privacy
Auto Added by WPeMatico
Auto Added by WPeMatico
Welcome back to This Week in Apps, the weekly TechCrunch series that recaps the latest in mobile OS news, mobile applications and the overall app economy.
The app industry continues to grow, with a record 218 billion downloads and $143 billion in global consumer spend in 2020. Consumers last year also spent 3.5 trillion minutes using apps on Android devices alone.
And in the U.S., app usage surged ahead of the time spent watching live TV. Currently, the average American watches 3.7 hours of live TV per day, but now spends four hours per day on their mobile devices.
Apps aren’t just a way to pass idle hours — they’re also a big business. In 2019, mobile-first companies had a combined $544 billion valuation, 6.5x higher than those without a mobile focus. In 2020, investors poured $73 billion in capital into mobile companies — a figure that’s up 27% year-over-year.
This week, we’re taking a look at the biggest news in the world of apps, including how the GameStop frenzy impacted trading apps, as well as how Apple’s privacy changes are taking shape in 2021, and more.
Image Credits: TechCrunch
Was there really any other app news story this week, beside the GameStop short squeeze? That a group of Reddit users took on the hedge funds was the stuff of legends, even if the reality was that Wall Street likely got in on both sides of the trade. Whether you found yourself in the camp of admiring the spectacle or watching the train wreck in horror (or both), what we witnessed — at long last, I suppose — was the internet coming for the stock market. The GameStop frenzy upended the status quo; it rattled the traditional ways of doing things — much like what the internet has done to almost everything else it touches — whether that’s publishing, media, creation, politics, and more.
“This is community,” explained Reddit founder Alexis Ohanian, in an interview on AOC’s Twitch channel on Thursday.
“This is something that spans platforms and the internet, especially in the last 10 years — in particular social media and smartphone ubiquity. All these things have connected us in real-time ways to organize around ideas, around concepts,” he continued. “We seek out those communities. We seek out that sense of identity. We seek out that sense of connection. And the internet supercharges it because of scale,” he said. “I think one of the byproducts of where I think it continues to go is more of a push towards decentralization and more of a push toward individuals being able to take ownership — even individuals being able to get access — to do the same things that institutions, historically, had a monopoly on,” Ohanian noted.
Trading app Robinhood and social app Reddit, home to the WallStreetBets forum driving the GameStop push, immediately benefitted from the community-driven effort to squeeze the hedge funds — and jumped to the top of the App Store.
But Robinhood’s subsequent failure to be transparent as to why it was forced to stop customers from buying the “meme” stocks, like GameStop and others (it needed more cash), quickly damaged its reputation. Some investors have now sued for their losses. Others started petitions. And even more began downranking the app with one-star reviews, which Google then removed.
Other trading apps have gained not only during the frenzy itself, but also after, as Robinhood users looked for alternative platforms after being burned by the free trading app.
As of Friday, Robinhood remained at No. 1 on the App Store, but is now being closely trailed on the Top Free iPhone apps chart by No. 2 Webull, No. 6 Fidelity, No. 7 Cash App, No. 12 TD Ameritrade and No. 15 E*TRADE, among others.
Crypto apps are also topping the charts, as users realize the potential of collective action in markets not yet dominated by the billionaires. Coinbase popped to No. 4, while Binance-run apps were at No. 9 and No. 19, Voyager was No. 23 and Kraken No. 24.
In addition, forums where traders can join communities are also continuing to do well, with Reddit at No. 3, Discord at No. 14 and Telegram at No. 28, as of the time of writing.
Image Credits: Jaap Arriens/NurPhoto via Getty Images
Google failed to meet its earlier promised deadline of rolling out privacy labels to its nearly 100-some iOS apps. Its initial estimate followed suggestions (aided by Apple’s typical quiet confirmations to press), that Google had been struggling over how to handle the privacy issues the updates would reveal. This week, Google again said its labels were on the way. But now, it’s not making any specific promises about when those labels would arrive. Instead, the company just said the labels would roll out as Google updated its iOS apps with new features and bug fixes, rather than rolling out the labels to all its apps at once.
