I'm not sure that an Apple targeted ad platform would be seen as very different from Facebook's targeted ad platform by consumers. It's true that Apple have a better track record of keeping data private, and there's been no Cambridge Analytics style atrocities. But providing tracking ads of any kind (whether bundled by cohorts or what ever privacy enabling methodology could be added) could tarnish their reputation.
Just because a business can destroy another huge companies business model it doesn't mean that replicating it is a good idea.
> Just because a business can destroy another huge companies business model it doesn't mean that replicating it is a good idea.
That's the big takeaway here. As far as I can tell, Apple really stands to gain nothing by blocking trackers when it's one of the smallest concerns I have with regards to modern digital privacy. Snowden didn't warn people about ads, he warned people about massive surveillance campaigns operating just out of view of the public.
The largest modern privacy concern is being dependent on any one private party. Relinquishing all control of your data, software and hardware to the largest company in the world is a security concern. Whether it's a sacrifice you're willing to make or not is a different story.
"The largest modern privacy concern is being dependent on any one private party."
How does that follow at all? It doesn't.
Further, Snowden pointed out government abuse surreptitiously gathering user data. In the wake of that the government has a much, much harder time doing so covertly, so in many cases they engage in the same data broker activities that everyone else does. They don't have tap underseas cables anymore -- they can just buy the data wholesale from a wide variety of sources.
Forgotten about the time celebrities got their passwords compromised by social engineering attacks, something there's no reasonable way for Apple to prevent?
I don't remember reading any articles about leaked Google accounts. Media is really distorting the reality when it covers every little misstep by Apple, and ignore much larger issues when it happens to other companies.
Spear phishing, by design, is intended to not look like junk mail. Maybe it's designed to look like it came from an agent? Maybe like it was from someone they had hired to take care of their pets, or kids? If you're constantly busy (and it is my understanding that many celebrities are busy, at a bare minimum), and you don't want to think too hard about a particular thing, then a spear phishing attack could quite easily hit you, if your guard isn't up, and you don't consider technology to be a battelground.
Sounds like a security oversight on Apple's behalf then. iCloud should have 2FA enabled by default if it's so easy to trick the subconscious user into handing over credentials. Furthermore, it's already been confirmed that iCloud had multiple exploits allowing for brute-force and injection attacks[0] at the same time that the hacks happened, so it's definitely more feasible that an unpatched, full-disclosure exploit was abused instead of a couple hundred interns all clicking on the same spam email at the same time.
You might want to read up on the history: this is a key part of why Apple needed up the default experience because hectoring users about using strong passwords, not sharing them, etc. hasn’t worked. A lot of what we take for granted now was contentious at the time and it’s taken years to improve the balance in a user-friendly manner — and pointing out that they acted on problems years ago seems more like a positive than supporting whatever point you think you’re making.
Maybe if you’re referring to regular phishing sure, but spear phishing is specifically designed so it won’t go to your junk email and will look like something made for them personally, there won’t be any spelling mistakes, it will have been sent from a likely email source, it will most likely contain some personal information. The right phish at the right time could catch just about anyone out.
There’s a great talk at Black Hat about how Stripe trains staff against these sorts of phishing campaigns and these are highly technical people and they still click the links. https://youtu.be/Z20XNp-luNA
Considering the celebrities involved, I find this entirely likely.
Heck, corporate CEOs get nailed by spearfishing. There was an article on HN just a couple of years ago showing that even many CIOs can't tell a real e-mail from a fake one.
Or CISOs, or analysts. Technically proficient users are _more_ likely to spot a problem but nobody is immune — it’s just a question of how much someone wants to spend targeting you.
Of all the good reasons to criticize Apple, you picked the most bogus one. Congratulations, that's an achievement. :D
You severely overestimate celebrities' technical prowess -- and underestimate their naivete. They live in their own bubble of trust and laughs and fun and parties; and if somebody crafts a message that looks to be from their agent or a friend celebrity they absolutely WILL click on it and will give their data willingly.
None of us has the entire picture of course, but after knowing a few local celebrities 10+ years ago, I can definitely believe they are that gullible so as to make a spear-phishing attack successful.
And, let’s be clear, this is true for almost everyone — even most HN commenters. Companies have spent years training people to expect email from bizarre domains, with random attachments or HTML links which point to gibberish tracking URLs, etc. Spam filters have gotten better but by far the best protection move has been widespread U2F/FIDO deployment.
