> As a partial mitigation, Apple is enabling an alternative way for advertisers to measure campaign success, with Private Click Measurement ad attribution now available in Safari Private Browsing mode. Private Click Measurement allows advertisers to track ad campaign conversion metrics, but does not reveal individual user activity.
While as a consumer I do objectively like the privacy measures Apple is adding, at end of the day they're simply consolidating all tracking power to themselves.
Private Click Measurement is a standard that Apple has proposed and is working with the W3C to standardize, as well as working with other browser manufacturers:
To my knowledge, Mozilla's design is the only one where someone other than the browser collects & reports on click activity, and with a fairly trustless anonymizing double blind strategy for those intermediaries.
Without the online advertising business Mozilla cannot survive. As such, they advocate for preserving the online ads business. They partner with an advertising company. And they derive profit in return.
Opinions may differ, but to me being an advocate for it is no better than being "in" the advertising business.
(Not to suggest Mozilla is worthless. Far from it. I use Firefox on mobile, although I use a browser sparingly.)
> Websites should not be able to attribute data of an ad click and a conversion to a single user as part of large scale tracking
I'm curious, do people generally care about this specifically, or is it the sharing of this information with third parties that's the problem?
I run Firefox with in-built privacy protection enabled and uBlock Origin. However, I'm not doing so because I want to stop the websites I frequent knowing which email of theirs I clicked. My concern is when they share my data with other parties whose services I'm not explicitly engaging with.
Attributing data to a single user is what allows 3rd parties to amass a detailed profile of you (by looking at all your data from many websites that all share with the same 3rd party).
I doubt people are educated enough to care about this specifically, but the tech industry should care.
Of course they can only do this because of their cult-like ecosystem and hugely inflated prices for hardware, software and services.
Without those sources of revenue, well, Apple would turn to data and whatnot too. Was only a while ago that Apple first switched on to the "private and secure" as a selling point, because much of their competition relies on it.
I think we can maybe expect other large tech companies to follow suit, not make money from data/advertising and instead raise their prices, wall their ecosystems as much as possible. Advertise tablets as "not computers". Come up with buzzy marketing stuff like "retina" for every little detail of their products.
Wait until Google implements something and shoves it down everyones throat in Chrome and then has all the Google fanboys claiming that its the best thing since sliced bread and thus should get implemented by every other browser just because Google did it?
That's how we ended up in the situation where Google shipped U2F, sites implemented their implementation and then when the standard WebAuthN was built it was not compatible so sites had to be updated to be standards compliant, and it took a while to do so.
Or when Google added WebP without clear consensus. Or when they added FLoC or Topics API, or whatever else they have cooked up. Or things like WebUSB, WebMIDI and others?
There's a glut of Chrome only sites out there, and it continues to grow as web developers test just on Chrome but not the other browser engines. It's turning into the next IE 6, I remember the time there were a lot of "Made for IE 6" logos and graphics on sites and they did not render well or at all in Netscape.
As much as the locking down of iOS is annoying for everybody technical, we should be somewhat thankful that Apple has ensured a large population of mobile safari users.
That's a pretty poor comparison, a lot of the Android vs iOS debate is more akin to buying a sports car and then finding out it won't go more than 50km/h outside of your own country.
Back before flagship prices inflated (due to Apple) people buying a $1k iPhone couldn't do something as simple as use a different keyboard. And of course the product is advertised as advanced tech, yadda yadda.
There's been a spate of things, custom keyboards, wallpapers, multi-tasking, installing apps from a store rather than built-in, home/lock screen widgets, default apps for certain files, PiP, app drawer, and so much more.
I don't consider companies being inspired by/adding features from the other, it's not theft when it's a good idea (unless it's Apple's, then you get sued). But for them to market the way they do while taking so long to add basic things like these, it's just ugh.
Keeping in mind, of course, there are plenty of people who won't turn off the TV because there's nothing on that they want to watch; they'll just pick the channel that is the least bad.
Except in every thread about iOS or Safari are a ton of people crying for real Chrome on iOS because Safari is the new IE 6 holding the web back by not implementing the new WebDogCam4 “standard” Google pushed out 2 days ago.
^ This, 100%. Chrome is by far the bad actor, and not only that, Safari is arguably the better browser even if strictly looking at "support for web standards" (but in many other ways as well).
The vitriolic hate it gets in many threads are completely misguided and likely the result of years-old opinions on it. In the last 3 years Safari dramatically accelerated development, leapfrogged Chrome in performance to a staggering degree, and basically became close to an ideal browser.
And nearly every so-called standard people point to to "prove" Safari is lagging behind is almost always just something Chrome pushed out without any consensus.
It's funny because I think the hate comes from Webkit being forced on iOS, but it often comes out as "Safari sucks it's the new IE" which is pretty much the opposite of true and undermines the point.
Safari used to be "the new late-IE" a few years ago. It lagged significantly behind other browsers and it kept intentionally holding back support for open standards and codecs, forcing websites to make Safari-specific workarounds whenever you wanted to do basic things (I had to write scripts to transcode Vorbis to MP3 when deploying a web game just so it could have sounds on Safari, for example).
These days Safari gets better indeed (through it's still a PITA in some areas), while Chrome is clearly "the new golden-days-IE" - which long-term is probably much worse than Safari could ever be.
As someone who grew up with mp3s, your example seems interesting because it seems like an example where you had to encode from something obscure (ogg) to the closest thing to a “universal” sound format as wav could be: MP3.
In that case doesn’t it seem like Google took an ideological stance by choosing a non-patent-encumbered codec instead of supporting mp3? And they could do it because of their dominance? Or is that not accurate?
Vorbis was ubiquitous on the Web way before Google had such influence over it as it has today, and MP3 was absolutely nowhere near universal. Firefox did not support MP3 for a while, and even once it did it relied on system codecs - and many distros didn't ship with MP3 support by default until its patents expired a few years ago.
Choosing non-patent-encumbered codecs for open standards is as much ideological as practical.
I’ve never seen Vorbis and ubiquitous in the same sentence. Besides Mozilla, who had Vorbis native support in their browser?
In practice, MP3 has had support on every platform since the mid 90s. I could probably count the number of times I’ve come across an ogg file being distributed on one hand.
> Besides Mozilla, who had Vorbis native support in their browser?
Pretty much everyone who implemented HTML5 audio for a few years, while MP3 support in the browser was initially barely heard of? Mozilla, Google, Opera, KHTML, WebKit... Safari and IE were the only outliers, and had tiny minority of market share for a while (not counting versions that didn't support HTML5 audio at all). Today only mobile Safari is still an outlier.
You couldn't use MP3 without Vorbis fallback on the Web for about a decade. Whenever you played audio in the browser without using Flash on anything else than iPhone, chances that it was Vorbis were very high for a good while. YouTube used it in WebM before switching to Opus. In fact, even AAC gained reasonable support on the Web earlier than MP3 did.
In practice, although very popular, MP3 was nowhere near universally supported until just a few years ago. I know that pretty well - I have posted patches to some projects that enabled MP3 support once its patents expired myself; I've also used to maintain websites based on HTML5 audio since 2009.
