While Apple likes to position itself as a privacy advocacy within the tech world, the reality is that some of Apple’s iPhone privacy claims might not hold up under closer scrutiny. That’s the logic behind a new petition from the Mozilla Foundation, which is calling on Apple to rotate the unique tracking ID (known as the IDFA, or Identifier For Advertisers) that comes pre-installed on every iPhone. As long as the IDFA on each iPhone remains unchanged, it makes it much easier for advertisers to track your every move.
In fact, according to Ashley Boyd, the VP of Advocacy for the privacy-focused Mozilla Foundation, the IDFA “is like a salesperson following you from store to store while you shop and recording each thing you look at.” As long as the IDFA remains in place, advertisers are able to build up a very complete profile of each user. If the unique ID (called an identifier) were to change each month, however, any profile of a user would be short-term and transient (lasting 30 days). Rotating the identifier regularly would make it harder for companies to build sophisticated profiles of users and, in turn, improve the privacy of iPhones.
Re-thinking Apple’s iPhone privacy claims
What is extraordinary about the decision by Mozilla to launch a petition criticizing Apple’s iPhone privacy claims is that Apple has worked very hard to portray itself as a champion of privacy. Unlike Facebook and Google, which have come under intense scrutiny for their privacy practices, Apple has remained relatively unscathed. Apple CEO Tim Cook, for example, has been an outspoken proponent of tougher data privacy laws, and has specifically pointed out the negative aspects of the current data broker ecosystem, in which a complicated array of players buy and sell personal data. And Apple has famously stood up to the U.S. government, refusing to unlock iPhones for the FBI without the required court orders.
In support of its iPhone privacy claims, Apple has even gone so far as to produce a 1-minute advertising spot (“Privacy. That’s iPhone”) that makes the suggestion that Apple iPhones are the preferred smartphone for any user concerned about privacy. In the ad, people are seen closing their window blinds, locking up cabinets, and taking other steps to keep out prying eyes. The ad even includes the brief transformation of the iconic Apple logo into a padlock, signifying that Apple is very much behind the effort to clamp down on advertisers being able to track every step of every user.
In contrast to those privacy claims, however, Mozilla is suggesting that Apple is only part of the way to total privacy protection. If Apple were really serious about iPhone privacy, then it would get rid of those annoying IDFAs. In short, if Apple is intent on portraying itself as a “privacy hero,” then it should at least take the Mozilla petition seriously.
Should privacy be opt-in or opt-out?
One big issue at stake here is whether privacy should be “opt-in” or “opt-out.” In other words, should users have to jump through all sorts of hoops in order to get advertisers to stop tracking them, or should all the default options be set up such that users should have to work very hard in order to share their data with advertisers? Right now, of course, the situation is such that users have to navigate a confusing series of menus and steps in order to turn off tracking. In contrast, a better practice is to safeguard privacy by default.
As Mozilla points out in its petition about Apple’s iPhone privacy claims, it is possible right now for users to turn off the IDFA on their phones – but it is a real pain and chore in order to do so. And most users do not even know that this IDFA exists. Thus, they go about their business, completely unaware that they are being tracked with every single move. Moreover, since they have bought into the idea that Apple is a “privacy hero” protecting them, they might actually become emboldened to take steps with their iPhone that might put their personal privacy at even greater risk.
According to Mozilla, the advertiser tracking should be opt-in, and not opt-out. After all, isn’t that the way most Internet users expect things to work? For example, say that you want to sign up for a company email newsletter. You physically have to opt-in to receive the newsletter. Then, on top of things, you will usually receive a confirmation email saying that you signed up to receive the newsletter, and you will be prompted to click on a link, verifying that you indeed were the person who requested to sign up for the newsletter.
Now, imagine if a similar type of system to safeguard privacy by default were applied to the world of advertising, tracking, and digital monitoring. It would make life a lot harder for advertisers, because it is unclear how many people – if any – would actually sign up for 24/7 ubiquitous tracking. So, in many ways, the Mozilla petition in response to Apple’s iPhone privacy clams is a sort of compromise solution: it would still enable advertisers to track people for a short period of time, and users wouldn’t have to worry about constantly adjusting their privacy settings (Apple would make all changes to the unique ID automatically).
A message to Silicon Valley
If nothing else, the new Mozilla petition referencing Apple’s iPhone privacy claims is intended to send Silicon Valley the message that users do not want companies tracking them and that privacy is something that is very important to the future of the Web. Whether you are a software company or a hardware company, you need to take privacy seriously. Thus, even Apple – which has built a reputation for privacy – needs to keep a careful eye on any issues (such as the existence of IDFAs) that might impact iPhone privacy. By adopting the Mozilla petition on privacy for iPhones, it will send a clear message that Apple is, indeed, 100 percent behind the concept of user privacy
Going forward, privacy needs to be a feature that is built into new products and services from the very outset, rather than something that is added in at the last moment, or something that must be added retroactively. If U.S. legislators ever introduce a comprehensive and sweeping federal privacy law, this is a fundamental privacy concept that they should keep in mind to help companies to safeguard the privacy of their users.