Research Shows Apple's New Do Not Track App Button Is Privacy Theater
from the privacy-theater dept
While Apple may be attempting to make being marginally competent at privacy a marketing advantage in recent years, that hasn't always gone particularly smoothly. Case in point: the company's new "ask app not to track" button included in iOS 14.5 is supposed to provide iOS users with some protection from apps that get a little too aggressive in hoovering up your usage, location, and other data. In short, the button functions as a more obvious opt out mechanism that's supposed to let you avoid the tangled web of privacy abuses that is the adtech behavioral ad ecosystem.
But of course it's not working out all that well in practice, at least so far. A new study by the Washington Post and software maker Lockdown indicates that many app makers are just...ignoring the request entirely. In reality, Apple's function doesn't really do all that much, simply blocking app makers from accessing one bit of data: your phone's ID for Advertisers, or IDFA. But most apps have continued to track a wide swath of other usage and location data, and the overall impact on user privacy has proven to be negligible:
"Among the apps Lockdown investigated, tapping the don’t track button made no difference at all to the total number of third-party trackers the apps reached out to. And the number of times the apps attempted to send out data to these companies declined just 13 percent."
Researchers found the new system actually provided users with a false sense of security and privacy when very little had actually changed.
Even when consumers "opted out," most of the apps were still collecting data metrics like volume level, IP address, battery level, browser, cellular carrier, and a long list of other data points, allowing companies to craft elaborate profiles of individual consumers. And little to none of this is being meaningfully disclosed to actual users. Perpetually, the adtech industry tries to argue that none of this is a big deal because much of this data is "anonymized," but that's long been nonsense. Studies repeatedly show that when there are enough data points floating about in the wild, nobody on the internet is truly anonymous.
The fact gets buried in conversations on this subject, but the entire adtech tracking ecosystem, from app makers and "big tech" to telecom and every data broker in between, is a largely unaccountable mess. All operating in a country with no meaningful internet-era privacy law, and privacy regulators that intentionally have a tiny fraction of the resources and funding as their overseas contemporaries. So when you see privacy scandal after privacy scandal emerge, it's important to understand that this is a conscious policy choice driven by greed, not just some organic dysfunction that showed up one random Tuesday.
And unfortunately, so far, most of the big pronouncements by major tech giants about consumer privacy, whether it's Apple's shiny new app privacy button or Google's FLOC technology, aren't doing much to actually fix the problem. And, in some cases, they have the potential to make a bad problem worse. Actually fixing this problem would cost a whole lot of people a whole lot of money, so instead we get (waves hands around at a wide variety of privacy theater) whatever the hell this is supposed to be.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: apps, do not track, idfa, ios, privacy, privacy theater
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
A phone OS would be in a great position to acitvely block or spoof a lot of undesireable app snooping. Too bad the manufacturers either don't care or worse, actively snoop on users themselves.
[ link to this | view in chronology ]
Re:
Exactly. As usual, commercial OS architects could and should have easily allowed the OS to control apps (uh hello, it's the OS), and allow users granular but absolute control over the same, from the get.
Now they just bolt on fake bullshit.
[ link to this | view in chronology ]
Not a "do not track" button
The button is not "do not track" as in the headline; it's "Ask app not to track". So, "blocking app makers from accessing one bit of data" already goes beyond what it claims to do.
What should come next? I expect people will go after the app makers who ignore this setting, under laws such as the GDPR and CCPA (which require consent and disclosure), though it may not stop tracking outside of Europe and California. The other obvious thing would be for Apple to enforce tighter rules about this, blocking apps that ignore the setting or even banning companies that attempt to publish such apps.
Of course, further technical measures would also be useful. Apple could easily block access to things like battery level, and with some more effort could block IP address and carrier identification (e.g. by proxying, and blocking direct network access).
[ link to this | view in chronology ]
Oh look... my shocked face.
[ link to this | view in chronology ]
Wait, you thought…?
People are really ignorant.
The fact is right there in the button: ask
This is why I hate all this opt out and opt in crap.
It does nothing for the people who care about that stuff, and is beyond annoying for those that don’t.
They aren’t letting you (the others, not myself) actually get out of tracking…
And I’m getting bugged every day by dozens of notices from Apple that [app name] has been using location data for the last ## hours.
Do you wish to continue sharing… blah blah.
Yes, dumb arse setting, I turned it on for a reason. And if I click yes every single day leave me alone. So much for AI and deep learning and all that!
I’ll never understand why people are against targeted advertising. I just don’t get it.
But if there’s going to be any change, asking you what to say to the app isn’t the route to take.
Obviously people misunderstood the system in place since we’re at the comments for the article on it. So this idea isn’t working. People think the apps will listen and advertisers don’t care.
And those of us whose just say “whatever” are pulling our hair out.
[ link to this | view in chronology ]