However, some Google apps have been updated, including Play Movies & TV, Google Translate, Fiber TV, Fiber, Google Stadia, Google Authenticator, Google Classroom, Smart Lock, Motion Stills, Onduo for Diabetes, Wear OS by Google and Project Baseline — but not Google’s main apps like Search, YouTube, Maps, Gmail or its other productivity apps.
Image Credits: Apple (livestream)
Apple announced this week its tracking restrictions for iOS apps are nearing arrival. The changes had initially been pushed back to give developers more time to make updates, but will now arrive in “early spring.”
Once live, the previous opt-out model for sharing your Identifier for Advertisers (IDFA) will change to an opt-in model, meaning developers will have to ask users’ permission to track them. Most users will likely say “no,” and be annoyed by the request. Users will also be able to adjust IDFA sharing in Settings on a per-app basis, or on all apps at once.
Facebook has already been warning investors of the ad revenue hit that will result from these changes, which it expects to see in the first quarter earnings. It may also be preparing a lawsuit. Google, meanwhile, said it would be adopting Apple’s SKAdNetwork framework and providing feedback to Apple about its potential improvements.
For years, Apple has been laying the groundwork to establish itself as the company that cares about consumer privacy. And it’s certainly true that no other large tech company has yet to give users this much power to fight back against being tracked around the web and inside apps.

But this is not a case of Apple being the “good guy” while everyone else is “bad” — because the multi-billion-dollar ad industry is not that simple. With a change to its software, Apple has effectively carved out a seat at the table for its own benefit.
What many don’t realize is that Apple watches what its users do across its own platform, inside a number of its first-party apps — including in Apple Music, Apple TV, Apple Books, Apple News and the App Store. It then uses that first-party data to personalize the ads it displays in Apple News, Stocks and the App Store.
So while other businesses are tracking users around the web and apps to gain data that lets them better personalize ads at scale, Apple only tracks users inside its own apps and services. (But there sure are a lot of them! And Apple keeps launching new ones, too.)
With the new limits that impact the effectiveness of ads outside of Apple’s ecosystem, advertisers who need to reach a potential customer — say, with an app recommendation — will need to throw more money into Apple-delivered advertising instead. This is because Apple’s ads will be capable of making those more targeted, personalized and, therefore, more effective recommendations.
Apple says it will play by the same rules that it’s asking other developers to abide by. Meaning, if its apps want to track you, they’ll ask. But most of its apps do not “track” using IDFA. Meanwhile, if users want to turn off personalized ads using Apple’s first-party data, that’s a different setting. (Settings –> Privacy –> scroll to bottom –> Apple Advertising –> toggle off Personalized Ads). And no, you won’t be shown a pop-up asking you if that’s a setting you want on or off.
Apple, having masterfully made its case as the privacy-focused company — because wow, isn’t adtech gross? — is now just laying it on. Apple CEO Tim Cook this week blamed the adtech industry for the growth in online extremism, violent incitement (e.g. at the U.S. Capitol) and growing belief in conspiracies, saying companies (cough, Facebook) optimized for engagement and data collection, no matter the damage to society.
Image Credits: Sensor Tower
Image Credits: Telegram
Image Credits: Instagram
Image Credits: Freepik / Kristina Astakhova (opens in a new window) / Getty Images
Image Credits: Confide
Image Credits: Opal
Opal offers a digital well-being assistant for iPhone that allows you to block distracting websites and apps, set schedules around app usage, lock down apps for stricter and more focused quiet periods and more. The service works by way of a VPN system that limits your access to apps and sites. But unlike some VPNs on the market, Opal is committed to not collecting any personal data on its users or their private browsing data. Instead, its business model is based on paid subscriptions, not selling user data, it says. The freemium service lets you upgrade to its full feature set for $59.99/year.
