Safari browser icon on laptop screen showing Safari privacy and private click management

Mozilla: Apple “Private Click Management” Not a Net Positive for Consumers, Safari Privacy Can Still Be Compromised by Cross-site Tracking

A new report from Mozilla measures up Apple’s “Private Click Management” web advertising alternative, and finds the “privacy” part of it wanting. The iOS and Safari privacy measure is meant to allow targeted ad delivery without the usual cross-site tracking users are subject to, but Mozilla finds that little in the structure actually prevents this from happening.

iOS, Safari privacy not as robust as advertised?

First implemented with the release of iOS 14.5 in 2021, Apple’s Private Click Management has been introduced as a potential broader standard for all browsers to eventually adopt as a replacement for tracking cookies. It is presently available as an iOS and Safari privacy option.

The system assigns a numeric identifier to ad clicks, only reporting on them if the user later follows through with the advertiser’s desired conversion (such as a product sale or a sign-up for an email newsletter). The advertiser is sent a report when this happens, which is supposed to contain limited personal information and makes use of an anonymization service with a delay period.

However, Mozilla’s study finds that iOS and Safari privacy is not enhanced for end users when Private Click Management is enabled, and a small number of users can still be tracked across sites if the advertiser desires. The study also finds that there is little incentive for advertisers to make use of Private Click Management unless they are able to track users with it, as when it is used as intended it provides too few identifiers to be useful in targeted advertising campaigns and creates delays (of 24 and 48 hours in some cases) that are too disruptive to the design of these systems.

As to the proposal that Private Click Management move beyond the world of iOS and Safari privacy to be adopted as a universal standard across browsers, the study finds that existing anti-tracking methods that are available are already superior and could be compromised if Private Click Management was implemented. The study notes that Firefox’s “Total Cookie Protection” system already makes it very difficult for advertisers to track individual users, and that adding Private Click Management could create a workaround that would open up a new path for tracking.

Private click management requires “honor system” behavior from advertisers to function properly

Naturally, this criticism of Safari privacy comes from a direct competitor in the web browser field. However, Mozilla makes some points that are free of potential bias. One of the biggest strikes against Private Click Management that it points out is the fact that websites must voluntarily implement its API in order for it to function.

The list of identifiers is also clearly much more limited than targeted advertisers prefer to use in their campaigns. Another issue is that of diminishing returns; identifiers are shared between multiple users, and the more they are used the less distinct and useful they become for the ad campaign. It is a neutral and fair criticism to note that unless advertisers were forced to use this system, they would be unlikely to as there is no benefit to them to adopting it; the only potential benefit would be the use of Private Click Management to work around stronger existing security measures.

And while the “delayed reporting” feature decreases the value of Private Click Management for advertisers that play by the rules, it does not eliminate the possibility of tracking some users individually if they have unusual browsing patterns: for example, only visiting during unusually late hours for the time zone that they are in.

A final blow to the usefulness of Private Click Management for advertisers is that the user’s computer or device has to be on and connected to the internet at the time the report kicks out; it will be nullified if they cannot be located.

Sites that make use of the system could also potentially conspire to defeat it by sharing information and gradually paring down the identities of visitors. Two sites working together in this way could identify users once the total number of identifier matches reached or exceeded 256, with the process actually becoming more efficient with more matches. Apple has threatened to block sites from the API if they abuse the system in this way, but it is not clear how effective its ability to detect this is or if it has already removed any sites for doing this.

Mozilla study finds that iOS and Safari #privacy is not enhanced for end users when Private Click Management is enabled, and a small number of users can still be tracked across sites if the advertiser desires. #respectdataClick to Tweet

Apple touts iOS, Mac and Safari privacy as its lead selling point, but this is another item in a growing case against its ability to actually deliver in this area. The company’s revolutionary App Transparency Tracking framework, which requires companies to notify users of any ad tracking and obtain opt-in consent, and its “privacy nutrition labels” have been questioned in recent months for inaccurate disclosure terms and a lack of enforcement for apps that do not implement all the elements they are supposed to.