Mediastreet
Tag

Privacy

Browsing
In News

Google’s Universal Analytics sunsets in 51 days & cookies are crumbling: how to prepare

No Comments

By Mike Froggatt

According to Gartner research, just over a quarter of all marketing budgets go toward paid media, with 56% of that spent on digital channels. Proving return on ad spend is already difficult for digital marketing leaders, and changes to cookies and walled gardens strengthening their own walls will make it even more challenging.

Third-party cookie data fuelled two decades of digital media and data-driven performance advertising. It’s no wonder cookie deprecation and restrictions on third-party data are transforming the way marketers target, buy and measure digital media.

In addition to the immediate impacts of cookie loss, the increased regulatory pressures on walled gardens is creating an environment of more black box algorithms and fewer data points with which to measure and independently verify results. Of the three privacy scenarios proposed by my colleague Andrew Frank, we are quickly moving to a walled garden world. And the biggest among them, Google, is at the front of the pack.

Aside from the (continually delayed) deprecation of the cookie, Google has another fast-approaching deadline that will impact almost every marketer with a website: the sunsetting of Universal Analytics.

As my colleague Lizzy Foo Kune shared with The Drum last year, the migration to Google Analytics 4 (GA4) entails an urgent overhaul to long-standing marketing data collection, measurement baselines and operational approaches — and deeper ties to Google’s ad ecosystem. GA4 highlights the data usage and consent gaps between acquisition-oriented advertising and retention-and-growth marketing but provides bridging mechanisms such as lookalike modelling, retargeting, pathing and attribution.

Digital advertising is vital for the success of modern brands, for driving both top-of-funnel awareness and bottom-of-funnel consideration and sales. Key to their success is access to data about their prospects’ and customers’ online behaviour, which helps marketers target and personalize their campaign efforts. Regulations on the collection and sharing of consumer data is prompting major data providers and adtech alike to change how their platforms collect, store and share this data with advertisers.

To maintain their digital media effectiveness, marketers need to build resilience and evaluate existing digital partners for cookie and walled garden alternatives.

Build a cookieless and walled garden risk profile

Purchasing display ads indirectly indicates a high reliance on third-party cookies. Brands with campaigns that rely heavily on indirect impressions could be highly susceptible to disruption from additional privacy changes from walled gardens and limits on third-party tracking from regulatory bodies.

Brands should ensure that their website and digital media campaigns – and the data collected and used to target ads – are both privacy compliant and effective in the face of those challenges by:

  • Owning, assigning someone on the team or finding a trusted partner to keep up with the latest news on privacy changes, cookies and third-party data regulation and their impact on the brand’s business.
  • Building first-party data assets by homing in on core customers and building direct-buying relationships with strategically important media partners.
  • Working across the organization to ensure compliance across user data collection and digital media activation.
  • Partnering with media companies, as well as established and emerging technology firms, to test novel targeting strategies (e.g., Google’s Topics, contextual targeting, data clean rooms) that reduce the eventual impact of the loss of cookies on existing media strategies.

Once an organization understands how its digital media is purchased, either with an internal analysis or a report from its agency partners, determine the risk exposure to the company’s marketing programs. Privacy changes and cookie deprecation’s impact on advertising depend on two factors: sales strategy (direct or third-party sales) and media strategy (brand versus performance marketing).

Risk assessment chart from Gartner

Source: Gartner (May 2023)

Sales strategy and the proximity to the final sale are indicative of the relationship with the customer, including the receiving consent to use their data for retargeting and other conversion-oriented digital advertising tactics. Media strategy indicates the number of existing relationships brands have with their target audiences to deploy in a privacy-safe way and their reliance on advertising partners.

Limit exposure to changes in the long run

After determining the organization’s cookie risk profile and building overall resilience to disruption, follow some of these next steps, tailored for each profile, to limit exposure to changes:

  • Conversion-seeking brands should focus on the core value of their products to consumers and continue to build upon that niche in addition to investing in performance media partners. Work on increasing the loyalty of existing customers and growing through the network effects of word-of-mouth on social media and outside of digital.
  • Legacy wholesale brands should maintain mind share through their broad brand advertising strategies while leveraging emerging channels like retail media networks. These channels can help fill any potential gaps in performance advertising left by changes to walled gardens and third-party data.
  • Direct-to-consumer and mono-brand retail brands should leverage their consent-based first-party data and close relationships with customers to focus their ad spend across trusted sites and apps. With Universal Analytics’ sunset imminent, it is imperative for digital marketing leaders to start collecting data with both UA and GA4 now in order to test for data compatibility and source appropriate alternatives for signal loss.
  • Platform and multichannel retail brands must continue to innovate on their existing sites, apps and product suite to stay at the forefront of customer needs. If the brand is a Google Analytics site, it’s important to prepare for fewer granular data points on site visitors in exchange for more targeting options within the Google media properties. In addition, work with marketing technology providers to expand revenue opportunities by leveraging audience and conversion data for brands in high-risk, legacy and direct profiles.

Mike Froggatt is senior director, analyst in Gartner’s marketing practice. To read more from The Drum’s latest Deep Dive, where we’ll be demystifying data & privacy for marketers in 2023, head over to our special hub.

Feature Image Credit: Myriam Jessier

By Mike Froggatt

Mike Froggatt is senior director, analyst in Gartner’s marketing practice. To read more from The Drum’s latest Deep Dive, where we’ll be demystifying data & privacy for marketers in 2023, head over to our special hub.

Sourced from The Drum

Read More
By
In News

How a civil rights group is holding Europe’s online ad industry to account

No Comments

By D. Cooper

Is this the end for the consent pop-up?

An Irish civil rights group believes that it has successfully exposed the so-called legal fictions that underpin the online advertising industry. The Irish Council for Civil Liberties (ICCL), says that Europe’s data protection regulators will soon declare the current regime illegal. At the heart of this complaint is both how the industry asks for permission, and then how it serves adverts to users online. Describing the situation as the “world’s biggest data breach,” the consequences of the ruling could have staggering ramifications for everything that we do online.