Image Credits: Charlie
Founded by a former mobile game industry vet, Charlie “gamifies” getting out of debt using techniques that worked in gaming, like progress bars, fun auto-save rules that can be triggered by almost any activity, celebrations with confetti and more. The app plans to expand into a fuller fintech product in time to help users refinance debt at a lower rate and bill pay directly from the app.
Powered by WPeMatico
Apple has shared a few more details about its much-discussed privacy changes in iOS 14. The company first announced at WWDC in June that app developers would have to ask users for permission in order to track and share their IDFA identifier for cross-property ad targeting purposes. While iOS 14 launched in the fall, Apple delayed the tracking restrictions until 2021, saying it wanted to give developers more time to make the necessary changes.
Now we’ve got a slightly-more-specific timeline. The plan is to launch these changes in early spring, with a version of the feature coming in the next iOS 14 beta release.
This is how Apple describes the new system: “Under Settings, users will be able to see which apps have requested permission to track, and make changes as they see fit. This requirement will roll out broadly in early spring with an upcoming release of iOS 14, iPadOS 14, and tvOS 14, and has already garnered support from privacy advocates around the world.”
And here are the basics of what you need to know:
Apple is also increasing the capabilities of its Ad attribution API, allowing for better click measurement, measurement of video conversions and also — and this is a big one for some cases, app-to-web conversions.
This news comes on Data Privacy Day, with CEO Tim Cook speaking on the issue this morning at the Computers, Privacy and Data Protection conference in Brussels. The company is also sharing a new report showing that the average app has six third-party trackers.
While this seems like a welcome change from a privacy perspective, it’s drawn some criticism from the ad industry, with Facebook launching a PR campaign emphasizing the impact on small businesses, while also pointing to the change as “one of the more significant advertising headwinds” that it could face this year. Apple’s stance is that this provides a user-centric data privacy approach, rather than an advertiser-centric one.
Powered by WPeMatico
I had my first telehealth consultation last year, and there’s a high probability that you did, too. Since the pandemic began, consumer adoption of remote healthcare has increased 300%.
Speaking as an unvaccinated urban dweller: I’d rather speak to a nurse or doctor via my laptop than try to remain physically distanced on a bus or hailed ride traveling to/from their office.
Even after things return to (rolls eyes) normal, if I thought there was a reliable way to receive high-quality healthcare in my living room, I’d choose it.
Clearly, I’m not alone: a May 2020 McKinsey study pegged yearly domestic telehealth revenue at $3 billion before the coronavirus, but estimated that “up to $250 billion of current U.S. healthcare spend could potentially be virtualized” after the pandemic abates.
That’s a staggering number, but in a category that includes startups focused on sexual health, women’s health, pediatrics, mental health, data management and testing, it’s clear to see why digital-health funding topped more than $10 billion in the first three quarters of 2020.
Drawing from The TechCrunch List, reporter Sarah Buhr interviewed eight active health tech VCs to learn more about the companies and industry verticals that have captured their interest in 2021:
Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription
Since COVID-19 has renewed Washington’s focus on healthcare, many investors said they expect a friendly regulatory environment for telehealth in 2021. Additionally, healthcare providers are looking for ways to reduce costs and lower barriers for patients seeking behavioral support.
“Remote really does work,” said Elizabeth Yin, general partner at Hustle Fund.
We’ll cover digital health in more depth this year through additional surveys, vertical reporting, founder interviews and much more.
Thanks very much for reading Extra Crunch this week; I hope you have a relaxing weekend.
Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist
Image Credits: Luis Alvarez (opens in a new window) / Getty Images
Image Credits: Bryce Durbin
In the last year, edtech startup Top Hat acquired three publishing companies: Fountainhead Press, Bludoor and Nelson HigherEd.
Natasha Mascarenhas interviewed CEO and founder Mike Silagadze to learn more about his content acquisition strategy, but her story also discussed “some rumblings of consolidation and exits in edtech land.”
Image Credits: Nigel Sussman (opens in a new window)
Last year, U.S.-based VCs invested an average of $428 million each day in domestic startups, with much of the benefits flowing to fintech companies.