Non-patent-encumbered and standard are not the same thing at all. Platforms do not want to ship support for esoteric formats, and will fight back against adding anything not needed for long-term interoperability - for examples, see JPEG XL drama lately in Chrome.
This is for maintainability/security surface reasons as well as patent risks, as open/closed and standardized/bespoke axes have nothing to do with whether or not something is patent encumbered.
I haven't seen anyone re-evaluate it since Safari added Web Extensions on Mac and iOS a few years back.
Most likely not for same reasons ad blockers were freaked about Chrome's Manifest v3 push - browsers are trying to optimize away the latency from a massive synchronous javascript-based list check on page load, and the privacy risk that comes from these extensions having exposure to every page (and injecting their code into every page). Conversely, the web extension authors don't see the set of limitations as feasible.
But it is odd that uBlock Origin doesn't seem to have even issued a public-facing statement of even evaluating the functionality that is there in Safari.
No. Apple doesn’t let plugins hook in so much because the plug-in ends up seeing a ton of data about what the user browses, and they can slow the browser down if badly written.
Apple lets plugins provide lists of elements/css/IPs/etc to block. Safari processes them and is able to block stuff based on that extremely fast and power efficiently.
There is flexibility lost. Plug-ins can’t see which rules are/aren’t hitting. You can’t filter based on the content of a request.
So there are ad blockers, and they work well. But uBlock, as it works elsewhere (I know it’s considered the best), isn’t possible due to the trade offs Apple chose.
This isn’t true anymore, there are numerous ad blocking plugins that do the extensive blocking just like uBlock. May not be as good due to less active community, but the capabilities are there and a few of them are quite good.
Nope. Not at all. I think they’re doing great. Most of the stuff I see complain about here on HN are features I’m not sure should exist (web push notifications, hardware access), uBlock (there are other options), and some PWA stuff they’re doing but I do t think there is anywhere near the call for from users some developers think.
If Safari was as bad as so many claim it would have next to no desktop market share. But despite Google pushing Chrome at every opportunity tons of people like my self prefer Safari.
Apple has different priorities for Safari than Google does for Chrome. That’s fine. My priorities match Safari far better, I’m perfectly happy with how they’re doing things.
This is something that lots of people complain about but somehow I never experience. Not to doubt it—I’ve seen the complaint enough that I believe it—mostly I’m just confused as to how I’ve managed to dodge the problem.
Firefox and mobile Safari, so I guess I should experience it…
Hmm, many google web features not-so-subtly nudge you to install Chrome. Some outright block usage of anything other than Chrome. This has been going on for well more than a decade.
I regularly see small/medium websites which state they only work with Chrome, but I feel they do so at their peril.
I see some of those sites push people to install a "desktop app" if you do not use Chrome, which is of course an Electron-based app.
I also regularly see services that just fail for long runs of time on non-Chrome browsers due to complete lack of regression testing, or (slightly more generously) because they aren't testing their services against current releases of Firefox/Safari. Safari is more sensitive to this, both because of a much more active development tick compared to Firefox, and because it is leveraging system frameworks rather than a relatively static compatibility layer 'buffer'.
That's how nearly everything that is now a web standard came about. The web standards groups generally don't want to even consider something for standardization until someone has actually implemented it and deployed it.
It doesn't require them to be inflicted on all of the internet. And it most definitely doesn't require you to go ahead and redirect a huge chunk of ad income to yourself while "processing" the standard.
This is somewhere between anti-consumer and stealing.
> It doesn't require them to be inflicted on all of the internet. And it most definitely doesn't require you to go ahead and redirect a huge chunk of ad income to yourself while "processing" the standard.
I can't quite figure out who or what in particular you are talking about.
If the original topic, Apple/Safari do not charge for private click measurement, and Apple does not have any significant advertising platform for the web.
There are other more controversial uses of the technique - mobile game SDKs used tracking identifiers and other techniques to try to measure conversion and associate it to a persona, which Apple shut down with ATT. Apple added a PCM-like technology at about the same time so that advertisers could get broad metrics on advertising programs and conversion.
This is different/separate from more controversial uses, such as blocking in-app advertising/install conversion metrics and persona building. There, Apple _does_ have some competing interest in terms of the App Store ad platform.
No they wouldn't. I can't think of a single thing in any browser that was implemented after a standard was created. It's always been driven by one browser just doing a thing, then other browsers do it slightly differently, then the standards body comes together and they settle on the-one-true-way and everyone updates their support to match the standard.
It very much used to work like this, pretty much exclusively.
More recently, though (especially, the last couple of years), browser vendors work very closely with standards groups, contributing there, and looking for feedback from other browser vendors. At least in the CSS and JS space, the extensions to those standards have proceeded largely as a group effort rather than as you described.
There's pretty much always implementations, but it is a huge headache when people rely on behavior which is not yet stable.
The browsers have started to first ship things behind feature flags, and in Chrome's case also behind "Origin trials". We just have less need now for one browser to go off and define their own way for borders to be drawn as rounded rectangles.
I suspect we'll see some funky CSS extensions ship pre-standardization for VR headsets, though. Things like controlling the z-axis height of <dialog> and other elements.
I don't understand what's preventing me from manually removing these URL parameters as well, just like I currently do with UTM params when I copy/paste something into a chat app.
It's about clicks instead of sharing it. So it'll strip it when you click it, instead of copying the link, pasting it, then stripping and hitting enter. Workflow optimization basically :)
Also, more privacy by default seems like a good thing, not everyone understands URLs.
Not saying it's practical but you could add your own CA on each client device and the router MitMs.
Or, e.g. you can set a flag when building Firefox that will store the secrets necessary to decrypt those packets, and the client sends the secrets to the router which sniffs and decrypts on the fly.
You can, but these sorts of setups have historically been bad about evaluating the upstream certicate/CA chain for validity, and for things like proper certificate transparency.
This might be something a web extension could do, though.
That would be neat. I suspect the browser and/or OS would have to be aware of it though, in order to cooperate, in which case why not just have the browser/OS implement it?
It's a convenience feature. Manually cutting parameters out of a huge URL is a pain, and this feature might help to remove that pain. Nothing stops users from continuing to do it manually when they cut and paste URLs.
This is a very important revelation for people to have: the deal with Apple is they have complete control over your identity and data. It's slightly better than the deal with Google, FB, & Microsoft where they both control and sell your data to the highest bidder.
I still think Apple is doing the best in the marketplace with respect to security and privacy, but if we're being honest they're playing the role of benevolent dictator.
The thing is, the terms-of-service they give you that you agree to. That thing everyone skips. In it, Apple specifically says they don't track you or sell your data (but as you say, that could change). This is why when they do have any breach of that agreement...like when they said that some humans listen to Siri requests to make sure it's being accurate, they were sued for it. People hold their feet to the fire over anything they may flub. And since Apple doubles down on saying they're the best at privacy, more and more people are chomping at the bit to sue them or call them out on it. They have to tread carefully.