“The world’s biggest data breach”

Real-Time Bidding (RTB) is the mechanism by which most online ads are served to you today, and lies at the heart of the issue. Visit a website and, these days, you will notice a split-second delay between the content loading, and the adverts that surround it. You may be reading a line in an article, only for the text to suddenly leap halfway down the page, as a new advert takes its place in front of your eyes. This delay, however small, accommodates a labyrinthine process in which countless companies bid to put their advert in front of your eyes. Omri Kedem, from digital marketing agency Croud, explained that the whole process takes less than 100 milliseconds from start to finish.

Advertising is the lifeblood of the internet, providing social media platforms and news organisations with a way to make money. Advertisers feel more confident paying for ads, however, if they can be reasonably certain that the person on the other end is inside the target market. But, in order to make sure that this works, the platform hosting the ad needs to know everything it can about you, the user.

This is how, say, a sneaker store is able to market its wares to the local sneakerheads or a vegan restaurant looks for vegans and vegetarians in its local area. Companies like Facebook have made huge profits on their ability to laser-focus ad campaigns on behalf of advertisers. But this process has a dark side, and this micro-targeting can, for instance, be used to enable hateful conduct. The most notable example is from 2017, when ProPublica found that you could target a cohort of users deemed anti-semitic with the tag “Jew Hater.”

Every time you visit a website, a number of facts about you are broadcast to the site’s owner including your IP address. But that data can also include your exact longitude and latitude (if you have built-in GPS), your carrier and device type. Visit a news website every day and it’s likely that both the publisher and ad-tech intermediary will track which sections you spend more time reading.

This information can be combined with material you’ve willingly submitted to a publisher when asked. Subscribe to a publication like the Financial Times or Forbes, for instance, and you’ll be asked about your job title and industry. From there, publishers can make clear assumptions about your annual income, social class and political interests. Combine this information — known in the industry as deterministic data — with the inferences made based on your browsing history — known as probabilistic data — and you can build a fairly extensive profile of a user.

“The more bidders you have on something you’re trying to sell, in theory, the better,” says Dr. Johnny Ryan. Ryan is a Senior Fellow at the ICCL with a specialism in Information Rights and has been leading the charge against Real-Time Bidding for years. In order to make tracking-based advertising work, the publisher and ad intermediary will compress your life into a series of codes: Bidstream Data. Ryan says that this is a list of “identification codes [which] are highly unique to you,” and is passed on to a number of auction sites.

“The most obvious identification is the app that you’re using, which can be very compromising indeed, or the specific URL that you’re visiting,” says Ryan. He added that the URL of the site, which can be included in this information, can be “excruciatingly embarrassing” if seen by a third party. If you’re looking up information about a health condition or material related to your sexuality and sexual preferences, this can also be added to the data. And there’s no easy and clean way to edit or redact this data as it is broadcast to countless ad exchanges.

In order to harmonize this data, the Interactive Advertising Bureau, the online ad industry’s trade body, produces a standard taxonomy. (The IAB, as it is known, has a standalone body operating in Europe, while the taxonomy itself is produced by a New York-based Tech Lab.) The IAB Audience Taxonomy (subsequently revised to version 1.1) will codify you, for instance, as being into Arts and Crafts (Code 1472) or Birdwatching (435). Alternatively, it can tag you as having an interest in Islam (602), Substance Abuse (568) or if you have a child with special educational needs (357).

But not every bidder in those auctions is looking to place an ad, and some are much more interested in the data that is being shared. A Motherboard story from earlier this year revealed that the United States Intelligence Community mandates the use of ad-blockers to prevent RTB agencies from identifying serving personnel, data which could wind up in the hands of rival nations. Earlier versions of IAB’s Content Taxonomy even included tags identifying a user as potentially working for the US military.

It’s this specificity in the data, coupled with the fact that it can be shared widely and so regularly, that has prompted Ryan to call this the “world’s biggest data breach.” He cited an example of a French firm, Vectuary, which was investigated in 2018 by France’s data protection regulator, CNIL. What officials found was data listings for almost 68 million people, much of which had been gathered using captured RTB data. At the time, TechCrunch reported that the Vectaury case could have ramifications for the advertising market and its use of consent banners.

The issue of consent

In 2002, the European Union produced the ePrivacy Directive, a charter for how companies needed to get consent for the use of cookies for advertising purposes. The rules, and how they are defined, have subsequently evolved, most recently with the General Data Protection Regulations (GDPR). One of the consequences of this drive is that users within the EU are presented with a pop-up banner asking them to consent to tracking. As most cookie policies will explain, this tracking is used for both internal analytics and to enable tracking-based advertising.

To standardize and harmonize this process, IAB Europe created the Transparency and Consent Framework (TCF). This, essentially, lets publishers copy the framework laid down by the body on the assumption that they have established a legal basis to process that data. When someone does not give consent to be tracked, a record of that decision is logged in a piece of information known as a TC String. And it’s here that the ICCL has (seemingly) claimed a victory after lodging a complaint with the Belgian Data Protection Authority, the APD, saying that this record constitutes personal data.

A draft of the ruling was shared with IAB Europe and the ICCL, and reportedly said that the APD found that a TC String did constitute personal data. On November 5th, IAB Europe published a statement saying that the regulator is likely to “identify infringements of the GDPR by IAB Europe,” but added that those “infringements should be capable of being remedied within six months following the issuing of the final ruling.” Essentially, because IAB Europe was not treating these strings with the same level of care as personal data, it needs to start doing so now and / or face potential penalties.

At the same time, Dr. Ryan at the ICCL declared that the campaign had “won” and that IAB Europe’s whole “consent system” will be “found to be illegal.” He added that IAB Europe created a fake consent system that spammed everyone, every day, and served no purpose other than to give a thin legal cover to the massive data breach in at the heart of online advertising.” Ryan ended his statement by saying that he hopes that the final decision, when it is released, “will finally force the online advertising industry to reform.”

This reform will potentially hinge on the thorny question of if a user can reasonably be relied upon to consent to tracking. Is it enough for a user to click “I Accept” and therefore write the ad-tech intermediary involved a blank check? It’s a question that ad-tech expert and lawyer Sacha Wilson, a partner at Harbottle and Lewis, is interested in. He explained that, in the law, “consent has to be separate, specific, informed [and] unambiguous,” which “given the complexity of ad tech, is very difficult to achieve in a real-time environment.”

