Wilander says that the traditional method of ad click writing does not have any practical limit to data, allowing for complete tracking of users using cookies on the website. "We believe this is invasive privacy, and we are committed to preventing such ad clicks from occurring in Safari and WebKit," he wrote.
Thus, Apple has suggested a modern solution as it says does not allow tracking users across the web site, but provides a means to measure the effectiveness of online advertising. The feature is built into the browser itself and runs on the device, which means that the browser provider does not see any of the ad data.
Here's Apple's summary of privacy considerations for the feature:
- Only links that appear on first-party pages should be able to store ad click assignment data.
- Neither the website where ad clicks occur nor the site where the conversion takes place should be able to see if the ad click data has been saved, matched or scheduled for reporting.
- Ad clicks should only be stored for a limited time, such as a week.
- The entropy of both ad campaign ID and conversion data must be restricted to a point where this data cannot be repurposed for user tracking across the website. We suggest six bits each for these two bits of data, or values between 0 and 63.
- Ad text attribution requests should be delayed randomly between 24 and 48 hours. This ensures that a conversion that occurs shortly after an ad click does not allow speculative profiling of the user across the page. The chance of the delay ensures that the request does not in itself reveal when during the day the conversion occurred.
- The web browser should not guarantee any particular order in which multiple ad encryption requests are sent, as the order itself may be misused to increase entropy and allow user tracking across the web site.
- The browser should use an ephemeral session aka privately or incognito mode to make ad click assignment requests.
- The browser should not use or accept any credentials, such as cookies, client certificates, or Basic authentication in ad click attribution or response requests.
- The browser should offer a way to enable and disable clicks. We intend to have the default setting to encourage websites to move to this technology and provide general cross-site tracking.
- The browser should not enable ad click attribution in private / incognito mode.
Privacy Preserve Ad Click Attribution is available as an experimental feature in Safari Technology Preview 82 and later. To turn on the function, activate the Develop menu and navigate to the Experimental Functions submenu.
Apple says the feature will be turned on for web developers later this year. The company has also recommended it as a web standard for W3C.