Google notes that its own advertising products will get the same access to FLoC IDs as its competitors in the ads ecosystem.

But it’s not just the advertising industry that is eyeing this project skeptically. Privacy advocates aren’t fully sold on the idea either. The EFF, for example, argues that FLoC will make it easier for marketing companies that want to fingerprint users based on the various FLoC IDs they expose, for example. That’s something Google is addressing with its Privacy Budget proposal, but how well that will work remains to be seen.

Meanwhile, users would probably prefer to just browse the web without seeing ads (no matter what the advertising industry may want us to believe) and without having to worry about their privacy. But online publishers continue to rely on advertising income to fund their sites.

With all of these divergent interests, it was always clear that Google’s initiatives weren’t going to please everyone. That friction was always built into the process. And while other browser vendors can outright block ads and third-party cookies, Google’s role in the advertising ecosystem makes this a bit more complicated.

“When other browsers started blocking third-party cookies by default, we were excited about the direction, but worried about the immediate impact,” Marshall Vale, Google’s product manager for Privacy Sandbox, writes in today’s announcement. “Excited because we absolutely need a more private web, and we know third-party cookies aren’t the long-term answer. Worried because today many publishers rely on cookie-based advertising to support their content efforts, and we had seen that cookie blocking was already spawning privacy-invasive workarounds (such as fingerprinting) that were even worse for user privacy. Overall, we felt that blocking third-party cookies outright without viable alternatives for the ecosystem was irresponsible, and even harmful, to the free and open web we all enjoy.”

It’s worth noting that FLoC, as well as Google’s other privacy sandbox initiatives, are still under development. The company says the idea here is to learn from these initial trials and evolve the project accordingly.

#advertising-tech, #australia, #brazil, #canada, #computing, #google, #google-search, #india, #indonesia, #japan, #mexico, #new-zealand, #online-advertising, #philippines, #software, #tracking, #united-states, #web-browsers

Zuckerberg: Facebook could be in “stronger position” after Apple tracking change

Apple CEO Tim Cook on stage during an Apple event in September 2018.

Apple CEO Tim Cook on stage during an Apple event in September 2018. (credit: Valentina Palladino)

With Apple’s big app-tracking policy change just around the corner, Chinese companies drew a warning from Cupertino that their efforts to circumvent the change will not be successful. At the same time, Facebook CEO Mark Zuckerberg appeared to shift his messaging about the change.

Several months ago, Apple announced that it will require user opt-in for IDFA (Identifier for Advertisers), a tool that advertisers use to identify and track users across apps and websites. If users opt in, it will be business as usual. But if they decline, the app in question will not be able to use that tracking method. The change will apply to all iPhone and iPad apps, and it will take full effect in iOS 14.5, which is due out sometime in the next few weeks.

ByteDance, Baidu, and others push back

Press coverage so far has focused on US and European countries grappling with the change, particularly Facebook, which ran ads and looked into the possibility of an antitrust lawsuit to battle Apple’s decision. Several reports over the past few days have indicated that some major Chinese tech companies are no less determined to fight or get around Apple’s new policy.

Read 8 remaining paragraphs | Comments

#app-tracking, #app-store, #apple, #china, #id-for-advertisers, #idfa, #mark-zuckerberg, #privacy, #tech, #tim-cook, #tracking

Connected pet collar company Fi raises a $30M Series B

Pet tech company Fi today announced that it has raised a $30 million Series B. The round, led by Chuck Murphy of Longview Asset Management, follows a $7 million Series A raised back in 2019. The round values the startup at north of $200 million.

The New York-based startup specializes in connected dog collars, releasing its Series 2 device late last year. The second-gen version of the product brings some key hardware improvements to the pet tracking device, including battery optimization that gives up to three months of life on a charge (with an average of around 1.5, according to the company).

The device relies on Wi-Fi and Bluetooth, sending users a notification when a dog has traveled outside an AI-determined geofenced area.

The company has experienced solid growth since launching in March 2019, and says demand for its product continued to grow in spite of the COVID-19 pandemic. It’s still a fairly small operation, but Fi is working on growing its availability in the U.S. The product was made available on the mega-pet online retailer Chewy in Q4 of last year.

“There’s such a huge market in the U.S. that we’re just scratching the surface,” founder and CEO Jonathan Bensamoun tells TechCrunch. “We want to stay focused here. And really make this a household product. The number one limitation to growth is that people just don’t know we exist or that the category exists.”

The company says discussions with large brick and mortar pet retailers are currently “up in the air.” In addition to research, the funding round will go toward marketing and exploring additional retail partnerships to help grow the product’s footprint.

“We’ve been tracking Jonathan and the team at Fi for over a year now and have been incredibly impressed with their execution and rapid growth rate,” AVP partner Courtney Robinson says in a statement offered to TechCrunch. They have established themselves as the clear leader in the emerging category of connected collars, with a device that blows away the competition in terms of design, battery life, and accuracy.”

#fi, #funding, #hardware, #longview-asset-management, #pet, #pets, #recent-funding, #startups, #tracking

New browser-tracking hack works even when you flush caches or go incognito

New browser-tracking hack works even when you flush caches or go incognito

Enlarge (credit: Getty Images)

The prospect of Web users being tracked by the sites they visit has prompted several countermeasures over the years, including using Privacy Badger or an alternate anti-tracking extension, enabling private or incognito browsing sessions, or clearing cookies. Now, websites have a new way to defeat all three.

The technique leverages the use of favicons, the tiny icons that websites display in users’ browser tabs and bookmark lists. Researchers from the University of Chicago said in a new paper that most browsers cache the images in a location that’s separate from the ones used to store site data, browsing history, and cookies. Websites can abuse this arrangement by loading a series of favicons on visitors’ browsers that uniquely identify them over an extended period of time.