Wilson also pointed out that something that is often overstated is the quality of the data being collected by these brokers. “Data quality is a massive issue,” he said, “a significant proportion of the profile data that exists is actually inaccurate — and that has compliance issues in and of itself, the inaccuracy of the data.” (This is a reference to Article 5 of the GDPR, where people who process data should ensure that the data is accurate.) In 2018, an Engadget analysis of data held by prominent data company Acxiom showed that the information held on an individual can be often wildly inaccurate or contradictory.

One key plank of European privacy law is that it has to be easy enough to withdraw consent if you so choose. But it doesn’t appear as if this is as easy as it could be if you have to approach every vendor individually. Visit ESPN, for instance, and you’ll be presented with a list of vendors (listed by the OneTrust platform) that numbers into the several hundreds. MailOnline’s vendor list, meanwhile, runs to 1,476 entries. (Engadget’s, for what it’s worth, includes 323 “Advertising Technologies” partners.) It is not necessarily the case that all of those vendors will be engaged at all times, but it does suggest that users cannot simply withdraw consent at every individual broker without a lot of time and effort.

Transparency and consent

Townsend Feehan is the CEO of IAB Europe, the body currently awaiting a decision from the APD concerning its data protection practices. She says that the thing that the industry’s critics are missing is that “none of this [tracking] happens if the user says no.” She added that “at the point where they open the page, users have control. [They can] either withhold consent, or they can use the right to object, if the asserted legal basis is legitimate interest, then none of the processing can happen.” She added that users do, or do not, consent to the discrete use of their data to a list of “disclosed data controllers,” saying that “those data controllers have no entitlement to share your data with anyone else,” since doing so would be illegal.

[Legitimate Interest is a framework within the GDPR enabling companies to collect data without consent. This can include where doing so is in the legitimate interests of an organization or third party, the processing does not cause undue harm or detriment to the person involved.]

While the type of sharing described by the ICCL and Dr. Ryan isn’t impossible, from a technical standpoint, Feehan made it clear that to do so is illegal under European law. “If that happens, it is a breach of the law,” she said, “and that law needs to be enforced.” Feehan added that at the point when data is first collected, all of the data controllers who may have access to that information are named.

Feehan also said that IAB Europe had practices and procedures put in place to deal with members found to be in breach of its obligations. That can include suspension of up to 14 days if a violation is found, with further suspensions liable if breaches aren’t fixed. IAB Europe can also permanently remove a company that has failed to address its policies, which it signs up to when it joins the TCF. She added that the body is currently working to further automate its audit processes in order to ensure it can proactively monitor for breaches and that users who are concerned about a potential breach can contact the body to share their suspicions.

It is hard to speculate on what the ruling would mean for IAB Europe and the current ad-tech regime more broadly. Feehan said that only when the final ruling was released would we know what changes the ad industry will have to institute. She asserted that IAB Europe was little more than a standards-setter rather than a data controller in real terms. “We don’t have access to any personal data, we don’t process any data, we’re just a trade association.” However, should the body be found to be in breach of the GDPR, it will need to offer up a clear action plan in order to resolve the issue.

It’s not just consent fatigue

The issue of Real-Time Bidding data being collected is not simply an issue of companies being greedy or lax with our information. The RTB process means that there is always a risk that data will be passed to companies with less regard for their legal obligations. And if a data broker is able to make some cash from your personal information, it may do so without much care for your individual rights, or privacy.

The Wall Street Journal recently reported that Mobilewalla, an Atlanta-based ad-tech company, had enabled warrantless surveillance through the sale of its RTB data. Mobilewalla’s vast trove of information, some of which was collected from RTB, was sold to a company called Gravy Analytics. Gravy, in turn, passed the information to its wholly-owned subsidiary, Venntel, which then sold the information to a number of federal agencies and related partners.

i
This content is not available due to your privacy preferences. Update your settings here, then reload the page to see it.

This trove of information may not have had real names attached, but the Journal says that it’s easy enough to tie an address to where a person’s phone is placed most evenings. And this information was, at the very least, passed on to and used by the Department of Homeland Security, Internal Revenue Service and US Military. All three reportedly tracked individuals both in the US and abroad without a warrant enabling them to do so.

In July 2020, Mobilewalla came under fire after reportedly revealing that it had tagged and tracked the identity of Black Lives Matter protesters. At the time, The Wall Street Journal report added that the company’s CEO, in 2017, boasted that the company could track users while they visit their places of worship to enable advertisers to sell directly to religious groups.

This sort of snooping and micro-targeting is not, however, limited to the US, with the ICCL finding a report made by data broker OnAudience.com. The study, a copy of which it hosts on its website, discusses the use of databases to create a cohort of around 1.4 million users. These people were targeted based on a belief that they were “interested in LGBTQ+,” identified because they had searched for relevant topics in the prior 14 days. Given both the unpleasant historical precedent of listing people by their sexuality and the ongoing assault on LGBT rights in the country, the ease at which this took place may concern some.

Looking to the future

On November 25th, the APD announced that it had sent its draft decision to its counterparts in other parts of Europe. If the procedure doesn’t hit any roadblocks, then the ruling will be made public around four weeks later, which means at some point in late December. Given the holidays, we may not see the likely fallout — if any — until January. But it’s possible that either this doesn’t make much of a change in the ad landscape, or it could be dramatic. What’s likely, however, is that the issues around how much a user can consent to having their data used in this manner won’t go away overnight.

Feature Image Credit: #Urban-Photographer via Getty Images

By D. Cooper

Sourced from engadget

Read More
By
In News

Ad blocking surges as millions more seek privacy, security and less annoyance

No Comments

By

In the US, an estimated 40% of adults block online ads on PCs or phones.

While Facebook and Apple tussle over the harms and benefits of online advertising, more and more of us are sidestepping the issue by blocking ads completely. Use of ad blocking software like web browsers is surging, especially on smartphones, a study published Monday concludes.

