Continued Crackdown On Tracking

What’s up?

There has been much going on in terms of ensuring user privacy, protecting data security, being sensitive, staying personalized, and all that. Big tech is struggling to put its finger in every pie: placate users who demand to abandon tracking and profiling, while getting ad budgets from the advertisers who still largely rely on tracking data.

We have heard of such things as ATT, IDFA, FLoC, and Privacy Sandbox. But these ideas change, develop, get scrapped and replaced. Today, we unwrap some of these security solutions in greater detail.

Apple fights fingerprinting

App Tracking Transparency (ATT) privacy policy that has been introduced for all Apple devices after the release of iOS 14 has drastically limited the amount of user data available to marketers and advertisers. This has been the beginning of the end for third-party data. iOS 15 took it even further with opt-in prompts for tracking, email and geolocation security.

Now iOS 16 which is scheduled for release towards the end of 2022 is about to take the “security crusade” baton. Apple has been struggling with technically enforcing its ATT when it comes to device fingerprinting.

Device fingerprinting is a practice of using a combination of unique attributes linked to a specific device to build a fingerprint of said device and use it for false device attribution.

Concerning apps, SDK (software developer kit) and MMP (a variety of audio files) files were named by Apple as loopholes for creating fingerprints with an application update. However, banning those files or rejecting updates for apps that use said file extensions (as Apple planned earlier) would be catastrophic for the mobile software market.

A more elegant and feasible solution is to isolate SDKs and other potential “fingerprinters” from the general device environment. This is similar to what Google is doing for its Privacy Sandbox. On Android, each application operates within its own sandbox that limits interactions with other apps and the OS in general. On iOS, SDKs will also be vetted for ATT compliance and the data will go through Apple’s Private Relay system that masks sensitive device data.

Cookie alternatives from Google

Privacy Sandbox

The Privacy Sandbox for PC and mobile claims to provide the utmost data security without harming ad personalization (just like ATT). It’s supposed to be harder to collect personal information because of Google’s new mechanisms that block tracking and fingerprinting on both browsers and mobile devices.

Google has officially postponed the ban of third-party cookies until 2023 and still struggles to come up with a viable alternative. We all remember FLoC (Federated Learning of Cohorts) which did not do well. The idea was to create secluded anonymized cohorts in users’ browsers for advertisers to target. This project has been scrapped to much relief of many. The next project (that is not kindly welcomed either) is Topics which is a part of the Privacy Sandbox solution.

Topics

Google’s Topics API analyzes user browser history and determines user’s interests. If someone has been browsing for a new washing machine, that user is likely to be attributed to a “home appliances” group and will face more themed ads throughout the Internet. So users are browsing surrounded by a bunch of labels, some of them are thrown in for a bit of “info noise” and privacy. The data is stored locally for each user and is deleted after three weeks.

Topics have around 350 interest categories picked from a taxonomy, however, this number is likely to grow. There will be no “sensitive” labels based on race, gender, religion, etc. Users can access these categories to edit them. This solution has been released for public discussion and trial.

Is this (finally) a farewell to third-party data?

We are still not convinced. Apple brings forward one security feature after another, still not being able to live up to all the claims in reality. Google keeps on trying and failing with cookie substitutes and only raises more questions and objections from the onlookers. It seems like the route towards “personalized security” will be much longer than anybody expected.