This article is more than 1 year old

Apple arms web browser privacy torpedo, points it directly at Google's advertising model

Safari tech ready to be ignored by online ad giants like all other privacy proposals

Apple's WebKit team, which develops the plumbing beneath the iGiant's Safari browser, has proposed a way that online ads can be measured while maintaining the privacy of those browsing the internet.

The proposal is called Privacy Preserving Ad Click Attribution For the Web and its available for testing as an experimental feature in Safari Technology Preview 82+. It's a way of providing click attribution – linking an ad click to an event like a purchase – that lets advertisers measure ad effectiveness without relying on potentially invasive cross-site tracking.

"Critically, our solution avoids placing trust in any of the parties involved — the ad network, the merchant, or any other intermediaries — and dramatically limits the entropy of data passed between them to prevent communication of a tracking identifier," explains John Wilander, a web engineer at Apple, in a blog post.

In a typical scenario, an internet user conducting a Google Search might see an ad displayed in a list of search results and click on it to buy the advertised item. The store web page would request a tracking pixel from Google to report back user interactions, in order to attribute the purchase to the search ad.

The new WebKit mechanism would have Google, or whatever site is hosting the ad, store the ad click. The destination site would connect conversions – desired actions like a purchase – to the stored ad click. It would do so by using a tracking pixel request to Google that gets redirected back to the merchant site to confirm an ad campaign identified by a specific number worked.

The proposal limits ad campaign identifiers to a range from 0 to 63 in order to prevent the number from becoming a unique identifier.

The task of reporting the attribution to the ad source would fall to the browser. "Once the browser has matched a conversion against a stored ad click, it sets a timer, randomized between 24 and 48 hours," explains Wilander. "When that timer fires, the browser makes an ephemeral, stateless POST request to the same well-known location."

Handy, but marketing

The proposal is consistent with Apple's attempt to occupy the moral high-ground of technology by championing privacy at the expense of the surveillance capitalism embodied by Google and Facebook. Note this is for Western iThing users only, if you're a Chinese customer privacy is just a distant dream.

Augustine Fou, a cybersecurity and ad fraud researcher who advises companies about online marketing, expressed enthusiasm for Apple's ad tech in an email to The Register.

"The protocol is great, but it may be too big of a change for most ad tech to understand and then deploy," he said.

"Simple things like order numbers won't be leaked in plain text as query strings on the url; and important things like user IDs are also not leaked in the same way. For years, ad tech middlemen have been harvesting user IDs by simply reading them off the urls since they were literally in plain text and even conveniently marked for them."

Consumers may find Apple's promise of privacy appealing but the ad industry isn't exactly clamoring to know less. Fou said this isn't something the ad industry wants. "It will be ignored, delayed, suppressed, and argued against, like DNT and every other privacy initiative before it," he said.

Apple Safari icon

One step forward and one step back for Apple's privacy campaign with latest Safari build


However, given recent political interest in revisiting ad tracking limitations, there's a chance regulators may get behind Apple's proposal.

The technology doesn't address ad fraud specifically – which is a broad topic – but could help reduce a specific form of it, ad attribution fraud. Fou explains that's when miscreants click the attribution URL repeatedly to ensure they are the last click and thus get paid the attribution bounty.

Apple's attribution scheme also isn't a complete privacy solution for the web; rather it needs to be considered in conjunction with other info-limiting systems like the company's Intelligent Tracking Protection.

Fou doesn't see the technology as a threat to Google's data gathering – look to Amazon for that. "Google can scan users' Gmails to see what items they bought," he said. "That is why Amazon removed the list of products from order confirmation emails and require the user to click and login to Amazon to see the order details."

If privacy-preserving attribution takes hold, the hardest hit companies are likely to be marketing attribution platforms, said Fou. ®

More about


Send us news

Other stories you might like