Google and Microsoft on the other hand blatantly say "yeah, we look over your shoulder at everything you do on the Internet...you know, to "help" you find what you're looking for or to feed more of it to you. And also, our advertisers would be very interested too". I mean, read THEIR TOS and marvel at it.
The amount of false information in this message is staggering. Apple never said they won't track you. Apple specifically says they collect this data[1]:
> Usage Data. Data about your activity on and use of our offerings, such as app launches within our services, including browsing history; search history; product interaction; crash data, performance and other diagnostic data; and other usage data.
> Health Information. Data relating to the health status of an individual, including data related to one’s physical or mental health or condition.
> Financial Information. Details including salary, income, and assets information where collected, and information related to Apple-branded financial offerings
Also, Siri hadn't been sued for breaking TOS AFAIK, but they were sued for leaking health records which they couldn't even after getting permission from the user. Also google selling user data is largely a myth.
> Apple never said they won't track you. Apple specifically says they collect this data[1]:
Indeed. Apple's concerns are about "third-party" tracking, e.g. multiple parties sharing information about you and building a persona without your awareness or consent.
They fully _expect_ users to build first-party relationships, such as having Apple understand, save, and perhaps provide insights or fraud detection around the transaction log of your usage of your Apple Card.
This is why Google's reaction to App Tracking Transparency was to effectively say "we'll be fine, we have lots of services, and we might push people to log in for features." This is also why Facebook's reaction was to freak out - because they had no legitimate relationships on which to base their web surveillance advertising product on, especially when it was being used to select advertisements for non-Facebook-users.
For first party relationships, the App Store has "privacy labels", to document the data you collect, save and share with processors. Behavioral information is around sharing correlating factors that would be used for third-party tracking.
Of all of them isn't Google the only one that is actually incentivized to keep the data they get on you to themselves, because of their business model? It sounds bad for Google when they sell their data to others, so they'd feed a competitor for personalized ads. I might be wrong tho.
It's obvious, but I want to make clear, that this doesn't make Google less scary or more trustworty. Avoiding Google is still advised imo.
Right as I understand it at least. Google's business model has never been to sell your data, despite how persistent that idea seems to be. Your data is Google's most valuable resource and they should be extremely motivated to protect it.
Google's primary interest is in building a relationship with you so it understands the kinds of information you want, and can sell people on preferential order of getting information to you.
They are primarily an information marketplace, and offer people free services so that they'll participate in that market.
Their secondary interest is in things like Adsense and in products like Doubleclick, which are where you worry about tracking and them building a behavioral persona of what you do across the entire internet.
However, Google doesn't need to even see this persona themselves - they just want to get the best ads in front of you to make marketing departments happy. Ideas like "privacy sandbox" are partially driven by this desire - give Google the value of gathering and correlating existing data and more, without the brand impact or risks of holding that data themselves.
The thing they give up is the ability to do cluster analysis across people/demographics to understand where and why an ad is performing. Targeting of advertisements remains a manual process and not a machine learning driven one.
Can you clarify “don’t track you”? Apple charges its advertisers for ad clicks and reports the conversion rate, so whether you make a purchase after clicking one of their ads is definitely tracked (conversion is the main big money tracking data point that Facebook and Google care about).
Reporting a conversion rate is not the same as reporting that _you_ as a particular user converted.
For advertising to remain a viable way to support portions of the web, advertisers need to understand the effectiveness of their programs and marketplaces need to understand the exposure.
Specifications like PCM are competing mostly around how to provide that, although there are also efforts to sandbox local personas to make ad presentation decisions on-device. Personally I'm not so much against those efforts, as it doesn't seem like a betrayal for my web browser to try to select information it thinks I'd more likely care about - as long as I can also choose how/if it does so.
While not technically correct "sell your data to the highest bidder" is close enough to what Google and FB are doing, and the distinction is irrelevant for most people.
Apple already does the same thing. Apple Search Ads is not limited to the same restrictions that Facebook and Google are with regards to iOS tracking and reporting for advertising attribution.
Remember that Apple's "debacle" there was to comply with US law. Their issue was that (at the time) they were responsible for encrypted data backup's contents. So they could either scan on your device before backing up, or scan on the cloud. Scanning on your device, while it sounds scarier, actually offered more privacy protections, because otherwise their cloud needed to see your unencrypted data. And it only scanned on your device if you wanted to move things to the cloud.
This is false. Apple already scans everything on iCloud for banned material serverside, as iCloud Photos and iMessage are, for most people, not e2ee, and never will be so long as e2ee is opt-in.
Even if you enable the e2ee features rolled out in the
last 12 months, your iMessages are still not e2ee unless all of your conversation partners have as well.
Also there is no US law demanding scanning of user data, your opening assertion refers to nonexistent requirements.
* iCloud Photo Library was not scanned for CSAM content at the time of the announcement, which Apple confirmed at the time.
* iMessage E2E encryption is not opt-in. There isn't even an opt-out.
* The "E2EE features" you might be referring to is Advanced Data Protection for iCloud Backups, which is not related to the iMessage protocol at all. You don't have any guarantees about what your recipients are doing with the data you send them, ever.
There is US law which is ambiguous about the requirement on data providers to check content for CSAM material, which many have interpreted to require a check. This is why every other major cloud provider does scan for the content.
> iMessage E2E encryption is not opt-in. There isn't even an opt-out.
This is incorrect. iCloud Backup escrows endpoint keys for "Messages in iCloud" to Apple every night in a non-e2ee fashion, which means that a non-endpoint has the keys, which means that iMessage is not e2ee.
Apple has real-time access to plaintext of almost every single iMessage that transits their service. The only case in which they don't is where both users either don't have iCloud Backup enabled or both users have enabled e2ee iCloud Backup.
The PSI system was pretty cool in my opinion. It was a very neat algorithm for obtaining information about set intersection in a privacy preserving way.
This is completely wrong. They are saying they only don't strip PCM parameters because these are anonymous and somewhat privacy preserving. Apple is still uninvolved in the link attribution or other tracking here.
As a consumer. I don't care. I'd rather Apple be the only ones with my data. Advertisers handed Apple this power by spending the last decade being as abusive as technically possible. I hope Apple shuts down the entire industry.
This was the same attitude that led Google where it is now. "Don't be evil" was really believed and accepted by huge part of their users, and compared to the sheer evil of Microsoft they sure looked like the better alternative.
> I hope Apple shuts down the entire industry.
On Apple's relationship with the ad industry, I have bad news for you.
> ... at end of the day they're simply consolidating all tracking power to themselves.
1. I'm still learning about 'private click measurement'. Does it reveal extra information to Apple? I would hope it is designed as a truthworthy protocol where cheating, even by Apple, is hard.
2. Welcome to another arms race: detecting and removing identifiers versus hiding them or using alternative mechanisms.
If Apple is taking on this challenge, do they have theoretical reasons to be optimistic? Practically, how well are they doing?
Yes they are. And they know it. Apple knows it. Microsoft, Google and Amazon all know it.
