Is Apple our Online-Privacy Vigilante?
Apple purports that its new Intelligent Tracking Prevention Technology integrated in Safari browser prevents 3rd-party cookies from collecting users’ data, therefore, reducing online ads, and ultimately protecting users’ privacy. This paper challenges this by arguing that ITP’s functionality will be limited with several ad services like Google. Illustrating then how the concept of online privacy isn’t simply ‘unauthorized intrusion’ but also expands to ‘what is being done with the collected users’ data’ and ‘to what end they are used.’
It’s been circulating for a few days now that the ad industry is “deeply concerned” about the new technology introduced in Apple’s MacOS High Sierra and iOS11, namely, Intelligent Tracking Prevention. (Kravets 2017)
As the name suggests, Intelligent Tracking Prevention or ITP, is a newly added feature to Safari browsers across Apple’s operating systems that ‘limits’ third-party cookies (which are ‘small text files’ deployed into users’ computers for advertising purposes (Rubinstein et al. 271)) or cross-site trackers ability to collect users’ data—or more commonly track them online for advertising purposes using machine learning technologies. As a result, ITP reduces the number of invasive ads that follow users around the internet (“MacOS – Safari”) which is largely based on a user browser’s history. Of course—as always with Apple technologies—all processes related to ITP occur on the device used (Wilander 2017).
ITP marks a new era where the issue of mapping users through algorithms to better target them with ads (AKA privacy concerns) is acknowledged as a concern—rather than an opportunity—in Silicon Valley’s biggest companies, and is addressed beyond academia, political institutions and small-time developers—who are actively creating applications like AdBlocker and Ghostery and search engines like DuckDuckGo and even browsers like Tor. However, ITP isn’t aimed at blocking ads rather it focuses on privacy as highlighted by Apple’s promotional material: “Defending your online privacy and security” (“Apple WWDC Special Event” 2017). Hence, it shouldn’t be approached as an ad blocker.
It also marks the first time the inclusion of Machine Learning which will become smarter over time as users teach it. (Bell 2017)
Reflecting on the statements on Apple’s website and WebKit’s website about ITP along with Tim Cook’s statement: “Apple believes that people have a right to privacy – Safari was the first browser to block third-party cookies by default and Intelligent Tracking Prevention is a more advanced method for protecting user privacy.” (Miller 2017) Apple has clearly positioned itself as the ‘digital vigilante’ defending users’ security and privacy from the ‘restless algorithms’ mining and sampling users’ data without consent, mainly, the ad industry, that has also been lobbying for a while to stop privacy protection bills when the topic is at stake. (Brodkin “ISPs Can Keep Sharing Your Browsing History After California No-Vote” 2017) and (Brodkin “Google and Facebook Lobbyists try to stop New Online Privacy Protections.” 2017).
Let us examine then whether ITP delivers on its promise through its functionality, and let us examine how intelligent ITP is ‘straight out-of-the-box’ in ensuring and maintaining our privacy:
John Walindar of WebKit (Wilander 2017) explained how ITP works:
“Let’s say Intelligent Tracking Prevention classifies example.com as having the ability to track the user cross-site. What happens from that point?
If the user has not interacted with example.com in the last 30 days, example.com website data and cookies are immediately purged and continue to be purged if new data is added.
However, if the user interacts with example.com as the top domain, often referred to as a first-party domain, Intelligent Tracking Prevention considers it a signal that the user is interested in the website and temporarily adjusts its behavior as depicted in this timeline:
If the user interacted with example.com the last 24 hours, its cookies will be available when example.com is a third-party. This allows for “Sign in with my X account on Y” login scenarios.”
Integrating Google as example.com, ITP, then, operates as follows:
1- if you visit a website that has cookies from third parties (like Google’s cookies), the ads will follow users on Google services and other websites that implemented Google cookies;
2- after 24 hours—assuming a user doesn’t visit the website, and in this case the website is Google or its services—it will freeze its cookies, but they will remain in the user system up until a month;
3- after a month it will purge those cookies and will continue to do so if new content is added to them.
