iOS Apps Are Tacitly Permitted to Track Users in Aggregate Regardless of App Tracking Transparency Permissions ⇥ ft.com

Patrick McGee, Financial Times:

Apple has allowed app developers to collect data from its 1bn iPhone users for targeted advertising, in an unacknowledged shift that lets companies follow a much looser interpretation of its controversial privacy policy.

In May Apple communicated its privacy changes to the wider public, launching an advert that featured a harassed man whose daily activities were closely monitored by an ever-growing group of strangers. When his iPhone prompted him to “Ask App Not to Track”, he clicked it and they vanished. Apple’s message to potential customers was clear — if you choose an iPhone, you are choosing privacy.

But seven months later, companies including Snap and Facebook have been allowed to keep sharing user-level signals from iPhones, as long as that data is anonymised and aggregated rather than tied to specific user profiles.

Is this actually a “shift” in the way this policy is interpreted? The way Apple has defined tracking in relation to the App Tracking Transparency feature has remained fairly consistent — compare the current page against a snapshot from January. Apps cannot access the device’s advertising identifier if the user opts out and, while Apple warned developers creating unique device identifiers, it does not promise it can prevent the tracking of users, and especially not in aggregate.

It is concerning to me that Apple’s advertising and dialog box text may create the impression of a greater privacy effect than they may realistically achieve. Perhaps Apple’s definition of “tracking” does not align with public expectations; or, perhaps, privacy should not be a product to sell.

Karl Bode, Techdirt:

We also get just an endless parade of semantics, like ISP claims they “don’t sell access to your data” (no, they just give massive “anonymized” datasets away for free as part of a nebulous, broader arrangement they do get paid for). We get tracking opt-out tools that don’t actually opt you out of tracking, or opt you back in any time changes are made. And we get endless proclamations about how everybody supports codifying federal privacy laws from companies that immediately turn around and spend millions of dollars lobbying to ensure even a basic privacy law never sees the light of day.

Privacy is not a luxury good, nor should it be up to individual companies to decide which infringements are acceptable.