Privacy and security is the most scalable, reliable way to locking users in and stifling competition behind a lot of marketing about "protecting" users.
Anything an advertiser can track, they will use where they can to build a profile of you to identify you uniquely for targeting. Apple allowing ANY tracking measurements through incognito that isn't already naturally happening by the nature of incognito is too much.
Here is my take: Apple is being pro-privacy to lock-in consumers to their products
But they are nowhere as untouchable as they seem to think they are wrt to anti-trust laws. So, let them, in their arrogance, destroy surveillance-capitalism and get destroyed themselves for being uncompetitive. Let the beasts of greed eat each other.
I use uBlock Origin on Firefox on Android with "Actually Legitimate URL Shortener Tool" added but am weirdly conflicted on this news. If a user opts to kneecap advertising, that is soundly within their rights. If a company does the same against another company's advertising as a part of their normal business, I feel like the user becomes a pawn in some corporate warfare strategy.
Maybe it's because I think Apple is slowly building a parallel advertising ecosystem that is slightly less intrusive for users but massively more lucrative for themselves.
> I use uBlock Origin on Firefox on Android with "Actually Legitimate URL Shortener Tool" added
That's the problem. This is too complicated/too much trouble for the end user who just uses his iPhone via Safari. Do they the privacy and all that? Yes, will they go out of their way with all that trouble? No.
While you're not wrong that it's a company A fighting company B with users as pawns, it still is a win for the normal end user.
> Maybe it's because I think Apple is slowly building a parallel advertising ecosystem that is slightly less intrusive for users but massively more lucrative for themselves.
No. It's probably just because Apple is slowly building a parallel advertising ecosystem that is slightly less intrusive for users but massively more lucrative for themselves.
If there are two warring corporations, and one of them has a warfare strategy based on selling its customers tools to prevent the other corporation from tracking their content consumption, then sign me up for battle. I know which corporation I want to support.
Apple sells ads, so they’re financially motivated to track you just like the other ad companies. They might promise to not track us, but unless they’re audited by a 3rd party, we can’t assume they’re telling the truth.
AFAIK, Apple only sells ads within their own products. Meanwhile, I trust a company with $2.8T to lose more than almost any other actor to abide by the letter of their agreements.
>I trust a company with $2.8T to lose more than almost any other actor to abide by the letter of their agreements.
Woah, do not do this. Don't you remember the Butterfly keyboard denials, the 'holding the phone wrong', etc...?
The only reason you have trust is because they are the best company at marketing of all time. You were manipulated into trusting them. That is a huge red flag.
> If a user opts to kneecap advertising, that is soundly within their rights.
If it is a switch somewhere with the user actually getting a choice, then it is the user choosing it and Apple is just providing a mean to do it. Exactly like when the user chooses to install an extension, except that this is much easier, and therefore much more likely to be used because users hate tracking. This is well documented.
A company that makes a 30% cut on apps using customers as a pawn to make a worse browser experience pushing people into using app store apps?
Nothing is "less intrusive"... it's simply Apple making sure they get a larger cut of a larger market.
It's also why they enforce a shitty Safari unto their customers instead of allowing real browser choice. They are the new MS bundling shitty software to harm competitors and limit consumer choice.
If companies can install stuff outside of the app store to save a 30% a LARGE number of companies would absolutely do so. To say hamstringing the browser on iOS isn't a calculated choice to say "but you can install webapps* (* with shitty safari)" and then completely cock block web browser choice isn't a 100% calculated choice to limit consumer choice is a disingenuous lie.
"80%"
You think that Apple isn't going to hold onto the 20% come hook or crook? in any means necessary - including locking you to the App Store and the 30% cut - despite the fact that alternative payment methods are completely reasonable? and how much of that 80% is through games on the app store that REQUIRES a cut through their ham fisted and unreasonable restrictions? That's even more reason to give consumers and companies options outside of the app store and the mafia requirement for a cut.
> If companies can install stuff outside of the app store to save a 30% a LARGE number of companies would absolutely do so.
Again your banking app and even apps like Facebook and Reddit and most of the other apps that are not games, don’t monetize through the App Store. Even the large subscription streaming services like Netflix and Spotify don’t allow in-app purchases of subscriptions and haven’t for years.
> payment methods are completely reasonable? and how much of that 80% is through games on the app store that REQUIRES a cut through their ham fisted and unreasonable restrictions?
Your rant has absolutely nothing to do with whether if Safari was “better” would most of the revenue from the App Store - ie games - would move to the web.
That same 30% is what Google charges and around the same as what console maker charges.
Epic tried to move out of the Google Play store. It was an abject failure. Why do you think that Android app makers try to monetize outside of the Play Store?
> Your rant has absolutely nothing to do with whether if Safari was “better”
it absolutely has to do with Safari as the alternative - webapps. aka installing apps on the iOS outside of the app store - is absolutely hamstrung by requiring a bloated and dated "webkit".
100% on point to Apple holding back alternatives to lock people into their store.
"why"
30% cut of millions that isn't needed for large developers. You know? that 80% that you say because games are locked into the app store and the 30% cut.
Would games use a browser instead? Where are all of the great profitable web based games for Android? If the Android browser experience is so much better, then why are there hardly any apps that are iOS and web only so they can avoid the “Google tax”?
The entire idea that makes games so popular is that it’s easy to capture whales because of the easy payments. Are you really complaining that poor little Candy Crush and their ilk have to pay 30% to sell loot boxes and gems?
Yes and web apps and Electron apps are so great on other platforms. Especially seeing the piss poor hardware that most Android phones are running.
BTW, iOS/Safari wins every single web browsing benchmark out there.
"would games use a browser" they shouldn't need to consider it but they are forced by the mafia into giving the don their cut.
"are you complaining" are you defending mafia tactics to take a house cut that's way beyond reasonable? doesn't matter if it's "poor little candy crush" or not... I'm arguing against unreasonable market force - just like I'll argue against MS's IE/Edge bundling and Google forcing their platform.
Your deflections just show that you know I'm making a point - androids "piss poor hardware" has nothing to do with Apple using mafia tactics to gouge their customers.
Web Apps and Electron shouldn't be needed - companies should be able to use alternative payment methods. They also shouldn't be tied to shitty webkit with it's outdated, insecure and lackluster implementation.
and "safari wins benchmarks" is a lie - unless you're talking about the furthest behind and most insecure.
What does two articles about security flaws have to do with which browser is the fastest - ie “wins benchmarks”? And what does your ranting about the App Store have to do with an article about a web browser? Apple patched the flaw over a year ago are you claiming that Android has no security flaws?
Do you really want to die on the hill of how far back Apple supports devices with security updates compared to Google? (Hint: Apple released a patch for the iPhone 5s that was released in 2013 earlier this year)
The “mafia tactics” is the same percentage that Google takes and the same percentage the same game makers pay on Google.
Again, the article is about “web browsers”. Even if the Firefox engine or a third party engine were allowed on iOS - it would have no effect on the vast majority of App Store revenue since it comes from games.
