Apple Previews New Privacy-Focused Ad Tracking Solution Coming to Safari Later This Year

Apple today previewed a new Safari feature called Privacy Preserving Ad Click Attribution that it says will allow advertisers to measure the effectiveness of their ad campaigns on the web without compromising user privacy.


In a blog post, WebKit engineer John Wilander explains that ad click attribution has traditionally been done through the use of cookies and so-called "tracking pixels," allowing both the advertiser and the website where the ad was placed to know when someone has clicked on an ad and later purchased something.

Wilander says the traditional method of ad click attribution has no practical limit on data, allowing for full cross-site tracking of users using cookies. "We believe this is privacy invasive and thus we are obliged to prevent such ad click attribution from happening in Safari and WebKit," he wrote.

Thus, Apple has proposed a modern solution that it says doesn't allow for cross-site tracking of users but does provide a means of measuring the effectiveness of online ads. The feature is built into the browser itself and runs on-device, meaning that the browser vendor does not see any of the ad data.

Here is Apple's summary of its privacy considerations for the feature:
  • Only links served on first-party pages should be able to store ad click attribution data.
  • Neither the website where the ad click happens nor the website where the conversion happens should be able to see whether ad click data has been stored, has been matched, or is scheduled for reporting.
  • Ad clicks should only be stored for a limited time, such as a week.
  • The entropy of both ad campaign ID and conversion data needs to be restricted to a point where this data cannot be repurposed for cross-site tracking of users. We propose six bits each for these two pieces of data, or values between 0 and 63.
  • Ad click attribution requests should be delayed randomly between 24 to 48 hours. This makes sure that a conversion that happens shortly after an ad click will not allow for speculative cross-site profiling of the user. The randomness in the delay makes sure the request does not in itself reveal when during the day the conversion happened.
  • The browser should not guarantee any specific order in which multiple ad click attribution requests are sent, since the order itself could be abused to increase the entropy and allow for cross-site tracking of users.
  • The browser should use an ephemeral session aka Private or Incognito Mode to make ad click attribution requests.
  • The browser should not use or accept any credentials such as cookies, client certificates, or Basic Authentication in ad click attribution requests or responses.
  • The browser should offer a way to turn ad click attribution on and off. We intend to have the default setting to be on to encourage websites to move to this technology and abandon general cross-site tracking.
  • The browser should not enable ad click attribution in Private/Incognito Mode.
Privacy Preserving Ad Click Attribution is available as an experimental feature in Safari Technology Preview 82 and later. To turn on the feature, enable the Develop menu and navigate to the Experimental Features submenu.

Apple says the feature will be turned on for web developers later this year. The company has also recommended it as a web standard to the W3C.

Top Rated Comments

(View all)
Avatar
21 weeks ago
This could be a nice compromise between letting advertisers survive in the brutal www environment while also keeping users safe.

Personally I dont use ad blockers, I just dont click on the ads.

Then theres websites that will have an ad pop up over their content (CNN is a big offender). I just avoid those sites completely if at all possible.

P.S. and no, I don't have anything against CNN, except I hate the ads they allow on their site.
Rating: 5 Votes
Avatar
21 weeks ago
I use ad blockers, not because I hate ads as I know websites need to make money too. But because of the tracking. So anything Apple does in this direction is welcome.
Rating: 4 Votes
Avatar
21 weeks ago
nice improvement, but does anyone really click on ads these days or even see them anymore now that there's ad blockers?
Rating: 4 Votes
Avatar
21 weeks ago

nice improvement, but does anyone really click on ads these days or even see them anymore now that there's ad blockers?


It's no longer so much about clicking the ads anymore, although it's still important. With fingerprinting and cross-site tracking, advertisers can find out your purchase behaviour and ad effectiveness without you even clicking on the ad.
Rating: 3 Votes
Avatar
14 weeks ago

The paranoia runs deep with you. Im sure many spies are spending many hours a day studying your fascinating life


No, I just run my own local DNS, and see everything coming & going. Don't ascribe your technical ineptitude to everyone else.
Rating: 2 Votes
Avatar
21 weeks ago

Is this a serious question? How did you think Google and Facebook make there billions? Of course people click on ads. All the time. In fact, a study shows that 65% of clicks on Google Search results pages are click on ads while only 35% of clicks are on the organic results. And this number has been increasing over time.

https://www.bluecorona.com/blog/pay-per-click-statistics


I'd argue that's only because of Google's "dark" placement tactics, disguising ads as the top few search results. Users think they're clicking on legitimate search results, not placed/promoted ads.
Rating: 2 Votes
Avatar
21 weeks ago

nice improvement, but does anyone really click on ads these days or even see them anymore now that there's ad blockers?

You would be surprised how few people actually use ad-blockers.
Rating: 1 Votes
[ Read All Comments ]