Doc Searls: ‘Apple Is Not Fully Serious About Privacy’ ⇥ blogs.harvard.edu

This Doc Searls piece about App Tracking Transparency certainly is provocative. Here’s the core of his complaint about the systemwide preference to “Allow Apps to Request to Track”:

Key fact: it is defaulted to on. Meaning Apple is not fully serious about privacy. If Apple was fully serious, your iPhone would be set to not allow tracking in the first place. All those trackers would come pre-vaporized. […]

There is something to this argument but, also, it is completely bananas. Can you imagine the antitrust implications or the shitstorm from advertisers if Apple unilaterally disabled all app-based tracking after upgrading? I also think doing this on a per-app basis may have greater impact as it reveals to users what is going on in their favourite apps, instead of the operating system acting silently.

An interesting compromise would be to ask users to configure this setting at first boot.

Here’s the rest of the above paragraph:

[…] And Apple never would have given every iPhone an IDFA — ID For Advertisers — in the first place. (And never mind that they created IDFA back in 2013 partly to wean advertisers from tracking and targeting phones’ UDIDs (unique device IDs).

This is where I think things go off the rails. There are countless ways that devices can be fingerprinted, and the mandated use of IDFA instead of those surreptitious methods makes it harder for ad tech companies to be sneaky. It has long been possible to turn off IDFA or reset the identifier. If it did not exist, ad tech companies would find other ways of individual tracking without users’ knowledge, consent, or control.

And why “ask” an app not to track? Why not “tell”? Or, better yet, “Prevent Tracking By This App”? Does asking an app not to track mean it won’t?

History has an answer for those questions.

Remember Do Not Track? Invented in the dawn of tracking, back in the late ’00s, it’s still a setting in every one of our browsers. But it too is just an ask — and ignored by nearly every website on Earth.

Much like Do Not Track, App Tracking Transparency is a request — verified as much as Apple can by App Review — to avoid false certainty. Tracking is a pernicious reality of every internet-connected technology. It is ludicrous to think that any company could singlehandedly find and disable all forms of fingerprinting in all apps, or to guarantee that users will not be tracked.

The thing that bugs me is that Searls knows all of this. He’s Doc Searls; he has an extraordinary thirteen year history of writing about this stuff. So I am not entirely sure why he is making arguments like the ones above that, with knowledge of his understanding of this space, begin to feel disingenuous. I have been thinking about this since I read this article last night and I have not come to a satisfactory realistic conclusion.

Apple is a big, giant, powerful company — but it is only one company that operates within the realities of legal and technical domains. We cannot engineer our way out of the anti-privacy ad tech mess. The only solution is regulatory. That will not guarantee that bad actors do not exist, but it could create penalties for, say, Google when it ignores users’ choices or Dr. B when it warehouses medical data for unspecified future purposes.

Update: Searls has posted a followup article clarifying a few things and graciously responding to feedback from several people including yours truly. I am not as pessimistic as Searls is about regulation, but I understand better where he is coming from and I appreciate this thorough response.