"what's it have to do with" fastest is not best when it's the most insecure and furthest behind - to the point that it's holding back the internet like IE was back in the day. the fastest piece of shit car is still a piece of shit car.
"support" more support of an insecure, antiquated and unsafe browser is still support of a bad browser.
"same % as google" google does it because Apple did it and didn't get blocked. AKA: price fixing and market collusion. both should be blocked from it.
"it would have no effect" you are saying that alternatives wouldn't affect the price? You're full of...
competition would absolutely affect prices and alternatives would absolutely give real competition.
just because Apple supports the 5s with a shitty and limited browser that's faster but still hamstrung (your attempted points about Saint Apple and the Holy Safari) ... that doesn't change the fact that competition would lower prices as that 80% would absolutely be cut into by a massive number of companies that don't want to give the mafia a 30% cut.
Watch how those numbers change as Apple is FORCED to allow alternatives to their shitty options and their mafia tactics are countered.
> what's it have to do with" fastest is not best when it's the most insecure
So it’s the “most insecure” because you found two security issues that were patched? Other browsers never had security issues?
But you’re going back on your original statement that it isn’t the fastest.
> support" more support of an insecure, antiquated and unsafe browser is still support of a bad browser.
And it’s “bad” even though the competing browser on Android - Chrome - is slower, doesn’t support plug ins, and is by definition less secure since Google drops support for old phones?
> same % as google" google does it because Apple did it and didn't get blocked. AKA: price fixing and market collusion. both should be blocked from it.
Now it’s Apple’s fault that Google also charges 30% as well as the console makers?
> it would have no effect" you are saying that alternatives wouldn't affect the price? You're full of...
How would alternative browsers affect the price of apps that would never be in the browser? Another point is that there are alternatives on Android and Google still charges 30%. How did going outside of the Google Play Store workout for Epic?
> just because Apple supports the 5s with a shitty and limited browser that's faster but still hamstrung (your attempted points about Saint Apple and the Holy Safari) ... that doesn't change the fact that competition would lower prices as that 80% would absolutely be cut into by a massive number of companies that don't want to give the mafia a 30% cut.
Yet it doesn’t cause lower prices on Android…
> Apple will allow third-party app stores, because the EU is playing hardball Is this the end of the 30-percent App Store commission?"
Google also takes a 30% cut on apps. Microsoft takes 15% on Windows apps. Would that mean that Google and Microsoft are doing the same thing?
And while Apple does require Google and Microsoft to use WebKit for their iOS browser apps, it's a rendering engine. And you can set Chrome/Edge as defaults on both iOS and macOS.
> And you can set Chrome/Edge as defaults on both iOS and macOS. Tell me how this limits real browser choice.
Chrome on iOS is a skinned Safari. It's not real Chrome. Same for Edge.
How is forcing a shitty and limited "rendering engine" not limiting choice?
At risk of regulators forcing the issue, rumor says it may be changing but you are being disengenous if you don't think this isn't the same level of BS as IE bundling with Windows. "But we can skin IE to look like chrome" isn't choice
> "For example, the UK’s Competition and Markets Authority (CMA) found that:
> Apple bans alternatives to its own browser engine on its mobile devices; a restriction that is unique to Apple. The CMA is concerned this severely limits the potential for rival browsers to differentiate themselves from Safari (for example, on features such as speed and functionality) and limits Apple’s incentives to invest in its browser engine.
> This restriction also seriously inhibits the capability of web apps – apps that run on a browser rather than having to be individually downloaded – depriving consumers and businesses of the full benefits of this innovative technology."
edit: and I've ignored Mac OS because the conversation is clearly about iOS. If Mac OS had the same restrictions as the iOS (IE: you can install apps outside of the app store on your laptop) then we'd have the same conversation there.
Chrome doesn't even let you install extensions on Android. And for Firefox on Android it's a buggy workaround that doesn't even work half the time. This isn't just an Apple thing.
That's one extension, there are thousands that may or may not work. It was buggy the way Firefox used to handle extensions. The current Firefox extensions are ones that are made specifically for Firefox on Android, they're not direct extensions for the Chromium browser. It's another silo'd set of extensions separate from Chrome.
So iOS allows extensions only for Safari from the App Store.
Android Chrome doesn't allow extensions at all.
Android Firefox allows some extensions that were made for Firefox on Android.
Aside from extensions, try to do what Brave does on Android on iOS: you can't. The limitations are not just the renderer. On Android they can ship their own chromium.
My favorite part about this is how it basically forces services to accept this as a functional scenario.
If it were UBlock Origin doing this, sites could just say "Sorry, we don't support this, your addin is breaking everything, please turn it off."
But when Apple does something, there's no room for conversation. Sites can't say "Sorry, we don't work on iPhones." For better or worse, what Apple decides becomes acceptable. In this case for better.
> My favorite part about this is how it basically forces services to accept this as a functional scenario.
Maybe some services will accept it, but others will not. When I tried to sign in to Microsoft Teams from Safari yesterday it presented a screen that said that Teams will only load on Safari if I disable tracking prevention for the Teams site. So unless users put additional pressures on services to offer support for Apple those services may just force users to accept tracking one way or another: either by disabling Safari's mitigations or using an alternative client that does not use such mitigations.
Oh no, I can’t use a useless Microsoft product in Safari! Jesting aside, it’s a bad example. No one is changing their browser so they can login to their employer’s shitty surveillance, oops, I mean communication platform.
In what world aren't they? Their employer's shitty web frameworks are why IE11 has been relevant for so long.
Your choices are 1) download the native application (with much more access to your system) 2) follow the instructions 3) open Chrome because realistically you probably already have it anyway or 4) lose your job to prove a point.
I like it! But I imagine we'll see Facebook etc using unique links for everything, without redirects.
e.g. Your Facebook page url appears to be facebookdotcom/1234 for me when I click it from the home page, facebookdotcom/5678 when I click it from a thumbnail and facebookdotcom/0987 when someone else clicks it
But when Apple does something, there's no room for conversation. Sites can't say "Sorry, we don't work on iPhones."
Absolutely. There was no shortage of Windows-centric corporate IT departments that swore that they'd never support Apple products.
Then iPhones started showing up in boardrooms, and they quickly changed their tune.
I brought my iPhone to work shortly after launch and showed it to curious coworkers. The head of IT for that particular multinational corp said it was garbage and would never be allowed on his network. "Apple is crapple" was his favorite phrase.
A few months later he got to peddle his anti-Apple mantra on the unemployment line.
In fairness to the people who fired him, fanboy-ism has no place in the dispassionate decision making process of a professional. You have to have people around who are making decisions based on realities and not mantras or you're going to lose money.
If he wants a job where fanboy-ism can be helpful in climbing the ladder, he should try politics or something like that. Where all the money on the line belongs to other people. So no one really works to protect any of it.