It sounds like they're just like everyone else then: in which case, even more users were vulnerable, and Apple has even more incentive to secure their system. Is there anything I'm missing here?
Nothing, except for the fact that people hate managing passwords with a passion and take the risk for their accounts willingly (I've had the heated table discussions to prove it). For them it's all about the tradeoff between "how much energy must I invest?" and "how much do I care if I lose this account?".
Most of the people I knew only enabled 2FA on their Gmail because they really couldn't afford to lose it. Everything else they were very meh about. They even had 000000 as their online banking PIN... <facepalm>
Password managers only started gaining prominence after biometric authentication allowed you to access your passwords with your finger or face.
So yeah, celebrities are users like all others -- if not slightly worse even.
I am pretty sure every corp like Apple, Google, Facebook, Microsoft et. al. would love to enforce maximum security but they also have to be very careful not to alienate their users. One good example is Google who will pester you for 2FA and recovery codes but never truly force you; they prefer to ban your account for suspicious activity instead (happened to one guy I knew some 3-4 years ago because his drunk friends tried to breach his Gmail account from several different phones).
So I get it, you don't like Apple, but as I have snarkily remarked above: it's for the wrong reasons. (I don't like them either but it's for completely other reasons.)
I disagree. Apple has a more diversified portfolio of business — they don’t need to go down the rabbit hole as deep as Google or Facebook to get value.
Think of early Google… they made billions off of keyword advertising before they integrated things like mapping and created a surveillance network. I think a lot of that was driven by walled gardens like Facebook killing the open web.
My guess is that Apple could leverage their relationship with customers and trust in them to sell a premium ad product with coarser targeting or for certain categories. They could do ad placement in apps, for example, or combine ad placement with one click purchasing.
I think you're right, it's hard to argue they'll do anything near the full extraction playbook that FB/Goog runs because of that diversification, and depending on where the ads are placed, it may not risk the brand much.
My guess is app installs will be their target, for several reasons:
1. A lot of the most expensive/lucrative ads are for apps
2. Apple has better data on this - ad networks had to guess at what apps you had and how to attribute, while the iPhone knows with certainty. [1]
3. Apple already sells these ads in the App Store itself, so it stands to reason putting these ads in apps is just another step.
4. With IDFA gone, a lot of popular apps (that they want in the app store) are losing revenue and will be looking for alternate ways to support themselves. Better for the ecosystem that devs are compensated.
Apple doesn't need to give ads the Apple treatment in the way they do hardware products; they can do the more 'good enough' TV & Music treatment of leveraging their position to get some low hanging fruit. It'll pay for itself pretty quickly and provide a nice revenue stream.
The more strategic value this brings is it gets them a few steps closer to building their own search engine, providing a revenue carrot should they decide to (or need to) break with Google. Creating a search engine isn't exactly in Apple's wheelhouse, but they are shifting toward services and software more and more, it fits well with their privacy-oriented strategy, and Google does still leave a lot to be desired in UX and results. With Apple's very different incentive/revenue structure, there's many decisions they could make differently.
[1] Android used to support grabbing the user's app list but that was shut off a few years back.
If they have an advertising network set up and realize they can extract more value out of it, will they choose not to just because they don't "need to"?
At some point income from hardware and app sales will stop to grow at the rate that Apple considers adequate. Maybe 30% cut from app store will be lowered as part of some future lawsuit settlement, maybe new cheap phone with decent hw/OS will become available, who knows, but something will happen eventually. At that point Apple can watch the income and share price go down or they can monetize the vast personal data they collected from their customers that no other company has access to. What do you think will happen?
Google failed with glasses. And cars is slightly out of the picture, they don't have any expertise on that front. Apple does one job and does it very well. Commoditize quality hardware options with top-notch user experience.
> It's true that Apple have a better track record of keeping data private, and there's been no Cambridge Analytics style atrocities
You seem to be completely unaware of the multitude of data breaches and leaks that Apple has faced, some they've even tried to actively cover up. Apple has a very obvious track record of disregarding their customers interests in favour of trying to protect their PR. Why notify customers and address data breaches when you can cover it up and pretend to be the champions of customer privacy when announcing anti-competitive policies that gives Apple monopolies?
I hate Facebook a lot but I am willing to bet they are terrible largely because of their business model and not some internal factors. Apple could start out better in that space but I don't see how they'd avoid getting corrupted by the $$$...