This morning, Alex Wilhelm examined Q4 VC totals for Europe, which had its lowest deal count since Q1 2019, despite a record $14.3 billion in investments.
Asia’s VC industry, which saw $25.2 billion invested across 1,398 deals is seeing “a muted recovery,” says Alex.
“Falling seed volume, lots of big rounds. That’s 2020 VC around the world in a nutshell.”
Image Credits: Treedeo (opens in a new window) / Getty Images
In this week’s Decrypted, security reporter Zack Whittaker covered the latest news in the unfolding SolarWinds espionage campaign, now revealed to have impacted the U.S. Bureau of Labor Statistics and Malwarebytes.
In other news, the controversy regarding WhatsApp’s privacy policy change appears to be driving users to encrypted messaging app Signal, Zack reported. Facebook has put changes at WhatsApp on hold “until it could figure out how to explain the change without losing millions of users,” apparently.
Image Credits: Nigel Sussman (opens in a new window)
A big IPO debut is a juicy topic for a few news cycles, but because there’s always another unicorn ready to break free from its corral and leap into the public markets, it doesn’t leave a lot of time to reflect.
Alex studied companies like Lemonade, Airbnb and Affirm to see how well these IPO pop stars have retained their value. Not only have most held steady, “many have actually run up the score in the ensuing weeks,” he found.
Image Credits: Bryce Durbin / TechCrunch
Dear Sophie:
I work in HR for a tech firm. I understand that Biden is rolling out a new immigration plan today.
What is your sense as to how the new administration will change business, corporate and startup founder immigration to the U.S.?
—Free in Fremont
Image Credits: atakan (opens in a new window) / Getty Images
I began my career as an avid TechCrunch reader and remained one even when I joined as a writer, when I left to work on other things and now that I’ve returned to focus on better serving our community.
I’ve been chatting with some of the folks in our community and I’d love to talk to you, too. Nothing fancy, just 5-10 minutes of your time to hear more about what you want to see from us and get some feedback on what we’ve been doing so far.
If you would be so kind as to take a minute or two to fill out this form, I’ll drop you a note and hopefully we can have a chat about the future of the Extra Crunch community before we formally roll out some of the ideas we’re cooking up.
Drew Olanoff
@yoda
Image Credits: Nigel Sussman (opens in a new window)
Last year was a disaster across the board thanks to a global pandemic, economic uncertainty and widespread social and political upheaval.
But if you were involved in the private markets, however, 2020 had some very clear upside — VCs flowed $156.2 billion into U.S.-based startups, “or around $428 million for each day,” reports Alex Wilhelm.
“The huge sum of money, however, was itself dwarfed by the amount of liquidity that American startups generated, some $290.1 billion.”
Using data sourced from the National Venture Capital Association and PitchBook, Alex used Monday’s column to recap last year’s seed, early-stage and late-stage rounds.
Image Credits: Andy Roberts (opens in a new window) / Getty Images
Building a marketing team is one of the most opaque parts of spinning up a startup, but for a deep tech company, the stakes couldn’t be higher.
How can technical founders working on bleeding-edge technology find the right people to tell their story?
If you work at a post-revenue, early-stage deep tech startup (or know someone who does), this post explains when to hire a team, whether they’ll need prior industry experience, and how to source and evaluate talent.
Bustle Digital Group CEO Bryan Goldberg. Image Credits: Bustle Digital Group
Senior Writer Anthony Ha interviewed Bustle Digital Group CEO Bryan Goldberg to get his thoughts on the state of digital media.
Their conversation covered a lot of ground, but the biggest news it contained focuses on Goldberg’s short-term plans.
“Where do I want to see the company in three years? I want to see three things: I want to be public, I want to see us driving a lot of profits and I want it to be a lot bigger, because we’ve consolidated a lot of other publications,” he said.
Image Credits: Laia Divols Escude/EyeEm (opens in a new window) / Getty Images
The U.S. Federal Trade Commission is not a huge fan of personal-care D2C brands merging with traditional consumer product companies.