We shouldn’t crow about people being fired. But I’ve had that anti-Apple attitude leveraged at me in _so many meetings_. Having to smile and be polite to the face of people who keep referring to your choice of hardware as “fisher price” or “a toy” or “for sheep” is tiring and infuriating. I’m an engineer, and I made my decision with as much technical and design knowledge as anyone else
In my experience it’s also extremely one sided. I work with Windows, Android and Apple colleagues and the amount of times I hear “Xcode is crap haha”, “How can they live with such a shitty OS” etc. makes me wonder if all this is rooted in deep insecurity or something? Some Windows-centric people in senior management places I have worked will use me taking my iPhone out of my pocket as an opportunity to criticise the platform, my choice, and so on
I’m sure that some Apple users are quick to do the same, but in my experience they just tend to get on with their lives
I'm sure somebody will figure out a way to use multiple seemingly-legitimate parameters to get the same result. Why use ?click_id=aqNERjsdfyqe when you can use ?category=10612550&subcategory=5929127&page=4257344 and transfer the same data without arousing suspicion?
Websites can use a single lengthy encrypted parameter to encode everything (query params and tracking data). And then what.. will they break all website links by removing the parameter?
Turn on iCloud private internet (apples vpn) and Google will make you do captchas all day long whenever they feel like it. I use DDG now, but Google really wants to track you.
Google Ads sent an email out to advertisers (a few days ago I think) introducing their workaround.
Normally clicks have a "gclid" query param. Google is introducing 2 new query params to somehow attribute clicks using modeling + machine learning (somehow).
Edit: here's a detailed description of how Google is attempting to track conversions using machine learning. I have no idea how this could possibly work without some kind of fingerprinting or user profiling or IP address. Almost feels like "modeled conversions" powered by ML is a way to do fingerprinting without explicitly having an algorithm that blatantly uses fingerprinting.
It is not a work around in the sense that they will be able to track you, they won't.
What Google tells them that if they use Analytics 4, they can use modelling to give attribution of convertion. In this case, attribution means not fingerprinting but percentage of people that was converted thanks to Ads. For other analytic engines they set the fields as 'not set'.
They day that in their models they aggregate data as geo, IP, and others and they won't give the fingerprinting data. The only problem is that they don't give details on the privacy preservation of their ML models. This means that if they fuck it up and give to much information, someone could try to reverse the aggregation (like doing a deconvolution) and do some fingerprinting.
Easy work around is encrypt the data into the path decode the data server side and do a server to server beacon call. no ad blocker technique is going to be able to block it. apple is just making the industry step through more hoops. all the beacon calls are going to server to server before this.
A lot of the conversation here seems to be that you can't trust Apple, or that Apple is doing something user hostile.
I don't get it.
What's the alternative? Most people with a phone are going to be using iOS or Android. Those are the two options. Apple has the chance to improve data privacy, and they've done it. Android (essentially, Google) is certainly _not_ going to take such action.
Apple could always use this to their advantage, or double-back on it. Who cares? They've moved the needle in a positive direction, that's all that should matter.
It’s Apple. There is nothing else to understand. Just because of who they are, some people will claim it will change the world and some people will claim it’s bullshit or not working or evil. There are many more of the latter and they are quite annoying, but the best that can be done is ignore them.
> They've moved the needle in a positive direction, that's all that should matter.
Some people cannot seem to understand that a company whose interests align with those of the consumers, however imperfectly, is better than a company whose policy relies only on ideology. Then you have the contrarians who will claim that they are lying and black is white anyway.
Apple keeps focusing the privacy discussion on things like 3rd party trackers, since this doesn't affect their business model in any way but gives them good PR. They do nothing against the more serious issue of government surveillance, they even let the government run their iCloud servers in China. Their interests align with consumers and they align with governments even more.
I think it’s completely healthy to remain skeptical of a massive corporation. But that doesn’t mean we have to be tribal about it. I dunno. Sometimes I wonder if it’s just intellectually less exhausting to “black and whiteify” everything rather than explore the nuances of a corporation doing stuff that we sometimes benefit from.
We should remain skeptical and scrutinize and shape their actions through consumer feedback.
> Apple could always use this to their advantage, or double-back on it. Who cares? They've moved the needle in a positive direction, that's all that should matter.
Because all of business history has told us that the market dominant company strong-arming its opposition has never worked out for the consumer.
> They've moved the needle in a positive direction
They've moved the needle towards building their ads business. As hardware refresh cycles become longer, Apple is moving towards other sources of revenue, including ads.
These changes, while positioned as Privacy, give them a huge moat and in the end, harm consumers.
Before these changes, if an app wanted to drive installs on iOS, they could choose FB or Google. Now, Apple is the only game in town and their cost-per-install are already exceeding FB's last published cost-per-install.
The Apple consumers pay for this additional revenue to Apple.
Isn't this a cat and a mouse game? The moment this actually start causing problems they will change how parameters work. Maybe the easiest would be to use a single encoded parameter which would be decoded on the server and Apple or anyone else won't be able to change a thing about it.
This is a MITM attack where Apple plays the good guy(or control freak, depending on how you feel about it) but MITM attacks are nothing new.
Apple is pushing PCM (private click measurement) as a middle safe ground, but nobody would adopt it if more invasive and accurate measures continued working.
They're probably hoping that advertisers will retreat to PCM instead of continuing the cat and mouse game.
PCM is an in-progress standard that, at a high level, allows measuring ad campaign success without tracking individual users. No such restrictions apply to query parameters, of course - so PCM is inherently more private.
It’s easy enough to encode item IDs (e.g. the ID of a video) with various tracking data in a way that only the website itself can separate them. Decoding can be done at the CDN level, e.g. Cloudfront Functions.
Agreed. More simply couldn't any ad tracker just have a dynamic parameter name so it's impossible to distinguish between a parameter required to run the site and a parameter used for tracking?
Or is this feature more advanced than just stripping known tracking parameter keys?
Good. Something had to be done. You (marketing) guys have gone too far.
My genuine opinion:
All advertising is evil, with one singular exception: Shoe ads for shoes inside your own shoe store.
All tracking is evil, with one exception: a simple integer counter that counts how many people enter your store. And, no, I don’t mean an integer for every possible metric, justifying it by claiming each particular metric is like a unique store counter.
Everything else, and I do mean everything, is your responsibility to count on the back end. “I put out 7 shoes and only sold 1. Try something else.”
Anything more than this is simply greed and laziness.
I see advertisements as payment for information, and people should have rights to disseminate information. If I want to pay for information to be shown to users, that should be my right.
I prefer advertisements because they can be obvious and labeled as such. Apple's changes here are moves by one advertising company (Apple) to control the flow of other advertising companies' information. It's a monopolistic move that gives them an unfair advantage in advertising, just like their SKAN solution did in mobile, leading to a huge increase in advertising revenue for Apple.
Consumer's are told by Apple that this is to 'protect their privacy' when in fact, it does not protect privacy. This is a targeted move by Apple to consolidate their position in the advertising ecosystem.
I believe you are correct. I don't use tiktok, but when someone shares a link with me the page says "XXX wanted you to see" and the url has no obvious query parameters so I can only assume they're bundling the video id with who shared it.
we work in the affiliate business and this has the potential to completely desotry the business model. Many of our partners rely on affiliate money to make ends meet, it is what powers most content creators.
