Apple's 'Do Not Track' Button Is Privacy Theater

from the privacy-theater-incorporated dept

Earlier this year Apple received ample coverage about how the company was making privacy easier for its customers by introducing a new, simple, tracking opt-out button for users as part of an iOS 14.5 update. Early press reports heavily hyped the concept, which purportedly gave consumers control of which apps were able to collect and monetize user data or track user behavior across the internet. Advertisers (most notably Facebook) cried like a disappointed toddler at Christmas, given the obvious fact that giving users more control over data collection and monetization, means less money for them.

By September researchers had begun to notice that Apple’s opt-out system was somewhat performative anyway. The underlying system only really blocked app makers from accessing one bit of data: your phone’s ID for Advertisers, or IDFA. There were numerous ways for app makers to track users anyway, so they quickly got to work doing exactly that, collecting information on everything from your IP address and battery charge and volume levels, to remaining device storage, metrics that can be helpful in building personalized profiles of each and every Apple user.

Privacy advocates and the press noted how this was all giving Apple users a false sense of security without really fixing much. Privacy experts and press outlets also repeatedly informed Apple this was happening, but nothing changed. In fact, the Financial Times notes that six months after the feature was introduced, Apple has further softened its stance on the whole effort:

“But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.

Here’s the thing. There’s been just an absolute torrent of studies showing how “anonymizing” data is a gibberish term. It only takes a few additional snippets of data to identify “anonymized” users, yet the term is still thrown around by companies as a sort of “get out of jail free” card when it comes to not respecting user privacy. There’s an absolute ocean of data floating around the data broker space that comes from apps, OS makers, hardware vendors, and telecoms, and “anonymizing” data doesn’t really stop any of them from building detailed profiles on you.

Apple’s opt-out button is largely decorative, helping the company brand itself as hyper privacy conscious without actually doing the heavy lifting required of such a shift:

“Lockdown Privacy, an app that blocks ad trackers, has called Apple?s policy ?functionally useless in stopping third-party tracking?. It performed a variety of tests on top apps and observed that personal data and device information is still ?being sent to trackers in almost all cases.”

A lot of folks spend a lot of time trying to tap dance around a fundamental truth: any effort to give consumers more control and clear insight over what’s being collected or sold reduces revenues by billions of dollars annually, even if only a fraction of existing users take advantage. And nobody with their face buried deep in the data monetization trough wants that. It’s why it’s 2021 and the U.S. still doesn’t even have a basic, clear privacy law for the internet era. Not even a super clean one mandating basic transparency requirements and working opt-out tools.

So what we get instead is a lot of gibberish and privacy theater by a lot of folks who don’t want to take even a tiny hit in revenues in exchange for healthier markets and happier users.

We also get just an endless parade of semantics, like ISP claims they “don’t sell access to your data” (no, they just give massive “anonymized” datasets away for free as part of a nebulous, broader arrangement they do get paid for). We get tracking opt-out tools that don’t actually opt you out of tracking, or opt you back in any time changes are made. And we get endless proclamations about how everybody supports codifying federal privacy laws from companies that immediately turn around and spend millions of dollars lobbying to ensure even a basic privacy law never sees the light of day.

At some point this combination of feckless oversight, rampant overcollection of data, minimal transparency, and repeated failure to adhere to the basics on data security will result in a privacy scandal that makes the last fives years’ worth of scandals look like a grade school picnic. When that happens, we might finally see some traction on at least a basic law that mandates transparency, opt-out tools that actually work, and penalties for lax security. Until that momentum shift happens, the majority of “privacy reform” efforts are going to have a high ratio of meaningless song and dance.

Filed Under: , , , , , ,
Companies: apple, facebook, snap

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Apple's 'Do Not Track' Button Is Privacy Theater”

Subscribe: RSS Leave a comment
Anonymous Coward says:

endless proclamations about how everybody supports codifying federal privacy laws from companies that immediately turn around and spend millions of dollars lobbying to ensure even a basic privacy law never sees the light of day.

That may depends what you mean by "privacy law". They’re getting annoyed at having to comply with the multitude of state privacy laws, and California’s in particular, and want a federal "privacy law" to pre-empt them. They certainly don’t want that law to protect people’s privacy—though in terms of public relations, it would be handy if people thought it would do that.

Anonymous Coward says:

Of course it's theater

The "early press report" you link to said the choices would be "Ask App Not to Track" or "Allow". How could one expect anything other than theater from that? A "real" choice would be "Allow" or "Disallow", with "Disallow" doing something other than just asking nicely. We’ve seen with browser do-not-track setting how well that works.

Of course, an effective "disallow" ("block with extreme prejudice"?) option would have to prevent any direct network connections, e.g. by routing all (encrypted) app traffic via Apple, so as to prevent IP-based tracking. It’d have to disallow network access entirely if GPS or bluetooth were allowed, or have some effective firewall to prevent the data from being passed on (security models such as Bell–LaPadula can enforce this in principle).

Lostinlodos (profile) says:

A quality law benefits all!

A quality OPT OUT law helps everyone!
Those that want to (for whatever reason they claim) opt out of tracking could do so. And then the marketing groups could work on bettering targeting tech for the millions of us who like it.

Serving quality adverts to the 100 million who will click through and potentially buy, is a better use of resources than blanketing 200mil freeloa… privacy concerned surfers with unrelated and unuseful garbage.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...