This month, razor startup Billie and Proctor & Gamble announced they were calling off their planned merger after the FTC filed suit.
For similar reasons, Edgewell Personal Care dropped its plans last year to buy Harry’s for $1.37 billion.
In a harsher regulatory environment, “the path to profitability has become a more important part of the startup story versus growth at all costs,” it seems.
SAN FRANCISCO, CA – SEPTEMBER 12: Founder and CEO of Twilio Jeff Lawson speaks onstage during TechCrunch Disrupt SF 2016 at Pier 48 on September 12, 2016 in San Francisco, California. Image Credits: Steve Jennings/Getty Images for TechCrunch
Companies that build their own tools “tend to win the hearts, minds and wallets of their customers,” according to Twilio CEO Jeff Lawson.
In an interview with enterprise reporter Ron Miller for his new book, “Ask Your Developer,” Lawson says founders should use developer teams as a sounding board when making build-versus-buy decisions.
“Lawson’s basic philosophy in the book is that if you can build it, you should,” says Ron.
Powered by WPeMatico
OneTrust, the four-year-old privacy platform startup from the folks who brought you AirWatch (which was acquired by VMmare for $1.5 billion in 2014), announced a $300 million Series C on an impressive $5.1 billion valuation today.
The company has attracted considerable attention from investors in a remarkably short time. It came out of the box with a $200 million Series A on a $1.3 billion valuation in July 2019. Those are not typical A round numbers, but this has never been a typical startup. The Series B was more of the same — $210 million on a $2.7 billion valuation this past February.
That brings us to today’s Series C. Consider that the company has almost doubled its valuation again, and has raised $710 million in a mere 18 months, some of it during a pandemic. TCV led today’s round joining existing investors Insight Partners and Coatue.
So what are they doing to attract all this cash? In a world where privacy laws like GDPR and CCPA are already in play, with others in the works in the U.S. and around the world, companies need to be sure they are compliant with local laws wherever they operate. That’s where OneTrust comes in.
“We help companies ensure that they can be trusted, and that they make sure that they’re compliant to all laws around privacy, trust and risk,” OneTrust Chairman Alan Dabbiere told me.
That involves a suite of products that the company has already built or acquired, moving very quickly to offer a privacy platform to cover all aspects of a customer’s privacy requirements, including privacy management, discovery, third-party risk assessment, risk management, ethics and compliance and consent management.
The company has already attracted 7,500 customers to the platform — and is adding1,000 additional customers per quarter. Dabbiere says that the products are helping them be compliant without adding a lot of friction to the building or buying process. “The goal is that we don’t slow the process down, we speed it up. And there’s a new philosophy called privacy by design,” he said. That means building privacy transparency into products, while making sure they are compliant with all of the legal and regulatory requirements.
The startup hasn’t been shy about using its investments to buy pieces of the platform, having made four acquisitions already in just four years since it was founded. It already has 1,500 employees and plans to add around 900 more in 2021.
As they build this workforce, Dabbiere says being based in a highly diverse city like Atlanta has helped in terms of building a diverse group of employees. “By finding the best employees and doing it in an area like Atlanta, we are finding the diversity comes naturally,” he said, adding, “We are thoughtful about it.” CEO Kabir Barday also launched a diversity, equity and inclusion council internally this past summer in response to the Black Lives Matter movement happening in the Atlanta community and around the country.
OneTrust had relied heavily on trade shows before the pandemic hit. In fact, Dabbiere says that they attended as many as 700 a year. When that avenue closed as the pandemic hit, they initially lowered their revenue guidance, but as they moved to digital channels along with their customers, they found that revenue didn’t drop as they expected.
He says that OneTrust has money in the bank from its prior investments, but they had reasons for taking on more cash now anyway. “The number one reason for doing this was the currency of our stock. We needed to revalue it for employees, for acquisitions, and the next steps of our growth,” he said.