Safari is planning to use ML to detect click_id type of query parameters and strip that from URLs. That's just poor execution and business destroying. PCM restrictions are horrible too.. we have to design the link so it stays within safari's specs:
> With an ad-click, an 8-bit ID can be transmitted (a number between 0 and 255, i.e. 256 possible values / campaigns) - per domain
> For a conversion, a 4-bit ID is transmitted (a number between 00 and 15, i.e. 16 different types of conversion) - per domain
Not to mention Chrome and Firefox has other ideas, each different on how their PCM will be integrated. Other than the mega corps, noone is benefitting from this privacy enhancement. Just more work to adapt.
> Other than the mega corps, noone is benefitting from this privacy enhancement. Just more work to adapt.
One time I was talking to a real estate agent, shortly after some of the post-'08-meltdown regulations had gone into effect. She said something like:
"It makes it so appraisers can't fudge the numbers a little higher to make sure people get their loans, now. Which I know wasn't what they intended, but it's what they've done, and it's hurting people."
She thought one of the things the regulation was definitely supposed to do, entirely on purpose, was some accident, and that this thing happening before that was not OK and was, over many iterations, partially responsible for the housing bubble happening in the first place, was in fact fine. She was totally unable to grasp that this behavior was bad and that the regulation was supposed to stop it, and that that was definitely a good thing—but it was making it harder for her and her banker(!) husband to close deals and sell loans, that is, to make money, so surely it can't actually be a good idea and overall beneficial to lots and lots of people.
Can't the tracking information just be stuck in the actual URL itself? Even in the domain name? So instead of amazon.de/product?affilate=hamhamed it would be something like hamhamed.amazon.de/product?
And if that won't work, just encode the entire url as amazon.de/2ec1a277-0c96-40d3-8fe1-e418fd82986d
Since Apple has access to everyone's emails, they could see that the same email has a unique link in every email and show the user some kind of warning like "This link has a unique tracking ID, do you want to proceed?"
Puts the information and power back in the users hands.
Yeah, I make money from affiliate links. That's how I can work full time making completely free content. Many of my partners use Google Analytics and already struggle to track leads. This won't help.
In the end most of these have to end up at some sort of public URL. Only truly closed platforms like FB could really work around this, but anything that ultimately has a public URL will be pretty easy to find.
Not really, any website can implement a url scheme that makes url params unneeded. You see this all the time with SEO friendly stuff where mysite.com/cool-product/details is displaying the same thing that mysite.com/product/?product_id=124&view=detail
Maybe. For the past few years I've had the pattern of making is so we can permalinks that carry all the parameters in the database... so if you click on https://mysite.com/uDFOD it might display the same thing that https://mysite.com/products/really-cool-product/?lotsa=param... whould, but there is nothing in the url that needs to be displayed. If your web app is hosting the redirect, you can just skip to C and respond with the correct body to the redirect url.
I wonder what companies will do now, probably embed the tracking information within the URL without using parameters, like dynamic URLs that are unique to a particular user/cookie?
There's not a whole lot that can be done to combat this, but I suppose Apple could do something like keep a database of known tracking URL patterns and when encountering such URLs, "unwrapping" them in an isolated background webview which is fully generic across machines and doesn't have the user's cookies or other data, which would limit the information gathered, and then finally passing the untracked URL back to the user's webview instance.
EDIT: They could also do something similar to what they've done with Content Blocking Extensions, maybe call them "URL Cleaning Extensions", which allow third parties to maintain tracking URL pattern lists which Safari can then follow to do its unwrapping.
Historical patterns with Mail.app on iOS suggests that Apple will simply code something that fetches all such links in order to collect a preview, whether or not the preview is ever shown to the user, just as they do with Mail.app images today when iCloud Private Relay is enabled. At which point the tracking value becomes less than zero, because it pollutes the core dataset attribution “a human saw this”.
Tiktok does this. If you share anything on Tiktok, and someone clicks on the URL they get an alert "purpleblue shared this video with you!" and you can leak your private account to someone.
I could see the writing on the wall. Offerup I think does this. If you click through an item in a search the URL has a UID in it. Then if you click on the seller and find the item from there, its an integer (which is likely a database index).
I often remove tracking parameters from URLs and I notice that some services/websites return an error if you visit it without a tracking parameter. If a service does this, apple can't remove the tracking parameter from the URL any more.
Already ahead of you. They're already generating custom links with all the tracking parameters embedded. Tumblr, TikTok and Facebook have done it for a while now.
Question is, how are they going to identify tracking parameters in links ?
They can't just blanket remove all GET parameters (because it would break legitimate non-tracking links), plus advertisers could use subpaths instead of GET params for writing the tracking data.
Therefore I suspect it's only going to be arms race between a blacklisted list of GET params and advertisers changing up the variable names to escape it, making it unsafe to use any GET param at all because you can't be sure a link that works today will still work tomorrow if they changed their list of banned properties.
>It detects user-identifiable tracking parameters in link URLs, and automatically removes them.
Wow, another heuristics software by Apple that automatically does something I didn't ask for? Is there a chance it removes a parameter from the link which renders the functionality broken? On the other hand, could advertisers just use random hashes without labeling them as the tracking param to avoid this? Apple is famous for producing bad software, I hope their programming would automatically interfere with as less things as possible.
yeah it is wild that it is an unpopular opinion, perhaps my tone was a bit aggressive here towards Apple – but after all these years using their software – i detest most of it, and especially where they want to intervent my content for whatever cause.
Thats why I instantly put these links into a service like
https://unshorten.me/ and then send/open them.
I use urlchecker [0] for this on my phone and have it set as my" browser" that way, every link i click on, I see a popup with the link and with one or two button presses I can remove the tracking parameters and/or unshorten it and then open it. Works like a charm.
May be to much friction for some, but I like it.
This works only if they implement it via HTTP redirect. If the backend does the tracking and then just loads the content, then the client is none the wiser.
If companies try to hash the direct and referral link into a single link (or use a redirect link). Apple could visit the site internally, return the actual, tracking-free webpage, and forward that to the user. This would mean the referral link is actually just tracking how many times Apple decodes it and would devalue the use of a referral link since it would just be reporting "how many times this link was forwarded" and not "how many times this link was clicked"
Yup. Same way Gmail neutered tracking pixels in emails back in the day. They open each one as soon as the email is received, rather than when the recipient opens it.
Yeah this is a very naive and somewhat potentially harmful measure. Think of all the old .asp and .php websites that basically route you to a page by just throwing a big old fat query string into the URL.
Yeah, it might wreck SEO. But if you're really trying to track users and see who clicked on your email or whatever, it's probably the case that you don't care about SEO in this specific case.
I mean presumably they have some decent heuristic for what are "user-identifiable" parameters.
But I don't trust that heuristics works for every query parameter for every website on the internet.
Here's one: Imagine you run a small website and send signup confirmation emails. Suddenly, 20-30% of your users can no longer complete signups and you have no idea why. Oh yeah, our URL is:
This is exactly what I am afraid of, we use url query parameters heavily to prefill forms for our employees and clients, think online training and service agreements. This will break a lot of our operation.
