Read the original article on Digiday here.
Marketers continue to avoid Apple’s harsh reality of a world without individual tracking, but it’s getting harder to avoid the consequences of doing so.
This realization is getting starker among marketers trying to make sense of Apple’s barrage of privacy safeguards just days after they were announced at its Worldwide Developers Conference. In fact, there’s a growing consensus in the days since the event that the company has spent a lot of time thinking through ways to close off potential loopholes in its privacy plan.
Whether it’s allowing people to obfuscate their email address or becoming the place where they upload their government-issued identity, Apple’s devices are being positioned as safe havens bereft of shady tracking techniques. Time will tell how this shakes out, but Apple is clearly trying to close the gap between the perception of its commitment to privacy and reality.
“Much of Apple’s privacy moves are designed to block fingerprinting and the use of alternative third-party identifiers,” said Shumel Lais, CEO of mobile advertising intelligence business Appsumer.
In this regard, the latest updates make it even more difficult for companies to get away with this type of malfeasance. It clearly didn’t sit well with Apple that some marketers were still using fingerprinting, or gathered up data points on someone’s device to identify them without their consent, despite the presence of the App Tracking Transparency barrier.
New tools like the “App Privacy Report” will provide some transparency here, giving Apple’s customers an overview of how apps are using their data, whether that’s what data is being shared or which third-party properties the app is contacting. This overview should make it easier for people to spot if and when apps are abusing their privacy. As Lais explained: “The transparency of the new ‘App Privacy Report’ will remove some of these underhand tactics and likely lead to apps that flout the rules being rejected by the App Store.”
But Apple’s reality check for privacy mavericks doesn’t stop there.
When the company removed third-party cookies from Safari in 2017, it effectively deleted the workhorse for identity from the bid stream. In response, marketers started to use IP addresses to build a fingerprint as a replacement identifier. Now, Apple has put those workarounds on notice with its own version of a Virtual Privacy Network to hide IP address information — Private Relay.
In a nutshell, the service lets people mask their IP address by sending their browser traffic through two relays. There are, however, concessions that limit the scope of this safeguard. Not only will the service be unavailable in certain markets like China, but it will also only be restricted to non-encrypted traffic for apps. In other words, Private Relay is a layer in addition to any other encryption on the traffic — albeit one that’s far from functionally ideal.
Nevertheless, it serves as another reminder to marketers that only Apple has access to new iOS users.
“It’s because IP addresses have a consent issue, and any attempt by ad tech to avoid that consent flow is seen as a negative by Apple,” said Joe Root, CEO of data management provider Permutive. “From an advertising and consent perspective, in many ways, IP addresses are worse, as they can’t be changed — they are persistent in a way that cookies are not.”
Here’s the kicker.
Apple is making it more difficult for marketers to track people through the emails they send.
It is limiting the amount of data that marketers who send emails to people can collect about them via its Mail Protection Privacy safeguard while making it harder to match those addresses between different businesses through the “Hide my Mail” feature. The former threatens to upend a booming newsletter industry while the latter could kneecap identifier solutions like the Unified ID 2.0.
It’s in the ad tech industry’s nature, however, to push back against restrictions. Apple may have made it harder to flout its rules, but there’s already talk of workarounds to how marketers might offset people using random “burner” email addresses to avoid being tracked. Tricky as this, goes the thinking, it’s not impossible to do.
In theory, companies could scan for patterns across the different burner emails that can be traced back to the original one. Granted, there’s a chance those onetime addresses have no reference to the main one, but that won’t stop some companies from trying in the first instance especially if there’s scale as a result of more people using the feature as part of the paid-for iCloud+ service. Regardless, using emails this way is subject to ATT consent, so anyone trying to do email mapping without that consent will be risking rejection by Apple.
“This may be more possible for the burner emails created for Apple’s Single Sign-On feature, where you will see IP addresses within apps, but it would be a violation of the Terms and Conditions so apps run the risk of being booted,” said one ad tech exec who asked to remain anonymous so as not appear to encourage companies to bypass Apple’s privacy measures.
Still, Apple seems more than prepared to play this game of cat and mouse. After all, the company isn’t even actively enforcing its big no-go area of fingerprinting. Rather, it has chosen — at least for now — to create technological barriers. In effect, Apple is approaching privacy the same way it has done hardware development. That’s to say it’s incremental, not innovative, in so far as each privacy update — at least to date — seems to have loopholes that can be exploited and then subsequently fixed — clear and far-reaching as they are.
“The litmus test for Apple’s “Privacy” credibility (despite the high production commercials around privacy) will be directly related to how veracious they are in enforcement,” said Charles Manning, CEO of Kochava. “While they have been quick to highlight that they are enforcing via technology (ATT, Private Relay, Hide My Email), they have not been as clear around policy enforcement.”
Ultimately, Apple’s announcements give clarity to app marketers who have had to contend with plenty of uncertainty over its true intentions.
It’s now clear that Apple is setting itself up to be the proxy for all internet traffic. All traffic will run through its servers, enabling the business to do a deeper level of profiling than is currently possible should it choose to prioritize its own ads business. This, in and of itself, has raised big concerns among some marketers who question whether Apple can be trusted as the guardians of all consumer privacy.
“Apple’s recent announcement continues its affront on publishers and the free Internet, under the guise of consumer privacy,” said Aaron McKee, chief technology officer at mobile ad tech vendor Blis.
The more marketers find loopholes to push through Apple’s safeguards, the easier it is for the company to justify its hardline stance on tracking.
“It is now making it harder for publishers to provide free content and fund their businesses,” said McKee. “Advertising will continue to exist, but consumers will likely see lower-quality ads from less reputable advertisers. As a result, many publishers will need to explore paywalls, subscriptions or microtransactions to survive. Not coincidentally, Apple benefits disproportionately from this shift, as it’s a major driver of its revenue stream.”