The number of people using ad blockers has remained mostly level on personal computers, with 257 million people using them monthly by the end of 2020. But it’s on mobile devices where ad blocking is really increasing, doubling over the last five years, from 282 million to 586 million at the end of 2020, according to the 2021 PageFair Adblock Report from ad tech firm Blockthrough. That’s a 10% increase over the 2020 PageFair report on ad blocking.

Blockthrough makes money by helping advertisers try to cope with ad blocking. It offers a system to try to persuade website users to opt into delivery of the less intrusive system called Acceptable Ads. Though the ads might not be as distracting, they still face criticism that they they enable tracking, the central issue in the dispute between Apple and Facebook.

Advertising has funded countless online sites besides the dominant beneficiaries, Facebook and Google. Indeed, it propelled much of the foundation of internet businesses. But Apple’s privacy-first stance and the increasing use of ad blockers show major pushback to the approach.

Use of ad blocking software is increasing on mobile devices, a study by Blockthrough found.
Use of ad blocking software is increasing on mobile devices, a study by Blockthrough found. Blockthrough

Blockthrough also funded a survey of 5,423 Americans to gauge their opinions on online ads. One conclusion: About 40% of US adults use an ad blocker, more than twice what publishers often report based on ad-blocking detection software, Blockthrough said.

Ads vs. privacy

The top reason for blocking ads was to avoid interruption and annoyance, with 81% of survey respondents selecting that as a motivation. The second-place reason was protection against malware, at 62%. Third place, at 58%, was privacy.

To estimate ad blocker use globally, Blockthrough based its PC figures on downloads of the ad-blocking address list from Eyeo, maker of the Adblock Plus browser plugin. Its mobile ad blocking use was chiefly from download figures and app developer disclosures about usage. The top ad-blocking browser remains UC Browser, still with an estimated 310 million users despite bans in India and more recently China.

Feature Image Credit: Ad blocking is surging on smartphones with the use of browsers like UC Browser and Brave. Eyeo; Illustration by Stephen Shankland/CNET

By

Sourced from C/Net

Read More
By
In News

Google antitrust suit takes aim at Chrome’s Privacy Sandbox

No Comments

By Adi Robertson and Russell Brandom

‘Google is trying to hide its true intentions behind a pretext of privacy,’ say prosecutors

State antitrust watchdogs are targeting Google’s plans to phase out third-party tracking cookies, building on a major lawsuit filed last year. The group of 15 attorneys general, led by Texas, updated its complaint about Google yesterday to include a more detailed case against the search giant, including new claims about Google’s strategic use of the Chrome browser. In particular, the new complaint takes aim at recent privacy updates to Chrome, which could better protect users’ personal data while also entrenching Google’s market position.

Filed in December, the Texas complaint is one of three ongoing antitrust cases against Google. That same month, the Colorado attorney general led a group alleging that the company stifled competition by manipulating search results. A separate case from the Department of Justice is focused on Google’s dominance of the web search marketplace and associated ad business.

Privacy vs. antitrust

Like the original Texas complaint, Tuesday’s updated filing primarily focuses on Google’s technology for targeting ads across the web. The attorneys general argue that Google used its power in search, streaming video, and other markets to stamp out independent advertising platforms, forcing small businesses and media outlets to use its system.

But in the updated complaint, the states apply this argument to Google’s “Privacy Sandbox” — a tool that’s supposed to replace invasive third-party tracking cookies with a more limited system devised by Google.

“Google’s new scheme is, in essence, to wall off the entire portion of the internet that consumers access through Google’s Chrome browser,” the complaint reads. Blocking cookies might broadly be a good thing — other browsers like Firefox and Safari have already done it. But Chrome dominates the browser market, and it’s part of a much larger Google product suite. The suit argues that Google’s plans would require advertisers to use it as a middleman and would make Google’s own advertising system far more attractive.

For years, Google has been gradually scaling back its use of tracking cookies, announcing earlier this month that it will not establish an alternate system for tracking users on the web. But critics of the company — including the Electronic Frontier Foundation — have criticized those efforts as self-serving. Now, state regulators seem to be adopting those criticisms and putting new legal pressure on Google’s efforts to block tracking in Chrome.

“Google is trying to hide its true intentions behind a pretext of privacy,” the suit continues. With Privacy Sandbox, “Google does not actually put a stop to user profiling or targeted advertising — it puts Google’s Chrome browser at the centre of tracking and targeting.”

Reached for comment, Google said the new allegations rested on a misunderstanding of Chrome’s privacy features. “Attorney General Paxton’s latest claims mischaracterize many aspects of our business, including the steps we are taking with the Privacy Sandbox initiative to protect people’s privacy as they browse the web,” a Google representative said. “These efforts have been welcomed by privacy advocates, advertisers and our own rivals as a step forward in preserving user privacy and protecting free content. We will strongly defend ourselves from AG Paxton’s baseless claims in court.”

Update 1:50PM ET: Added statement from Google.

Feature Image Credit: Illustration by Alex Castro / The Verge

By Adi Robertson and Russell Brandom

Sourced from The Verge

Read More
By
In News

How To Hide Your iPhone’s Unique Name From Apps (And Why You Should)

No Comments

By Jack Morse

Your iPhone has trouble keeping secrets. Thankfully, there’s something you can do about it.

What you do on the internet, what apps you download, and, often, where you go are all data points that can be linked to an iPhone’s so-called advertising identifier (Android phones have a similar Advertising ID). Combined with commercially available databases, this unique alphanumeric string can be enough for third parties to tie an iPhone’s actions back to the real name of its owner.

We were reminded of the real-world consequences of this Friday, when the New York Times published an article exposing the movements of individuals involved in the Jan. 6 riot at the U.S. Capitol. The newspaper obtained a data set that linked phone location data to advertising identifiers, which, combined with other available databases, allowed the paper to link that location data to real people.

Assuming they’re playing by Apple’s rules, app developers get access to a phone’s advertising identifier by simply requesting it from the phone. Think of an ad identifier like the more familiar web cookie which follows you around the internet, remembering what you do and exchanging information with websites along the way. Your phone has something like a cookie, too — that’s the ad identifier.

While you may not have much sympathy for those described in the Times article — who, after all, may have taken part in the attack on the Capitol — the point remains. Your phone’s advertising identifier is yet another digital breadcrumb leading straight back to you.

