Stories
Slash Boxes
Comments

SoylentNews is people

Ad Industry “Deeply Concerned” About Safari’s New Ad-Tracking Restrictions

posted by janrinok on Sunday September 17 2017, @11:35PM   Printer-friendly
from the if-the-advertisers-don't-like-it,-it-sounds-like-a-good-idea dept.

MrPlow writes:

Submitted via IRC for SoyCow5743

Apple's limits on tracking will "sabotage the economic model for the Internet."

Apple's latest operating systems for the Mac and iPhone will soon be rolling out, and with that comes new restrictions on ad-tracking in the Safari browser. Adding a 24-hour limit on ad targeting cookies is good for privacy under Apple's new "Intelligent Tracking Prevention" feature. But if you're an advertiser, the macOS High Sierra and iOS 11 Safari browsers spell gloom and doom for the Internet as we know it. The reason is because Safari is making it harder for advertisers to follow users as they surf the Internet—and that will dramatically reduce the normal bombardment of ads reflecting the sites Internet surfers have visited earlier. Six major advertising groups have just published an open letter blasting the new tracking restrictions Apple unveiled in June. They say they are "deeply concerned" about them:

The infrastructure of the modern Internet depends on consistent and generally applicable standards for cookies, so digital companies can innovate to build content, services, and advertising that are personalized for users and remember their visits. Apple's Safari move breaks those standards and replaces them with an amorphous set of shifting rules that will hurt the user experience and sabotage the economic model for the Internet.

Apple's unilateral and heavy-handed approach is bad for consumer choice and bad for the ad-supported online content and services consumers love. Blocking cookies in this manner will drive a wedge between brands and their customers, and it will make advertising more generic and less timely and useful.

The letter is signed by the American Association of Advertising Agencies, the American Advertising Federation, the Association of National Advertisers, the Data & Marketing Association, the Interactive Advertising Bureau, and the Network Advertising Initiative.

Source: https://arstechnica.com/tech-policy/2017/09/ad-industry-deeply-concerned-about-safaris-new-ad-tracking-restrictions/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Ad Industry “Deeply Concerned” About Safari’s New Ad-Tracking Restrictions | Log In/Create an Account | Top | 115 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Informative) by TheRaven on Monday September 18 2017, @10:01AM (11 children)

    by TheRaven (270) on Monday September 18 2017, @10:01AM (#569683) Journal
    There's no breaking of standards. A few relevant parts from the standard:

    Because user agents have finite space in which to store cookies, they may also discard older cookies to make space for newer ones, using, for example, a least-recently-used algorithm, along with constraints on the maximum number of cookies that each origin server may set.

    User agents should allow the user to control cookie destruction. An infrequently-used cookie may function as a "preferences file" for network applications, and a user may wish to keep it even if it is the least-recently-used cookie. One possible implementation would be an interface that allows the permanent storage of a cookie through a checkbox (or, conversely, its immediate destruction). Privacy considerations dictate that the user have considerable control over cookie management. The PRIVACY section contains more information.

    Most importantly, from the PRIVACY section:

    An origin server could create a Set-Cookie header to track the path of a user through the server. Users may object to this behavior as an intrusive accumulation of information, even if their identity is not evident. (Identity might become evident if a user subsequently fills out a form that contains identifying information.) This state management specification therefore requires that a user agent give the user control over such a possible intrusion, although the interface through which the user is given this control is left unspecified.

    I.e. the user agent (browser) is free to discard cookies at any time before their expiration date (though it is required to discard them at this point) and may present any UI for doing so (for example, a checkbox saying 'delete tracking cookies from scumbags automatically' is fine). I used the Self Destructing Cookies plugin with Firefox on Android for quite a while to do exactly this: it deletes cookies as soon as you leave a site (and deletes known tracking cookies almost immediately) and stores them in a separate location where the user can explicitly undelete them (if they actually are useful, for example the login here).

    The real problem with this is that it's probably already too late. Advertisers are now using far more subtle fingerprinting mechanisms than cookies and this can't be fixed easily by the browser.