Powered by WPeMatico
BigID has been on the investment fast track, raising $94 million over three rounds that started in January 2018. Today, that investment train kept rolling as the company announced a $70 million Series D on a valuation of $1 billion.
Salesforce Ventures and Tiger Global co-led the round with participation Glynn Capital and existing investors Bessemer Venture Partners, Scale Venture Partners and Boldstart Ventures. The company has raised almost $165 million in just over two years.
BigID is attracting this kind of investment by building a security and privacy platform. When I first spoke to CEO and co-founder Dimitri Sirota in 2018, he was developing a data discovery product aimed at helping companies coping with GDPR find the most sensitive data, but since then the startup has greatly expanded the vision and the mission.
“We started shifting I think when we spoke back in September from being this kind of best of breed data discovery privacy to being a platform anchored in data intelligence through our kind of unique approach to discovery and insight,” he said.
That includes the ability for BigID and third parties to build applications on top of the platform they have built, something that might have attracted investor Salesforce Ventures. Salesforce was the first cloud company to offer the ability for third parties to build applications on its platform and sell them in a marketplace. Sirota says that so far their marketplace includes just apps built by BigID, but the plan is to expand it to third-party developers in 2021.
While he wasn’t ready to talk about specific revenue growth, he said he expects a material uplift in revenue for this year, and he believes that his investors are looking at the vast market potential here.
He has 235 employees today with plans to boost it to 300 next year. While he stopped hiring for a time in Q2 this year as the pandemic took hold, he says that he never had to resort to layoffs. As he continues hiring in 2021, he is looking at diversity at all levels from the makeup of his board to the executive level to the general staff.
He says that the ability to use the early investments to expand internationally has given them the opportunity to build a more diverse workforce. “We have staff around the world and we did very early […] so we do have diversity within our broader company. But clearly not enough when it came to the board of directors and the executives. So we realized that, and we are trying to change that,” he said.
As for this round, Sirota says like his previous rounds in this cycle he wasn’t necessarily looking for additional money, but with the pandemic economy still precarious, he took it to keep building out the BigID platform. “We actually have not purposely gone out to raise money since our seed. Every round we’ve done has been preemptive. So it’s been fairly easy,” he told me. In fact, he reports that he now has five years of runway and a much more fully developed platform. He is aiming to accelerate sales and marketing in 2021.
The company’s previous rounds included a $14 million Series A in January 2018, a $30 million B in June that year and a $50 million C in September 2019.
Powered by WPeMatico
A third-party contacts app you’re not using may be handing out your home address to its users. In November, former Yahoo CEO and Google veteran Marissa Mayer and co-founder Enrique Muñoz Torres introduced their newly rebranded startup Sunshine, and its first product, Sunshine Contacts. The new iOS app offers to organize your address book by handling duplicates and merges using AI technology, as well as fill in some of the missing bits of information by gathering data from the web — like LinkedIn profiles, for example.
But some users were surprised to find they suddenly had home addresses for their contacts, too, including for those who were not already Sunshine users.
TechCrunch reached out to Sunshine to better understand the situation, given the potential privacy concerns.
We understand there are several ways that users may encounter someone’s home address in the Sunshine app. A user may already have the address on file in their phone’s address book, of course, or they may have opted in to allow Sunshine to scan their inbox in order to extract information from email signature lines. This is a feature common to other personal CRM solutions, too, like Evercontact.
In the event that someone had signed an email with their home address included in this field, that data could then be added to their contact card in the Sunshine app. In this case, the contact card is updated in the Sunshine Contacts app, which then syncs with your phone’s address book. But this data is not distributed to any other app users.
Image Credits: Sunshine
The app also augments contact cards with information acquired by other means. For example, it may use the information you do have to complete missing fields — like adding a last name, when you had other data that indicated what someone’s full name is, but hadn’t completed filling out the card. The app may also be able to pull in data from a LinkedIn profile, if available.
For home addresses, Sunshine is using the Whitepages API.