If you want privacy when, say, going to the doctor, church, an AA meeting, this should concern you. Many of the apps on your phone that have access to your ad identifier are tracking your location. While the apps may promise to store this data anonymously — linked only to your ad identifier — the Times article provides an example of just how easy to it to tie those identifiers (and all the data associated with them) back to real names.

“Several companies offer tools to allow anyone with data to match the IDs with other databases,” the paper explains. And those databases might contain your real name and address.

But there’s a way to fight back.

Apple offers users the option, albeit buried deep in an iPhone’s settings, to deny apps access to your advertising identifier. Turning off apps’ access to location data is also an important step, but there are other ways for apps to estimate your phone’s location — like connections to WiFi networks. You should also not give apps access to your location data unless they absolutely need it to function, like, for example, a map app.

To deny apps access to your phone’s advertising identifier:

  1. Go to “Settings”
  2. Tap “Privacy”
  3. Select “Tracking”
  4. Disable the option that says “Allow Apps to Request to Track”
Limit how you can be tracked on your iPhone.
Limit how you can be tracked on your iPhone.

Image: screenshot: iphone

That’s it.

Interestingly, the menu page doesn’t make it immediately clear that this action will have the intended effect. But it does. Clicking “Learn More” takes the curious to a long page of text which explains what’s going on behind the scenes.

SEE ALSO: How to blur your house on Google Street View (and why you should)

“When you decline to give permission for the app to track you, the app is prevented from accessing your device’s advertising identifier (previously controlled through the Limit Ad Tracking setting on your device).”

There, wasn’t that easy?

By Jack Morse

Sourced from Mashable India

Read More
By
In News

The Four Ps of Privacy

No Comments

By Starr Drum

A quick guide to spotting issues with privacy laws.

Privacy law is growing and evolving at a rapid pace. It can be overwhelming even for practitioners specializing in privacy to keep up with the changing requirements and even more challenging for law students or attorneys specializing in other areas of law. To help you identify which privacy laws apply, I ’ve come up with an alliterative privacy issue-spotting mechanism: “the four Ps of privacy.”

The “four Ps” also serve as a useful tool for practitioners and organizations to ensure they are conducting a complete evaluation of relevant privacy issues to learn whether privacy laws are implicated and determine the scope that privacy counsel should consider and apply. Evaluating the four Ps of privacy is also a process I recommend my law students to follow when attacking their final in my privacy law class.

The four Ps of privacy are people, places, platforms, and purposes. Each one is covered in more detail below.

People

With very limited exceptions, privacy laws only apply where human people—natural persons—are involved. Typically, these people must be identified or identifiable by some means on an individual level to implicate privacy laws. If people are not involved, privacy laws are not in play.

If it turns out people are involved, there is a two-pronged assessment within this “P.” The first assessment involves what type of people are within scope, both on their own and in relation to the entity collecting their personal information. Employees? Customers? Prospective employees or customers? Patients? Website visitors? Adults? Children?

Second, what categories of personal information are being collected from or about these people? Names? Social security numbers? Fingerprints? IP addresses? Different privacy obligations apply to different types of people and the categories of personal information processed. Those requirements change further depending on how the remaining Ps come into play.

Places

Geography, or “place,” plays a crucial role in the application of privacy laws. Privacy laws typically apply to residents of the jurisdiction where the privacy law has been passed. Still, some privacy laws cast a wider net and reach beyond their territorial borders. Much attention has been paid to privacy laws coming from places like California, Brazil, and Europe because of their broad potential geographic scope. Knowing the locations where the people involved live, work, and, potentially, travel will identify the geography-specific privacy laws that should be evaluated.

Platforms

The mechanisms that are used to collect, store, or share information can alter privacy obligations. There are several privacy laws that only govern certain platforms, such as websites, phones, cameras, Internet of Things devices, and vehicles. Additionally, the owners of certain platforms such as mobile app stores and social media networks have imposed specific privacy requirements on their users.

Purposes

Finally, the purposes for which information is being processed will round out the privacy identification process. Is the collected information being used for advertising? For treatment? For security purposes, such as to verify someone’s identity? The purposes of any personal information collection, use, and sharing, can trigger additional legal obligations.

Four Ps in Practice

The four Ps can help companies gauge overall privacy compliance or assess compliance obligations when they undertake new initiatives that implicate one or more of the four Ps. So, how does this work in practice? Say, for example, a brick-and-mortar retailer in Buffalo, New York, wants to set up a website to sell its merchandise and wants to start sending marketing emails to its customers. The company is based in New York, but its brick-and-mortar customers may be from other places, like Canada or Pennsylvania since the company is setting up a website that may sell merchandise to other jurisdictions. The people newly within the scope of this company’s potential privacy obligations are website visitors and customers. The platforms being added are a website and emails. Finally, the purposes of the website and emails are to facilitate e-commerce transactions and potentially to track individuals who access the website or open the emails and to market to them.

Going through the process of assessing the four Ps will set the company on the right path to identifying and evaluating the specific privacy laws it needs to consider as it undertakes new initiatives.

By Starr Drum

Starr Drum is a shareholder with Maynard Cooper & Gale in Birmingham, Alabama.

Sourced from ABA American Bar Association

Read More
By
In News

Switching from Chrome to Firefox can supercharge your privacy in minutes

No Comments

BY SEAN CAPTAIN

Firefox offers the speed and convenience of Chrome—and protects you from prying eyes.

The web browser has become the central app on today’s computers. It’s where people check email and social media, message friends, read news, play videos and music, attend school, do office work, and have socially distanced online meetups. You can learn a lot about someone from what happens in their browser, and dozens of companies do just that with cookies and other tracking technology that build up advertising profiles. But it doesn’t have to be that way.

Google’s Chrome browser is fast and efficient. But Chrome has conflicting loyalties between its users and a parent company that is the world’s largest advertising firm. That’s not to say that Google is standing still. The new Chrome 86 includes an impressive list of security upgrades around areas such as password management and preventing harmful downloads. But privacy reforms still lag. For instance, Chrome has yet to disable third-party tracking cookies, although Google says it intends to in coming years.