    --
    sudo mod me up
    Starting Score:    1  point
    Moderation   +4  
       Interesting=1, Informative=3, Total=4
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5  

  • (Score: 2) by The Mighty Buzzard on Monday September 18 2017, @10:54AM (10 children)

    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday September 18 2017, @10:54AM (#569691) Homepage Journal

    If a user agent receives a Set-Cookie response header whose NAME is
    the same as a pre-existing cookie, and whose Domain and Path
    attribute values exactly (string) match those of a pre-existing
    cookie, the new cookie supersedes the old. However, if the Set-
    Cookie has a value for Max-Age of zero, the (old and new) cookie is
    discarded. Otherwise cookies accumulate until they expire (resources
    permitting), at which time they are discarded.

    Emphasis mine.

    --
    My rights don't end where your fear begins.

    • (Score: 3, Insightful) by TheRaven on Monday September 18 2017, @11:37AM (9 children)

      by TheRaven (270) on Monday September 18 2017, @11:37AM (#569699) Journal
      And Safari has just defined a resource accounting policy.
      --
      sudo mod me up

      • (Score: 2) by The Mighty Buzzard on Monday September 18 2017, @11:50AM (8 children)

        by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday September 18 2017, @11:50AM (#569705) Homepage Journal

        I'm exceedingly dubious that resources were their motivation.

        --
        My rights don't end where your fear begins.

        • (Score: 3, Insightful) by TheRaven on Monday September 18 2017, @01:04PM (7 children)

          by TheRaven (270) on Monday September 18 2017, @01:04PM (#569731) Journal
          That doesn't matter. The UA is free to pick a policy for how it assigns storage resources to sites. Personally, I'd view even using storage on my computer for 24 hours to be too high a resource allocation for people engaged in online tracking, and prefer policy from the Safari self-destructing cookies, but there is absolutely no guarantee that a UA will have reliable storage cookies and anything that depends such storage is broken. Do you also believe that private browsing mode (which discards cookies when the tab is closed, irrespective of their expiration date) is a violation of the standard?
          --
          sudo mod me up

          • (Score: 2) by The Mighty Buzzard on Monday September 18 2017, @01:37PM (6 children)

            by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday September 18 2017, @01:37PM (#569739) Homepage Journal

            You're twisting meaning to suit yourself. Stop that.

            Users are free, and always have been, to take affirmative actions that are not standards compliant. The RFC even acknowledges this. User agents are not. Not without violating the standard.

            --
            My rights don't end where your fear begins.

            • (Score: 2) by TheRaven on Monday September 18 2017, @01:58PM (5 children)

              by TheRaven (270) on Monday September 18 2017, @01:58PM (#569743) Journal
              No, unlike you, I'm reading the standard. The RFC explicitly states that cookies may be deleted before their stated expiration by the UA in response to a user configuration or by the UA in response to exceeding resource allocation constraints that the UA is free to define. Both of these are valid justifications for deleting them after a pre-set length of time. Apple is not the first to do this, and I hope that they won't be the last.
              --
              sudo mod me up

              • (Score: 2) by The Mighty Buzzard on Monday September 18 2017, @02:17PM (4 children)

                by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday September 18 2017, @02:17PM (#569746) Homepage Journal

                in response to a user configuration

                Which is fine as I've repeatedly said.

                or by the UA in response to exceeding resource allocation constraints that the UA is free to define.

                Bullshit someone else. There is no possible way that cookies could become a resource issue on any modern, or even quite old, computer. Any resource policy that says otherwise has nothing to do with resource allocation at all.

                --
                My rights don't end where your fear begins.

                • (Score: 0) by Anonymous Coward on Monday September 18 2017, @09:38PM (3 children)

                  by Anonymous Coward on Monday September 18 2017, @09:38PM (#569939)

                  The hoops you will jump through to try to color this as against the standards is sickening TMB.

                  I honestly don't think you have a horse in this race except you refuse to admit when you are wrong.

                  YOU ARE WRONG SLUGGER.

                  • (Score: 2) by The Mighty Buzzard on Monday September 18 2017, @10:41PM (2 children)

                    by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Monday September 18 2017, @10:41PM (#569959) Homepage Journal

                    A most well thought out and insightful rebuttal. I stand corrected and humiliated.

                    --
                    My rights don't end where your fear begins.

                    • (Score: 0) by Anonymous Coward on Tuesday September 19 2017, @05:00PM (1 child)

                      by Anonymous Coward on Tuesday September 19 2017, @05:00PM (#570256)

                      No point in rehashing the same thing you ignore above champ. At some point you just got to call someone out for being wrong and leave it there.

                      You can lead a horse to water and all that.