To know whether ITP will block Google 3rd party cookies or not, we need to factor in the following:
Google and its services are notorious ‘data miners’ (Rubinstein et al. 270-273). Most of online users visit Google services at least one or more than one time on any given day (according to their recent I/O keynote, in which they announced that they have crossed the 2 billion active-users threshold using Android OS—which requires a Google account, otherwise a user loses some of the functionality—and 1 billion monthly active users on each of their platforms) (Search, Android, Chrome, YouTube, Maps, Google Play, and Gmail.)) (Gallucci 2017). They have their 3rd party cookies in plethora of websites (In a research conducted in 2014 on the distribution of cookies for the top 1000 sites, 87% were placed by a third-party host and; Google was present in 712 out of a 1000, the company’s ad tracking network, doubleclick.net, had cookies on 685) (Hoofnagle 3).
Given the information mentioned above, ITP most likely will identify Google as “interesting” to a vast number of users and will not remove or block its 3rd-party cookies. (Marvin 2017)
To put all this into perspective, users who opt in for Google or its services will continue to see ads most of the time if they use Google on a daily basis, and therefore it will continue to ‘mine’ their data. The same logic applies to Facebook (“Immaterial Labour And Data Harvesting” 2017). In a nutshell, with the main advertising players, ITP won’t function properly. In fact, ITP will eliminate competition to Google and Facebook (Marvin 2017).
However, and this the vital part—taking into consideration that Google would retain the ability to track a large user base—privacy on the internet can’t be reduced to: identify advertisers who track your online behavior, and removes cross-site tracking data to ‘prevent ads from following you around’ (“Apple WWDC Special Event”, 2017), that’s a simplistic approach. Privacy indeed doesn’t only mean unauthorized intrusion, it also means being apart from observation (“Definition of Privacy” 2017). And in the digital age, privacy has also extended to mean ‘what they are doing with these data’ and ‘to what end they’re being collected’ since mining data doesn’t end with advertising. (Kruck et al.).
To show what for data are collected, I’ll quote Eric Schmidt of Google on the matter. In an interview with the Financial Times, Eric said: “The goal is to enable Google users to be able to ask the question such as ‘What shall I do tomorrow?’ and ‘What job shall I take?’ ” (Daniel and Palmer 2007). The headline of that article is “Google’s goal: to organize your daily life surely reflects organizing your life.” And the content goes on to show that it’s done through data collection, but this article could mean something else as well: complete and total reliance on a system that has been constantly attempting to streamline the density and irrationality that constitute the human self into simplified connections and algorithms. (Morozov 199-208, 230-238)
The main problem with privacy in the digital age stems from the biggest beneficiaries of invading users privacy, namely, Facebook (“Immaterial Labour And Data Harvesting”) and Google, through their mapping practices under the pretense that their algorithms can unravel what is it like to be human at some point in the future, then deploying tactics like gamification to motivate users to read more for example (Morozov 203-205) which proved not only futile (Chorney 8-9) but also harmful in an educational environment (Hanus and Fox 159-160). This concept—among other concepts—then become an extension of privacy and not ‘a stand-alone concept.’ Practices like these should be the main concern of privacy in the digital age, which—again—ITP can’t address no matter how smart it will become once we teach it.
It’s not that Apple’s ITP is a “Solutionist” approach to privacy as Morozov stated (Morozov ch.1). As a company, it has a long history of taking measures and creating applications that would help maintain our privacy (Jobs 2010), (Cook 2016)—since it’s a key selling point to Apple’s business model. That truly is not the point. The point is the reduction of a complicated concept such as online privacy into “ads following you around the internet.” (“Apple WWDC Special Event”). Privacy as a topic is labyrinthian indeed and can’t be guaranteed or protected with Intelligent Tracking Prevention or machine learning technologies—which could look like a distraction to a bigger topic, nor it can be fully resolved in a paper or an article. Users can’t ‘opt out’ of the internet and remain fully-functional anymore. They have no place to go (Gitelman 121-139), and for that, we need to scale up the conversation about data regulation as it’s vital to avoid its negative effects.
As for now, we can’t count on Google and Facebook to do the right thing, “the industry is trying to avoid data regulation as much as possible relying on our ignorance” (Kruck et al. 80), (Brodkin “Google and Facebook Lobbyists try to stop New Online Privacy Protections.” 2017), so until something happens with this topic, users need to know what happens ‘under the hood of their browsers’ therefore, education about the topic is quintessential and should be the starting point.
“Apple WWDC Special Event.” Apple, 2017, https://www.apple.com/apple-events/june-2017/.
Bell, Lee. “Machine Learning Versus AI: What’s The Difference?.” WIRED UK, 2017, http://www.wired.co.uk/article/machine-learning-ai-explained.
