This New Safari Feature Will Make the Web Ads You See Completely Private

Safari in macOS Dock Credit: PixieMe / Shutterstock
Text Size
- +

When it comes to web browsers, Apple is at the forefront in building intelligent features into Safari that are designed to protect the privacy of its users on the web — all part of Apple’s overall goal to lead the way in privacy in technology.

However, Apple actually walks a bit of a fine line when it comes to how it handles online advertising. The company doesn’t want to just turn Safari into one big ad-blocker; it recognizes that there’s a legitimate need for advertising on the internet as it’s how a great many websites are funded, and it especially doesn’t want to push out a web browser that will upset its carefully crafted partnerships with online publishers.

However, Apple has also made protecting user privacy a big part of its corporate DNA, so it needs to ensure that advertisers’ needs can be met while keeping its users safe from invasive ad-tracking.

How Ad Tracking Works — and Why It’s Important

The main reason that ad-tracking exists is to allow advertisers to build the kind of connections necessary to determine which ads are actually making money for them. For example, when you visit almost any site on the web, you will probably see ads for a variety of products, and while you will likely never click on those ads, it’s still important for advertisers to somehow keep track of the fact that you’ve seen them, so if you later decide to purchase one of the advertised products, they can identify which ads may have led to that purchase.

This helps them to know which of their ads are worthwhile, and it ultimately helps both the manufacturer, the advertising company, and the web site where you saw the ad, since they can know which ads are paying off. This is known as attribution — the process of “attributing” or matching up a purchase to a particular advertisement or advertising campaign.

The Privacy Problem

Of course, the obvious problem with this kind of ad tracking is that it requires giving up of some privacy — in the very least, a cookie is dropped into your web browser for every ad that you see, and then these cookies are retrieved when you visit a manufacturer’s web site to purchase a product or a service, so that they can identify those places where you’ve seen their ads.

While this seems innocuous enough, the real danger is that if these cookies can be retrieved by just any web site, it’s possible to build a profile of you based on where you’ve been. While they probably won’t know your name or any other information that identifies you as a specific human, they’re able to piece together a list of what sites you’ve visited, what ads you’ve seen, and what products you’ve looked at or even purchased. So it could, for example, let them know that you’ve recently bought speakers, AirPods, anchovy pizzas, and cat litter.

Apple’s Solution

Apple started blocking this kind of ad tracking — it’s called “cross-site tracking” — a while back, since it’s always gone on record to say that this kind of behaviour is wrong. However, Apple isn’t actually trying to prevent ad tracking entirely, as there are perfectly legitimate uses for it, but rather the company is trying to find a way to make sure that you can’t be personally identified.

The good news is that it looks like Apple’s engineers may have cracked this problem. In a new post published on Apple’s WebKit blog today, Privacy Preserving Ad Click Attribution For the Web, Apple’s engineer behind the Intelligent Tracking Prevention feature, John Wilander, explains that it’s not necessary for advertising systems to know anything more than the fact that someone viewed an ad and then made a purchase, regardless of who it actually was.

The combination of third-party web tracking and ad campaign measurement has led many to conflate web privacy with a web free of advertisements. We think that’s a misunderstanding. Online ads and measurement of their effectiveness do not require Site A, where you clicked an ad, to learn that you purchased something on Site B. The only data needed for measurement is that someone who clicked an ad on Site A made a purchase on Site B.

John Wilander, Apple Webkit engineer

The paper goes into a lot of technical detail, but to put it in simple terms, Wilander is outlining a solution whereby the browser would still store information on which ads are served from a given web site, but only share that information with other sites privately and securely — in a way that prevents profiling.

For example, let’s say a user sees an ad for Nike shoes while reading an article on The Wall Street Journal’s site. A generic cookie will be created in the user’s browser to make a note that they saw an ad for Nike shoes on WSJ.com. If the user later visits Nike.com to buy a pair of Nike shoes (known in the ad industry as a “conversion”), Nike’s web site will want to try and retrieve this cookie to find out if the user saw an ad for the shoes, and where. However, Apple’s normal setting to block cross-site tracking — if enabled — will prevent this: since the cookie was set by WSJ.com, it can’t be retrieved by Nike.com.

If cross-site tracking is not blocked, however, Nike.com would be able to retrieve not only the cookie that says that a Nike ad was viewed on WSJ.com, but also other cookies that say that the user viewed an ad for PowerBeats Pro on nytimes.com, and that the user viewed the page for a double-espresso vanilla bean frappuccino on Starbucks.com, and so on.

Under Wilander’s proposed system, however, Nike.com would still be able to pull the advertising cookie, but this would be sent in a special private browsing session that would deny access to any other stored cookies that aren’t relevant to the transaction at hand. Further, Nike.com wouldn’t get the data immediately — instead Safari would schedule it randomly to go out after a 24 to 48 hour delay, preventing “speculative” cross-site profiling of the user by making it impossible to determine when the user actually made the purchase — that is to say, when the “conversion” of the viewed ad to the actual purchase really occurred.

While this will give advertisers the most important data that they need — determining which ad campaigns actually result in purchases — some advertisers may still not be thrilled with the idea, since it will prevent them from profiling users in real-time, making it more difficult to determine when to run ads. However, as Wilander suggests, this is far better for advertisers than having users disable cookies entirely or employ ad blockers.

The feature is expected to be incorporated in an upcoming version of Safari later this year, and will be enabled by default. Apple is also proposing it as a standard to the W3C Web Platform Incubator Community Group (WICG), making it possible that we could eventually see the technology in other browsers as well.

Recommended

Today's Deals
Social Sharing