How Apple’s Private Relay could be the beginning of the end for fingerprinting on iOS devices
It’s been three months since Apple’s privacy safeguard arrived and ad execs are still trying to make sense of the company’s stance on tracking — or lack of one. Specifically, when it comes to fingerprinting, the much-maligned tracking technique Apple aimed the safeguard at.
As it stands, there are still instances of companies gathering data points from a person’s device so they can be tracked across apps and sites even when they have declined to do so. Recent reports from Digiday and the Financial Times are testaments to this.
And herein lies the rub for ad execs. Apple has told them fingerprinting is off-limits but doesn’t seem to be aggressively enforcing this policy. Few execs, however, believe this perceived inaction will last. Eventually, goes the thinking, Apple won’t need to enforce a policy like ATT to rid its mobile operating system of fingerprinting — it will have the technology to block it from ever happening in the first place. The reason: Private Relay.
Private Relay renders a person’s IP address useless for fingerprinting because it redirects web traffic through two separate servers. Granted, an IP address is just one of many aspects that make a fingerprint of someone’s behavior on a device — but it’s an important one.
“We view this [Private Relay] as a precursor to Apple using welcome technical solutions to break fingerprinting,” said Shumel Lais, CEO of mobile advertising intelligence business Appsumer.
That said, the current version of Private Relay won’t be much of a deterrent against fingerprinting. It only obfuscates traffic coming from the web and a tiny amount of app traffic (specifically encrypted HTTP app traffic). But app traffic is where fingerprinting is rife.
There are other loopholes in Private Relay that could be exploited. For instance, Private Relay restricts traffic apps send over an insecure web connection (HTTP). So apps that use an IP address for fingerprinting could theoretically work around this by using a secure web connection or some other transport protocol. This may lead to a “cat and mouse game” between Apple, ad tech vendors with fingerprinting solutions, and the apps integrating them, said Aaron McKee, chief technology officer at mobile ad tech vendor Blis.
Private Relay is also only for paying Apple customers for its upcoming iCloud+ service. Although it will undoubtedly cover a large number of iOS users when it launches later this year, it won’t be all of them. Of course, this could change over time in the same way the breadth of traffic obfuscated could be broadened. As Lais explained: “Overall, we’d view it [Private Relay] as them [Apple] testing the technical solutions on smaller subsets of users before rolling them to a wider audience.”
In a sense, Private Relay is posed to be the pebble in the pond that creates the ripple that turns into the third wave of privacy change around identifiers. This after the industry was hit by the first wave of device IDs, followed by cookies.
Regardless of how Private Relay will evolve, it will do so in slow motion.
“Apple needs to be careful when it uses its market position in a way that could be interpreted as either anti-competitive or too dictatorial,” said Nii Ahene, chief strategy officer at digital agency Tinuiti. “This is why there’s a gradual rollout of Apple’s privacy plan. The company communicates what it will do early, starts to have conversations behind the scenes, and then over some time the enforcement of the ATT policy starts to kick in.”
Some execs believe this enforcement could kick in soon. After all, Private Relay is the easy answer to the fingerprinting question in the future — not now.
Indeed, there are apps in the iOS App Store that use measurement and attribution tools to circumvent Apple’s guidance around tracking to varying degrees. This flies in the face of Apple’s marketing, which prides itself on giving customers choice over the companies they do and don’t want to be tracked by. Apple will only tolerate companies who flout its rules for so long before it reacts with force.
Otherwise, its customers could start to feel like their choices not to be tracked are meaningless when they click on an ATT prompt in their favorite app. It makes it hard to discount the possibility that Apple enforces its policies in a non-technical way even before the next major update to its operating system via the App Store approvals and notices of non-compliance with Apple AppStore rules.
“If I were the marketing lead for one of those companies using another measurement tool that is not complying, I would be concerned about the board-level discussion that happens when my company gets a notice of removal of my apps because I looked the other way despite Apple’s year-long guidance,” said Charles Manning, CEO of mobile attribution analytics firm Kochava.
Horizon Media agencies ply new ground with incentive-based deals tied to compensation
Horizon Media agencies Big and Blue Hour cut an unusual incentive-based deal with DTC company Windmill, which lets client and agency make money if goals are reached.
How job seekers are standing out and staying top of mind during virtual job interviews
Candidates are competing for jobs on a computer screens so they are doing whatever they can to make their personalities and skills stand out.
As in-game ads expand, ad tech firms look to level up their services
As developers look to integrate advertisements more seamlessly into their titles, ad tech companies are rising to meet the challenge.
SponsoredHow the ad industry can use its borrowed time to future-proof first-party data solutions
Trent Lloyd, co-founder and head of brand solutions, Eyeota Google’s updated timeline for its Privacy Sandbox rollout, including its two-year delay of third-party cookie deprecation on Chrome, didn’t come as a surprise to many industry observers, given the limited utility of Google’s FLoC and the slow momentum of the Privacy Sandbox in the World Wide […]
‘We found a more engaged audience’: Why Kajabi is increasing its media spending on TV now
Kajabi, a SaaS company founded in 2011, isn’t alone in reconsidering advertising on TV as DTC brands have added more TV to the mix.
‘Marketers have to shift their expectations’: Despite turmoil in parts, Facebook’s ads business holds up against Apple’s privacy crackdown
Facebook’s resilience shouldn’t take anything away from the turmoil many of its advertisers are currently experiencing.