But you don’t have to wait for Google. Firefox, a privacy-focused browser from the non-profit Mozilla Foundation, already blocks third-party cookies and a wide range of other tracking technologies. Firefox also offers many bonus features, such as the Pocket web-clipping tool and the ability to reformat web pages, so they are easier to read.

Mozilla has demonstrated a years-long commitment to its users as an alternative to big tech that puts people’s privacy and security ahead of everything else. Those efforts have accelerated in the past few years with the development of aggressive but user-friendly anti-tracking technologies, which helped Mozilla earn a nod as one of Fast Company‘s Most Innovative Companies of 2019.

And Mozilla continues to innovate. Most recently, it became one of the first browser makers (Google isn’t one of them) to adopt a new version of the Do Not Track signal. This one sends a signal to automatically opt the user out of the sale of their data under the California Consumer Privacy Act.

While that tech is still in its infancy, Mozilla also just made some concrete privacy improvements by upgrading its Enhanced Tracking Protection to more aggressively block snoops on the desktop. And for Apple users, Firefox is now a better alternative on mobile devices. The new iOS 14 and iPadOS 14 now let you replace Safari as the primary browser, so that links from email or other apps can automatically open in mobile Firefox.

Yet for all the new features Firefox brings, the transition from Chrome (or another browser) is a cinch. In minutes, you can be up and running with a new browser that offers all the conveniences of Chrome, along with better privacy.

If you’ve been putting of switching browsers out of laziness, we’ve got a handy guide to help you get set up. We’ll take you through the process of switching to Firefox and discovering key new features, including all of Firefox’s security and privacy services. Some, such as Pocket, you will access by clicking icons that appear along the top of the browser. Others you’ll reach by clicking on the “hamburger” button of three horizontal lines in the right-hand corner of the browser window and clicking through the popup menu.

INSTALLING, IMPORTING, AND SYNCING

After you download and install Firefox, it’s time to import key information like bookmarks and website logins from Chrome. This is the deepest rabbit hole you’ll have to go down when setting up Firefox.

First, click the three-line hamburger button and select Library. Next, click Bookmarks, then scroll to the bottom of the window and click Show All Bookmarks to open the Library window. Now click the third button from the left at the top of the window (featuring up and down arrows) and click Import Data from Another Browser. Follow the instructions to import your choice of cookies, browsing history, saved logins, and/or bookmarks from your old browser. To get a fresh start, free of any trackers, uncheck Cookies before the import.

Tip: you can also press Ctrl+Shift+B (Windows) or Shift-Command-B (Mac) to open the Library window.

Looking just to the left of the hamburger button you’ll come to a circular icon representing a person’s head and shoulders. This takes you to your Firefox account. By signing up for Mozilla’s free cloud service, you can sync all aspects of your browsing—such as bookmarks and history, or even open tabs—over the internet to other computers or mobile devices running Firefox. This account also enables you to use some cloud-based security features I’ll describe in a moment.

You can select what information to sync through the cloud, such as bookmarks and open tabs.

FIREFOX’S KEY PRIVACY AND SECURITY ENHANCEMENTS

The top reason to switch to Firefox is for its enhanced privacy. Starting at the hamburger icon in the upper right of the browser, those features begin to emerge.

Encrypted DNS lookups
When you start using Firefox, you’ll see a popup pinned to the hamburger button that alerts you to the use of encrypted DNS lookups. Here’s what that means: Whenever you type in a site URL like “amazon.com,” your browser has to check something called the domain name system (DNS) to see what numerical IP address corresponds to the site name you’ve entered. Typically these lookups are unencrypted, potentially allowing an internet service provider (ISP) or hacker to retrieve a list of all the sites that you visit. Chrome encrypts DNS requests if your ISP offers the capability. Firefox is more aggressive, automatically routing all DNS requests to an encrypted service, regardless of the ISP you use.

Firefox automatically routes DNS requests to one of its carefully vetted encrypted service partners.

Protections Dashboard for privacy overview
Click the hamburger icon, and one of the first items you see is the Protections Dashboard. This takes you to the heart of Firefox’s Enhanced Tracking Protection, with a tally of all the trackers that the browser has blocked so far, and descriptions of how they work. This includes third-party (or cross-site) cookies: small files that reside in your browser and report the sites you visit back to marketers. Firefox also blocks tracking code in online ads, as well as “cryptominer” scripts that commandeer your computer to generate cryptocurrency, like Bitcoin. Finally, the browser blocks fingerprinting, which collects specific computer and web browser settings, such as the plug-ins installed, to develop an identifier for advertisers. (Enhanced Tracking Protection is enabled by default on the Firefox Android and iOS apps, too.)

The Dashboard shows tallies and explains the different kinds of trackers that Firefox’s Enhanced Tracking Protection automatically blocks.

To see what Firefox has blocked on the current web page, click the shied icon that appears just to the left of the address bar at the top of the browser window. (The icon turns from gray to purple when content is blocked.) A popup provides details on the specific trackers that have been blocked.

Click the shield icon to see what Enhanced Tracking Protection has blocked on a particular site.

Firefox Monitor for data breaches
Right below the Enhanced Tracking Protection summary, you will see an invitation to sign up for Firefox Monitor. It checks your email address against a database of emails that have been leaked (often along with passwords and other data) in security breaches over the years. If you sign up, a summary of breaches involving your email appears on the dashboard page. Now that you know what accounts have been compromised, you can change your login for the breached service, or shut down the account, to insure that hackers can no longer access it.

Firefox Monitor reports whether any online accounts tied to your email address have been compromised.

Lockwise password manager
The final element on the protections dashboard is Firefox’s password manager, Lockwise. By default, Firefox offers to save any username/password logins you enter on web sites. These go into Lockwise, along with any logins you may have imported from your previous browser when you set up Firefox. If you sign up for a new online account, Lockwise will offer to generate and remember a super-secure password when you right-click the password field on the website. Lockwise has Android and iOS/iPadOS apps, so you can sync logins through your Firefox account across all your devices.

Lockwise generates and remembers secure passwords that you can sync across devices via your Firefox account.