Powerful tracking vector

“Overall, while favicons have long been considered a simple decorative resource supported by browsers to facilitate websites’ branding, our research demonstrates that they introduce a powerful tracking vector that poses a significant privacy threat to users,” the researchers wrote. They continued:

Read 10 remaining paragraphs | Comments

#biz-it, #browsers, #favicons, #fingerprinting, #policy, #privacy, #tech, #tracking

Upcoming Apple privacy update has developers desperately seeking dodges

Social media applications are seen on an iPhone in this photo illustration in Warsaw, Poland, on December 17, 2020. Facebook has disabled several features on its Messenger app to comply with new data usage rules currently being put in place in the EU as part of the ePrivacy Directive. (Photo illustration by Jaap Arriens/NurPhoto via Getty Images)

Enlarge / Social media applications are seen on an iPhone in this photo illustration in Warsaw, Poland, on December 17, 2020. Facebook has disabled several features on its Messenger app to comply with new data usage rules currently being put in place in the EU as part of the ePrivacy Directive. (Photo illustration by Jaap Arriens/NurPhoto via Getty Images) (credit: Getty Images)

App developers are exploring surreptitious new forms of user tracking to evade Apple’s new privacy rules, which threaten to upend the mobile advertising industry in the coming months.

Early in 2021, an iPhone update will prevent apps from using advertising identifiers known as IDFA without obtaining each user’s explicit consent for targeting. Developers expect more than two-thirds of users will block tracking when they see a popup appear within their apps.

Some app makers say they plan to use invasive tracking techniques such as “device fingerprinting” to work around the new restrictions—even though doing so risks getting them thrown off the App Store if they are caught.

Read 13 remaining paragraphs | Comments

#apple, #apps, #policy, #privacy, #tech, #tracking

GitHub says goodbye to cookie banners

Microsoft -owned GitHub today announced that it is doing away with all non-essential cookies on its platform. Thanks to this, starting today, GitHub .com and its subdomains will not feature a cookie banner anymore, either. That’s one less cookie banner you’ll have to click away to get your work done.

“No one likes cookie banners,” GitHub CEO Nat Friedman writes in today’s announcement. “But cookie banners are everywhere!”

The reason for that, of course, is because of regulations like GDPR in the U.S. and the EU’s directive to give users the right to refuse the use of cookies that reduce their online privacy. The result, even though these regulations have the users’ best interest in mind, is the constant barrage of cookie banners you experience today.

“At GitHub, we want to protect developer privacy, and we find cookie banners irritating, so we decided to look for a solution. After a brief search, we found one: just don’t use any non-essential cookies. Pretty simple, really,” Friedman writes.

To be fair, for a service like GitHub, it may be a bit easier to do away with cookies than for most sites — and especially content sites (and yes, I’m well aware that you probably had to click away from a cookie popup when you came to TechCrunch, too. Feel free to tell me about the irony of that in the comments). GitHub, after all, has a paid product and an audience that likely uses extensions to block trackers and unnecessary cookies anyway. Because of this, the tracking data it gathered was probably not all that useful anyway. GitHub is one of the first large sites to make this move, though, and may be able to set a bit of a trend.

#computing, #cookies, #european-union, #github, #hacking, #microsoft, #online-privacy, #privacy, #tc, #tracking, #united-states

iOS 14 privacy settings will tank ad targeting business, Facebook warns

iOS 14 privacy settings will tank ad targeting business, Facebook warns

Enlarge (credit: Chesnot | Getty Images)

Facebook is warning developers that privacy changes in an upcoming iOS update will severely curtail its ability to track users’ activity across the entire Internet and app ecosystem and prevent the social media platform from serving targeted ads to users inside other, non-Facebook apps on iPhones.

The next version of Apple’s mobile operating system, iOS 14, is expected to hit an iPhone near you this fall. Along with its many new consumer-facing features, iOS 14 requires app developers to notify users if their app collects a unique device code, known as an IDFA (ID for Advertisers).

The IDFA is a randomly generated code that Apple assigns to a device. (Google assigns similar numbers to Android devices.) Apps can then use those codes to tie together user activity. For example, Facebook, a local shopping app, and a local weather app might all access that identifier. Facebook and other advertising businesses can then use that cross-app use data to place targeted ads for advertisers on other apps, which is what Facebook does with its Audience Network program.

Read 9 remaining paragraphs | Comments

#advertising, #apple, #biz-it, #facebook, #google, #ios, #ios-14, #policy, #privacy, #tracking

Apple’s Safari will soon tell you all the ad trackers watching you

Apple is turning the tables on invasive ad trackers.

The tech giant announced Monday a new privacy feature in its underdog browser, Safari, which will shine a spotlight on all of the ad trackers embedded on each article or website you visit.

Safari’s new anti-tracking feature sits in the top part of the browser next to the address bar, and blocks intrusive trackers as you browse the web. Users can also open the anti-tracker and view a privacy report, which details all of the trackers on the page. 

The page you’re reading, for example, had over 200 trackers on it when we checked.

Rival browsers, like Firefox and Brave, already have anti-tracking features built in.

It’s the latest feature that tries to turn the tables on the targeted ad and tracking industry. As targeted advertising became more invasive over the years, Apple has responded by bundling features to its software, like its intelligence tracking prevention technology and allowing Safari users to install content blockers that prevent ads and trackers from loading.

The new Safari features will land in the latest version of macOS Big Sur, expected out later this year.

#apple, #firefox-focus, #macos, #online-advertising, #privacy, #safari, #security, #software, #tracking, #web-browsers, #wwdc-2020