Brodkin, Jon. “Google And Facebook Lobbyists Try To Stop New Online Privacy Protections.” Ars Technica, 2017, https://arstechnica.com/tech-policy/2017/05/google-and-facebook-lobbyists-try-to-stop-new-online-privacy-protections/.
Brodkin, Jon. “Isps Can Keep Sharing Your Browsing History After California No-Vote.” Ars Technica, 2017, https://arstechnica.com/tech-policy/2017/09/isps-can-keep-sharing-your-browsing-history-after-california-no-vote/.
Cook, Tim. “Customer Letter – Apple.” Apple, 2016, https://www.apple.com/customer-letter/.
Daniel, Caroline, and Maija Palmer. “Google’S Goal: To Organise Your Daily Life.” Ft.Com, 2007, https://www.ft.com/content/c3e49548-088e-11dc-b11e-000b5df10621.
Chorney, Alan Ivan. “Taking The Game Out Of Gamification.” Dalhousie Journal Of Interdisciplinary Management, vol 8, no. 1, 2012, Dalhousie Journal Of Interdisciplinary Management, doi:10.5931/djim.v8i1.242.
“Definition Of PRIVACY.” Merriam-Webster.Com, 2017, https://www.merriam-webster.com/dictionary/privacy.
Gallucci, Nicole. “Google Just Hit An Impressive Android Milestone.” Mashable, 2017, http://mashable.com/2017/05/17/google-android-2-billion-active-users/#2K3BtomGTmqw.
Gitelman, Lisa. “Raw Data” Is An Oxymoron. Cambridge (Mass.), MIT Press, 2013, pp121-139
Greenberg, Andy. “How One Of Apple’s Key Privacy Safeguards Falls Short.” WIRED, 2017, https://www.wired.com/story/apple-differential-privacy-shortcomings.
Hoofnagle, Chris Jay and Good, Nathan, “Web Privacy Census” (June 1, 2012). Available at SSRN: https://ssrn.com/abstract=2460547
Hanus, Michael D., and Jesse Fox. “Assessing The Effects Of Gamification In The Classroom: A Longitudinal Study On Intrinsic Motivation, Social Comparison, Satisfaction, Effort, And Academic Performance.” Computers & Education, vol 80, 2015, pp. 152-161. Elsevier BV, doi:10.1016/j.compedu.2014.08.019.
“Immaterial Labour And Data Harvesting.” SHARE LAB, 2017, https://labs.rs/en/facebook-algorithmic-factory-immaterial-labour-and-data-harvesting/.
Ira S. Rubinstein; Ronald D. Lee; Paul M. Schwartz, “Data Mining and Internet Profiling: Emerging Regulatory and Technological Approaches”, 75 U. Chi. L. Rev. 261, 286 (2008)
Jobs, Steve. “Thoughts On Flash – Apple.” Apple.Com, 2010, https://www.apple.com/hotnews/thoughts-on-flash/.
Kravets, David. “Ad Industry “Deeply Concerned” About Safari’S New Ad-Tracking Restrictions.” Ars Technica, 2017, https://arstechnica.com/tech-policy/2017/09/ad-industry-deeply-concerned-about-safaris-new-ad-tracking-restrictions/.
“MacOS – Safari.” Apple, 2017, https://www.apple.com/safari/.
Marvin, Ginny. “How Apple’s Intelligent Tracking Prevention Works & Why Google/Facebook Could Benefit Most.” Marketing Land, 2017, https://marketingland.com/apple-safari-intelligent-ad-tracking-what-we-know-216865.
Miller, Chance. “Apple Defends More Stringent Ad Tracking Approach Saying ‘People Have A Right To Privacy’.” 9To5mac, 2017, https://9to5mac.com/2017/09/16/apple-ad-tracking-statement/.
Morozov, Evgeny. To Save Everything, Click Here. New York, Publicaffairs, 2014.
S.E. Kruck, Danny Gottovi, Farideh Moghadami, Ralph Broom, Karen A. Forcht, (2002) “Protecting personal privacy on the Internet”, Information Management & Computer Security, Vol. 10 Issue: 2, pp.77-84, https:// doi.org/10.1108/09685220210424140
Wilander, John. “Intelligent Tracking Prevention.” Webkit, 2017, https://webkit.org/blog/7675/intelligent-tracking-prevention/.