Facebook Container limits social network tracking
The hamburger icon menu has a lot more options, and one more is especially worth mentioning: Add-ons. Click on this, and search for the Facebook Container. This extension is designed to guard against the way that the social network tracks you across the web. For instance, those like and share buttons that appear on many web pages register that you visited the site featuring them, even if you never press the button. Facebook also places cookies to see if you visit the sites of its advertisers. The Facebook Container doesn’t affect your experience on Facebook itself, but it blocks Facebook’s tracking tools on all other sites.

The Facebook Container add-on prevents Facebook from seeing what other sites you are visiting in Firefox.

SWITCHING YOUR SEARCH ENGINE

Switching from Chrome to Firefox doesn’t completely free you from Google, as it’s the default search engine for Firefox. Even with Firefox’s Enhanced Tracking Protection, Google can still track you through your IP address and through cookies that Google places when you use its search engine. (Firefox doesn’t block the “first-party cookies” placed by the web site you are visiting, only third-party cookies placed by outside advertisers.) But you can change the default search engine to DuckDuckGo, which doesn’t track your activity over time to build advertising profiles.

Start by typing any term into the address bar. A dropdown menu previewing results appears. At the bottom right corner of the dropdown is a gear icon. Click it to reach Firefox’s search preferences page. Under “Default Search Engine,” click the down arrow to open the dropdown menu, and select DuckDuckGo from the choices.

You can change your search engine to DuckDuckGo for further protection from tracking.

FIREFOX’S HANDY FEATURES

The switch to Firefox rewards you not only with better privacy but with several handy usability features. Let’s take a tour of a few, beginning right in the address bar.

Reader View’s streamlined article mode
On certain pages, such as newspaper articles, an icon representing a printed page appears just to the right of the page URL. Click this to enter Reader View, which strips away ads, navigation menus, sidebars, and other extraneous elements to give you a clean page for easy reading or printing. A toolbar to the left provides several viewing options. Clicking the “Aa” icon allows you to change font style and size, paragraph and line spacing, and the page color. Click the headphones icon to hear the article read aloud. (Reader View, without dictation, is also available in the Firefox Android and iOS apps.)

Reader View provides a streamlined page in your choice of type and page style.

Pocket web clipping
To the right of the address bar you will see an icon of a shield with a chevron pattern. This activates Pocket. Just press the button to save a copy of the web page you are viewing to your Pocket account. You can tag each clipping with one or more keywords to organize your sources. It’s also a convenient way to save an article you want to read later, when you have more time (including on Pocket’s free mobile apps).

You can add keyword tags to web pages when you save them to Pocket.

Sending tabs to another device
If you use your Firefox account to sync multiple devices, you can use this handy feature to send the tab you are viewing to another device. For instance, you can start reading an article at your computer and finish it on your phone’s Firefox browser, or vice-versa. To send a tab from the desktop browser, click the Firefox Account button in the upper-right of the browser window and select Send Tab to Device.

Use your Firefox account to send the tab you are currently reading to another device.

Feature Image Credit: [Source photo: zoff-photo/iStock]

BY SEAN CAPTAIN

Sourced from FastCompany

Read More
By
In News

The creepy world of personalised ads is coming to your TV

No Comments
By Nicole Kobie
Channel 4 and Virgin Media are adopting Sky’s AdSmart advertising system. Sky says it can put viewers into groups of 5,000 or more based on age, location, lifestyle, and “even if they have a cat”

Personalised advertising already stalks us across the web, and it’s coming to our TVs, with Channel 4 the latest broadcaster signing up to use Sky’s AdSmart to target commercials. While such a system isn’t quite as invasively personalised as the behavioural advertising clogging up the internet in order to show us shoes we’ve already bought, it could have a big impact on television – and risks being rather creepy.

AdSmart is Sky’s system for targeted, addressable ads, which are commercials that can be swapped out and personalised based on location or other personal data – even in live-broadcast, linear TV. Sky has used the platform on its own channels since 2014, and has this year signed up Virgin Media and Channel 4 to do the same.

For viewers, the benefit is not being shown irrelevant ads – Sky won’t show you ads for its broadband if you’re already a customer, for example – and Sky points to research that suggests there’s a 48 per cent drop in channel switching when such targeted ads are shown. For businesses, small companies can target a specific, hyperlocal catchment area rather than throw away money on nationally shown commercials, opening up TV advertising to smaller companies.

And for broadcasters, the benefit is they can charge more, perhaps as much as ten times more, for what they say are more effective ads – helping to claw in more cash as advertising revenues stall. “Better targeting can be beneficial for both advertisers and viewers: it can not only increase ad return on investment for advertisers, but also deliver more relevant information to viewers,” says Yiting Deng, assistant professor of marketing at UCL. Richard Broughton, researcher director at Ampere Analysis, suggests by a rough estimate it could bump revenue at Sky by as much as 10 per cent and across the wider industry by 2 per cent – it’s positive for broadcasters, but its financial impact is limited.

No wonder then that targeted television ads are already in use with on-demand services; Channel 4 earlier this year rolled out a tool letting brands use their own data to match ads to audiences. But swapping out ads is a bit more difficult with live television. “The key technology is combining what is called addressable advertising, which is personalised, with programmatic systems, which is enabling the purchasing of ads automatically,” says James Blake, director of the Centre for Media and Culture at Edinburgh Napier University.

According to Sky, AdSmart turns your set-top box into a local ad server, downloading and storing commercials deemed relevant based on the data the company holds on you. When watching an AdSmart-enabled channel, those ads will be swapped into the commercial break spot; if there are no AdSmart ads available – or you’ve opted out – a generic commercial is shown instead.

To do this, AdSmart and broadcasters that use it require data about viewers. That could be limited, as a local small business could target a handful of postcodes, with a different ad shown to everyone else, with no personal information required. Sky says that location is a key attribute, though there are thousands more, noting that Huddersfield Town Football Club advertises season tickets locally; there’s not much point in showing that commercial to football fans in Scotland, after all. Location can also be used to target ads more carefully using demographic information; if a neighbourhood is more likely to have family homes, showing ads targeting parents makes more sense.