There is some kind of blanket-remove bug with bookmarks. Try bookmarking a URL with query parameters in Safari on iOS. I don't know if it happens with every URL, but with this one[1] specifically, it drops the query parameter from the bookmark. You have to go add it in manually by editing the bookmark afterwards. I wonder if it's motivated by the same kind of change as this article is about, or if it's a separate bug. (I haven't tested this recently, but it was true as of late last year.)
It breaks the web. There are literally no real rules on how you use them, so you have a lot of things that will be confused with tracking (gclid,clickid,campaign, etc). Even stuff that was originally tracking gets re-used. I've worked on systems where utm_medium=web and utm_keyword=socks were used to literally query the landing page for the user and effectively were the U in URL.
Good. I wish the internet would go the way of the Gemini Project and, by default have privacy-centric behavior. I'm tried to every company thinking I want to be tracked; I do not. I want simple services that do the thing I ask them to do and no more.
In my testing, the tracking parameter removal in Safari 17 seems very limited. It'll be interesting to see if this turns up in the WebKit open source, to see how it's implemented.
The net effect of this Apple "privacy" stuff is to make it very hard for small niche businesses with a limited budget to advertise effectively. There were tons of startup CPG brands like Dollar Shave Club that popped up during the great Facebook Ad banaza of the mid 2010s when tracking worked. This privacy crusade has just essentially cemented the big brands who can afford to do poorly targeted ad campaigns like TV advertising.
I assume that everybody will now start implementing user-unique URLs to share like TikTok, instead of just tacking on parameters to a single canonical URL.
Has anyone verified this (the Mail.app) part themselves, or is the blog post just going off of Apple's press release? The press release:
> Link Tracking Protection in Messages, Mail, and Safari Private Browsing
> "Some websites add extra information to their URLs in order to track users across other websites. Now this information will be removed from the links users share in Messages and Mail, and the links will still work as expected. This information will also be removed from links in Safari Private Browsing."
Note that it says "links _users_ share". That part seems unnecessary if it's _all_ links in emails. I think it points to this feature being more about protecting a user from inadvertently forwarding their email to someone else, while not realizing it has personal identifiers in the links? Preventing others from unsubscribing them, or even auto-logging-in etc.
Though, I personally haven't seen iOS17 remove any query params from emails at all, maybe will have to wait for the next beta to find out.
I'm using the ClearURL browser extension for that. It's also a available on Firefox Mobile.
Unfortunately some apps are making it harder to open links directly in Firefix. E.g. Reddit's app has removed the possibility to open links in an external browser.
Do they block Google from tracking which search results you click on? Google changes search results link on-click to make sure they know where you go... Just right-click on a link and then hover it to see where it really points to
Interesting, as they have to be using some sort of blacklist, like "fbclid" and so on. I'm curious if there will be an escalation cat-and-mouse thing with less easily identifiable params, rotating names, etc.
I use an addon called NeatURL that strips out tracking parameters.
It has a specific blacklist of parameters to strip. In the several years I've been using it, I've only had two websites break from it, both being legit surveys that I needed to take.
I use a Firefox extension for this same purpose. They maintain a large database of known tracker parameters and strip them. This means occasionally a new or unknown one slips through the cracks, but overall is very effective.
Won’t the tracking companies work around this by providing each account their own set of unique obfuscated tracking names and keywords that gets mapped back behind the scenes? Impossible to build a database that way.
This is a welcome change but I don't believe it prevents links from being copied with the tracking url (especially from Apps like instagram).
I made an iOS extension that supports this and allows you to add your own filters.
https://apps.apple.com/us/app/clean-share/id6448807061
Sounds great, I already use an addon to do this, but its nice to fight against marketing whenever we can. Good to have more users doing this.
The only negative I can see, is that this might long-term reduce functionality. I personally have a bad habit of passing data through URLs out of laziness/practicality.
Real quick, could you not download an addon that did this before? If you could, this seems potentially malicious, need to keep everyone on the App store and hurt the web.
Your addon for this works because it's not widespread enough for the marketers to implement a workaround. Apple just changed that, so now the marketers will find a new way and your addon won't be effective.
Oh, that would explain why some of my users suddenly can't access URLs that worked forever.
I send those URLs through facebook messenger, which add its 'fbclickid' nonsense to them.
I don't care for that tracking information, however it seems the URL becomes malformed after iOS "cleans" it, resulting in a redirect loop on my server.
When was iOS 17 released?
EDIT: Oh, nevermind, it's not released yet. Must be something else then... I blame facebook
So now if there is a link to, say, mysite.com/f/ajdheke and the last part is different for each user, and I choose to send this link to a friend, then the friend will get mysite.com/f ? Breaking the site?
Apple is going too far with this. Cookies is one thing, but how are people supposed to confirm email addresses now, copypaste a code?
When I click in my Gmail android app on a link from a received E-Mail, the opened Firefox browser opens a google domain for a second and only after that the domain from the link opens... any idea what that is? Tracking?
Google bounces all URLs through a redirector which strips referrer information and also allows them to warn about malware sites that were identified after the message itself was classified and delivered.
I would like to test that but when clicking different links I get mixed results. The URLs get modified alright but a lot of referrer info seems to not get removed.
I guess its just Google collecting one more metric.
It's for security. Checking against a list of banned URLs, etc. When you have user-submitted content, protecting your users from bad URLs is important.
Also, I'm sure they're doing plenty of click tracking too :)
How does it determine what is a tracking parameter? You can often pass a string along in the URL because you're trying to call a function or pass simple data between pages.
Exactly what I was thinking, I've had false positives from uBlock thinking anything with /tracking/ in the URL was telemetry (when it could for instance be tracking of postal goods).
Unless they keep an up to date list of known tracking parameters I assume this will just become a cat and mouse game or advertisers will find other ways to obfuscate the tracking.
It’ll always be a cat and mouse game but I imagine that, even if they simply strip out utm_x parameters from the URL, there are enough websites out there that won’t update their Google analytics script to work around it.
The lowest-hanging fruit would be nuking any UTM-related tracking parameters (https://en.wikipedia.org/wiki/UTM_parameters). I'm sure the solution is sophisticated beyond simply handling these, though.
Right... but Google and Microsoft already let you customise the names of query parameters containing tracking information - I can call the Google Click ID parameter "dave" if I want to.
Have you seen current applications like Reddit and YouTube? They all have their own 'share' menus which essentially bypass any protections put in place by iOS.
I'd assume it hinders it actually. It doesn't accomplish anything and you can tell what additional information about the customers device based on some parameters being stripped.
The hyperlink is the building block of the web - without links there is no web. Please just leave links alone. I don't particularly enjoy tracking any more than the next person, but don't automatically alter links people may be intentionally trying to access. I hope this is a feature that's disabled by default in the future even if it's offered for people to turn on and off any time.
While as a consumer I do objectively like the privacy measures Apple is adding, at end of the day they're simply consolidating all tracking power to themselves.