Apple previews a new Safari feature called Privacy Preserving Ad Click Attribution

Apple today previewed a new privacy-focused feature coming to the Safari browser, Privacy Preserving Ad Click Attribution, but this one’s designed with advertisers in mind.

Recognizing that some advertisers were having issues targeting users without breaching their privacy even after it added Intelligent Tracking Prevention to Safari, the Cupertino firm is now creating this new feature so that brands could measure the effectiveness of their web campaigns without compromising user privacy, as first noted by MacRumors.

WebKit engineer John Wilander summarized how this should work:

  • Only links served on first-party pages should be able to store ad click attribution data.
  • Neither the website where the ad click happens nor the website where the conversion happens should be able to see whether ad click data has been stored, has been matched, or is scheduled for reporting.
  • Ad clicks should only be stored for a limited time, such as a week.
  • The entropy of both ad campaign ID and conversion data needs to be restricted to a point where this data cannot be repurposed for cross-site tracking of users. We propose six bits each for these two pieces of data, or values between 0 and 63.
  • Ad click attribution requests should be delayed randomly between 24 to 48 hours. This makes sure that a conversion that happens shortly after an ad click will not allow for speculative cross-site profiling of the user. The randomness in the delay makes sure the request does not in itself reveal when during the day the conversion happened.
  • The browser should not guarantee any specific order in which multiple ad click attribution requests are sent, since the order itself could be abused to increase the entropy and allow for cross-site tracking of users.
  • The browser should use an ephemeral session aka Private or Incognito Mode to make ad click attribution requests.
  • The browser should not use or accept any credentials such as cookies, client certificates, or Basic Authentication in ad click attribution requests or responses.
  • The browser should offer a way to turn ad click attribution on and off. We intend to have the default setting to be on to encourage websites to move to this technology and abandon general cross-site tracking.
  • The browser should not enable ad click attribution in Private/Incognito Mode.

Wilander went on to explain that ad retargeting and measuring the effectiveness of web ad campaigns often comes at the expense of user privacy, leading many to conflate web privacy with a web free of advertisements.

“We think that’s a misunderstanding. Online ads and measurement of their effectiveness do not require Site A, where you clicked an ad, to learn that you purchased something on Site B,” he wrote. “The only data needed for measurement is that someone who clicked an ad on Site A made a purchase on Site B.

The experimental feature is currently available in Safari Technology Preview 82 and later. Safari Technology Preview is a special version of Safari that allows anyone to test upcoming features. Safari Technology Preview can co-exist alongside your stable Safari version.

To try out Privacy Preserving Ad Click Attribution in Safari Technology Preview 82.0 or later, first enable the Develop menu, then go to the Experimental Features submenu.