Clearly advertisement is a massive untapped market for Apple. They have all the pieces to create a money printing machine.
They can push contextual ads in so many surfaces: Safari's Typeahead, Maps, App Store, Wallet/Apple Card, Apple TV+, etc...
But the reality is that they can't create a narrative around privacy focused ads without betraying their general privacy narrative.
Privacy and Ads are antagonistic concepts.
Serving effective digital ads depends entirely on knowing certains characteristics and demographics of the end consumer.
Facebook and Google are better equiped to create a narrative that reconciles ad serving and privacy because their core services are "free". Apple simply can't because their core business is to sell expensive phones and computers.
Perhaps customers wouldn't care about getting ads in their expensive iPhones, but once the cat is out, I find hard to imagine a situation where that idea wouldn't be deeply criticized and scrutinized.
There's a lot of sunlight between 'barely targeted brand ad' and 'i was just talking about this exact product yesterday and now its in an ad'.
It's the latter that creeps people out, especially combined with a) data leaks, b) news coming out about how fine-grained the targeting systems are, and c) a system that constantly nags you to share personal information (FB).
Nobody balks at ads in magazines or TV or frankly half of the youtube ads out there (other than we'd like less). I don't think the narrative is at stake if the ads team is kept on a short leash, which they likely will be, and I'm guessing there'll be clear preferences to control this.
Agree completely Apple's potential ad surface area is big.
Kind of a tangent, but was this bit about iPods being a bigger business than the Mac ever true?
> Once upon a time, Apple was the iPod company. iPods were a much bigger business than the Mac, and they also made Apple a dominant force in the music industry.
I Googled "peak iPod" and saw Q4 2007 listed as the peak for iPod sales. Apple's Q4 2007 results list $1.619 billion in iPod revenue and $3.103 billion in Mac revenue. There is another $601 million in "other music related products and services" but added to the iPod revenue that still doesn't equal the amount of money the Mac was bringing in (and the Mac was likely responsible for almost all of Apple's peripheral, software and service revenue).
Q4 2007 (real calendar) is actually Q1 2008 (October-December 2007) by Apple's fiscal calendar. They reported $3.997 billion in iPod revenue that quarter, compared to about $3.5 billion for Macs.
iPods always did well in the 1st quarter as that captured all the Christmas gift sales.
Sure, but you'd see more people out-and-about with an iPod than you would with a Macbook. The iPod was the beginning of Apple's legacy as a status symbol.
I also disagree. Apple have an absolutely over the top, under-appreciated, cautiously obsessive approach to controlling the ___domain of your experience, 100%. Advertising on your platform is selling a message other than your own, selling a product outside of your control and creating a user experience you might not necessarily be improving.
Apple are a BRAND. They sell a PRODUCT. They deliver on their PLATFORM. It's like asking why Nike don't allow third party's to put adverts on the sneakers they sell. I don't think they've struggled with monetising advertising. Clearly there is no struggle financially and advertising is mostly a game of throwing spaghetti at the wall and hoping the odd message sticks. Apple as a company don't need those odds. Yet, at least.
Remember that Apple's end goal is to ultimately reroute users through their own devices and experiences, where they can ultimately take a cut of the profits. Nobody is truly benevolent to the user in this case, it's just a matter of Apple's dystopian capitalist future versus Google's dystopian capitalist future. The tiebreaker for me is which company is willing to be more open, and accept users who want to extend their products. At the end of the day, that's Google, Microsoft and (to a lesser degree) Amazon, who have at least put in the effort of giving developers documentation and API access.
I can't support Apple's crusade to change ads if they just want to take me out of one Matrix battery pod and into another, Space Grey one.
It depends. Even if they do, if Apple's revenue levels off and shareholders still demand growth, then the whole advertisement story might repeat itself.
I think the real question is, can ads change in response to Apple?
Because Apple has already implemented do-not-track, and from what I read, CPM is cratering. That leaves the ad industry with three options:
1. Adapt to the new, anonymous normal. Targeted ads will no longer be a thing, so ads will have to be based on the content viewed, not the viewer.
2. Invent a new way to track users. I suspect many are hard at work on this already, and is definitely Google's plan. In Google's case, the tracking will look more like aggregate data than a fingerprint, but the end result is still targeted advertising.