But targeting those ads more precisely – such as showing pet food ads only to those with cats and dogs – requires more data, which broadcasters purchase from third-party data brokers. Sky, for example, says it can select viewers in groups of 5,000 or more based on age, location, lifestyle, and “even if they have a cat”, using Sky’s own customer data, information provided by the company wishing to advertise, and data bought in from third-party brokers such as Experian, Dunnhumby, CACI, 20ci, Mastercard, Emma’s Diary, and Game. Companies such as those have already been targeted with GDPR complaints for exploiting our personal data and selling it on to marketing companies. If you want to know what data Sky et al have gathered on your family, you can file a subject access request.

Technically, it’s possible to make addressable ads more tightly personalised than those groups of 5,000 used by AdSmart, but there’s a danger that could put viewers off, notes Blake. “I think TV companies and broadcasters need to be careful how they use personalised advertising,” he says. “There’s a risk these adverts can be creepy.” Blake points to an experiment in 2017 when viewers on the Channel 4 app were shown adverts with their own names, which some people found “a little bit creepy”, he says.

There’s another reason TV commercials aren’t likely to get quite as personal as online ads: they cost more to make. “You’ve got additional costs for producing high quality TV adverts – the creative process in itself is quite expensive,” Broughton says. “So this is about refining your spend, as opposed to micro targeting a specific segment.”

While there’s merit in avoiding ads for products you’d never buy, such targeted ads could also be used for political marketing – and that raises concerns for democracy when we’re not all seeing the same message, though Blake notes that broadcast television advertising in the UK is heavily regulated. “That’s one of the big reasons why TV is trusted in the way it is,” he says. “But we need to be aware of the risks because TV adverts can be hugely powerful and we don’t want political campaigns and parties to misuse that. There is a danger that you end up in a bubble of like-minded people with like-minded messages, and don’t get exposed to sentiments on the other side.” However, in the UK, such commercials are banned, with unpaid allocated spots given to the parties instead.

And that’s another reason TV ads aren’t likely to be as invasive as online counterparts: they’re heavily regulated. Broadcasters face tighter regulation than online advertisers, and GDPR should limit how personal data is repurposed for marketing. “Addressable advertising in TV took a hit when GDPR came on board,” says Blake. “Before GDPR, there was a lot of discussion about how cookie data [from web browsing] could feed into adverts. And I think GDPR made that process take quite a big hit.”

Both Sky and Channel 4 say they follow GDPR’s rules, and both allow viewers to opt-out of AdSmart, with Sky adding that any “special category data”, such as information about your health, needs consent to be processed by AdSmart.

If such ads do come off as creepy, you can opt out – and not only of AdSmart, but the broadcasters themselves, something they’ll be wary of. As Broughton notes, angering customers doesn’t have much value to broadcasters such as Sky that can cost up to £70 a month. “It’s not worth jeopardising that to get a few extra pence out of an advertiser,” he says, predicting that “they’ll err on the side of caution.”

Feature Image Credit: Getty Images / WIRED

Sourced from WIRED
Read More
By
In News

A guide to Apple’s disabling of Facebook’s consumer research app

No Comments

By .

The social network paid people to monitor their phone activity and Apple was not happy

Facebook and Apple are in another fight over privacy and data after reports surfaced on Wednesday that Facebook built a consumer research app that opened a backdoor to iPhones. The phonemaker, which disabled the app, has accused the social network of violating its app rules.

Apple and Facebook have had a contentious relationship since Apple CEO Tim Cook took a hardline stance against data-collection practices of internet ad giants, calling for more regulations in the industry. Facebook then hired a public relations firm to push back against the criticism of its business model.

The latest episode in the saga is a bit hard to follow. To help, here’s our guide to what happened.

The Facebook Research App
Facebook recruited phone users to install a consumer research app that tracked their web traffic, messaging, app usage and more. About 5 percent of the participants were younger than 18, according to Facebook. (Minors were prompted to get permission from parents during the download process, for what that’s worth.) The app program was managed by third party companies uTest, BetaBound and Applause, which helped distribute the app.

Quick cash for consumers
People who participated in the consumer research typically received $5 to $10 to download the app and up to $20 a month to keep it active. It was almost like a multilevel data marketing deal because people could also make money for each person they referred, and then extra money each month that those people kept the app active. According to online commenters who say they participated in the program, people could potentially even make hundreds of dollars a month. (Facebook did not respond to a request for comment.)

Why does Apple care?
In August, amid a privacy backlash against Facebook, Apple shut down a similar app from Facebook called Onavu, which also collected details about people’s phone usage. Apple said it violated its App Store policies, and no apps should collect data about other apps people have on their phones.

Facebook’s workaround
The new research app avoided Apple’s App Store by using a program that Apple created for enterprise customers. Companies like Facebook use the enterprise program to build internal company apps, apps for communication, transportation and other logistics useful to employees. However, the apps in the enterprise program are only for employees.

Who the fallout is affecting
Perhaps the people most affected at this point are Facebook employees. Apple not only disabled the research app, it shut down all of Facebook’s other utility apps for employees, reportedly leading to some chaos at the office. Facebook has said it’s talking to Apple about getting its internal apps back online.

Without the internal app program, Facebook will have trouble beta testing changes to its main apps, as well, like when it tries out a new design on Instagram or a new feature on WhatsApp, but only among employees.

Also on the case: lawmakers
Lawkmakers have added this issue to the host of others that led Congress to call CEO Mark Zuckerberg and COO Sheryl Sandberg to testify before them last year. On Wednesday, Sen. Mark Warner, D-Virginia, issued a statement that said, “I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection.”

What about those consumers?
Everyone who participated were aware they were participating in market research, according to Facebook. Also, Google and other companies have similar research programs. Nielsen employs thousands of everyday Americans to share their TV viewing habits for market research.

On the other hand, it’s hard to tell if Facebook adhered to the strictest standards of disclosure, and how well-informed participants were. And Facebook already has been under a microscope for privacy and data-sharing issues, most notably the Cambridge Analytica scandal. There have also been questions raised about how Facebook handled user privacy and data, especially in its early days.

Bottom line
No advertiser will pull their money from Facebook over this, but they will call their ad agency and ask what the hell is happening, again.

Feature Image Credit: Bloomberg

By .

Sourced from AdAge

Read More
By