Honestly I don't understand why 1 is so bad? Does anyone have hard data that all of this tracking and user profiling is actually resulting in increased ad revenue? I for one have never liked personalized ads as it is almost always is something I don't want, already have, or just bought.
It seems if you show me ads optimized to the content I am viewing it would turn out better. After all I will probably only want to purchase one chainsaw in my life, but if I am looking at how to cut down a tree it would make sense to show me chainsaw ads for that tiny sliver of time, then never again.
> it is almost always is something I don't want, already have, or just bought.
The explanation I have heard for the "just bought" scenario (I heard it on the internet, so grain of salt and so on) is that they're looking to catch people who purchased the item but have returned it, and are now in the market for a different version of the same item (e.g., you returned the chainsaw because it was too small, and now want a bigger one). Which makes sense, but whether there are enough people in that scenario to be worth the cost...
That seems unlikely, when you consider the advertising market and how it works. Fundamentally, the providers (i.e. the chainsaw store) don't tell the advertising platforms when a person buys a chainsaw (and often they can't tell themselves).
So, what ends up happening is the situation that many people complain about is that the provider shared a list of people who looked at chainsaws, and then the advertising platform shows them ads until they run out of money/find more profitable ads to sell.
From the perspective of the ad platform, it doesn't matter that you already bought it. From the perspective of the provider, this is acceptable waste.
It might be that personalised ads are only marginally better (if at all), but the perception of the advertisers and publishers is that it’s very important, thus creating a (fakeish) moat for Google, as it’s more difficult to execute. Or maybe that’s really not that important, as the biggest moat remains Google being number one web destination.
For us advertising a product with targeted ads definitely performs better than non-targeted ads. Also remember that most stuff being advertised is consumable so you will most likely at some point buy it again.
Do not track is marketing jargon. Apps can still continue to track users individually. What was lost was cross app tracking which was used for most mobile app ads.
2 is already happening. Facebook is pushing hard to get full data from partners to optimize ad tracking. Just look at the maximum data option for the Shopify integration now:
"The Maximum setting shares your customer's personal information to match users on Facebook's network. The information collected using this setting includes your customer's name, ___location, email address, and phone number, as well as their browsing behavior in your online store."
It would be interesting to see what would happen if Apple presented a similar big blue button allowing you to install third-party IPAs from the internet. User choice is what matters, right?
Apple is fooling everyone into thinking they are providing privacy when all they've done is restrict cross app tracking. Facebook, Google etc can still track anything you do in those apps at the user level which is tied back to a real name most likely. They're losing insight into what you did post click into other apps, but it doesn't change the basic information they track about you in their own applications.
Obviously - that's why the prompt says "Allow <app> to track your activity across other companies' apps and websites?" instead of "Ensure privacy within this app".
This is still a huge deal though. Facebook and google scour so much data through stuff like facebook pixels and google analytics - there's no need to give them anymore than what they already have.
What's the point though? They can still continue to collect data on you based on your Chrome history, the Tweets you like, the articles your read, and everywhere else you interact with their discrete services. Apple is swatting privacy flies when Google and Facebook are holding a knife to your throat.
Furthermore, it's not like Apple themselves don't provide targeted ads[0]. All they're doing now is inroading the ad system through their own proprietary API so they can get a cut. What was wrong with the previous one, you may ask? It wasn't making them enough mone- erm... it wasn't secure enough! GUID fingerprinting isn't vague enough!
I am not inside any of these corps but I started using a PiHole at home for 7 months now. Plus I installed ad/tracking blockers on all of family's devices, and installed every possible privacy addon on their web browsers.
The result? In the rare cases when I had to open up the machine and so the PiHole was down, we've all seen the most random ads you can imagine -- and super generic. They knew my mother's phone was of an elderly woman so they pushed ads of all sorts of knee protectors and sore throat pills... ironically she has zero problems with both!
Same for me. Apparently being 40+ I now need to buy one car each week and dream of going to "beach retreats full of young women" (that was literally the text of 10+ ads I've seen). Little do they know I am very happily married.
Examples abound. It's kind of hilarious.
Back to your point, and with us being techies, I think we are under no illusion that the corps still know quite a few things about us. But I am here to tell you that if you try well enough they'll eventually lose the big picture of you and will only have a few separate quanta of data about you which they aren't sure what to do with -- at least when it comes to targeted advertising.
Just because a business can destroy another huge companies business model it doesn't mean that replicating it is a good idea.