The company confirmed to TechCrunch it’s augmenting contact cards with home addresses under some circumstances, even if that contact is not a Sunshine Contacts user. Sunshine says it doesn’t believe this to be any different from a user going to Google to look for someone’s contact information on the web — it’s just automating the process.
Of course, some would argue when you’re talking about automating the collection of home addresses for hundreds or potentially thousands of users — depending on the size of your personal address book database — it’s a bit different than if you went googling to find your aunt’s address so you can mail a Christmas card or called your old college roommate to find out where to send their birthday gift.
However, Sunshine clarified to TechCrunch that it won’t add the home address except in cases when it determines you have a personal connection to the contact in question.
Here, though, Sunshine enters a gray area where the app and its technology will try to figure out who you know well enough to need a home address.
Before adding the address, Sunshine requires you to have the contact’s phone number on file in your address book, not just their email. That would eliminate some people you only have a loose connection with through work, for instance. And it only updates with the home address if the partner API is able to associate that address with a phone number you have.
Image Credits: Sunshine
In addition, Sunshine says that it’s generally able to understand the type of phone number you have on file — like if it’s a residential or business line, or if it’s a landline or mobile number. (It uses APIs to do this, similar to StrikeIron’s though not that particular one.) It also knows who the phone number belongs to. Using this information and further context, the app tries to determine if a phone number is a personal or a professional number and it will try to understand your relationship with the person who owns that number.
In practice, what this means is that if all the information you had on file for a contact was professional information — where they worked, a job title, a work email and a phone number, perhaps — then that person’s contact card would not be updated to include their home address, too.
And because many people use their personal cell for work, Sunshine won’t consider someone a “personal” relationship just because you have their mobile phone number. For example, if you had only a contact’s name and a cell number, you wouldn’t be able to use the app to get their home address.
The result of all this automated analysis is that Sunshine, in theory, only updates contact cards with home addresses where it’s determined there’s a personal relationship.
This, of course, doesn’t take into account some scenarios like bad exes, stalking or a general desire for privacy. Arguably, there are times when someone may have a lot of personal information for a contact in their address book, but the contact in question would rather not have their home address distributed to that person.
The only way to prevent this, presumably, would be to opt out at the source: Whitepages.com. (Once you have your profile URL from the Whitepages website, you can use this online form to have your information suppressed.)
Image Credits: Sunshine
The way the app functions raises questions about what is truly private information these days.
Sunshine points out that people’s home addresses are not as hidden from the world as they may think, which makes them fair game.
It’s true that our home addresses are often publicly available. Although it’s been years since most of us have had a telephone directory dropped on our doorstep with phone and address listings for people in our city, home addresses today are relatively trivial to find when you know where to look online.
In addition to public records — like voter registration databases — there are web-based people finders, too.
Sunshine’s partner, Whitepages.com, makes visitors pay for its data, but others like TruePeopleSearch.com don’t have the same paywall. With someone’s first and last name and city, its website provides access to someone’s home address, prior addresses, cell phone, age and the names of family members and other close associates. (TruePeopleSearch is not a Sunshine partner, we should clarify.)
Even though this data is “public,” it’s uncomfortable to see it casually distributed in an app, as that makes it even easier to get to than before.
Plus, after years of being burned by data breaches and data privacy scandals, people tend to be more protective of their personal information than before. And, had they been asked, many would probably decline to have their home addresses shared with Sunshine’s user base. Generally speaking, people appreciate the courtesy of having someone come ask for a home address, when it’s needed — they may not want an app creeping the web to find it and hand it out.
Sunshine Contacts is in an invite-only beta in the U.S., so the company has time to reconsider how this feature is implemented based on user feedback before it becomes widely available.
Powered by WPeMatico
Richard Socher, former chief scientist at Salesforce, who helped build the Einstein artificial intelligence platform, is taking on a new challenge — and it’s a doozy. Socher wants to fix consumer search and today he announced you.com, a new search engine to take on the mighty Google.
“We are building you.com. You can already go to it today. And it’s a trusted search engine. We want to work on having more click trust and less clickbait on the internet,” he said. He added that in addition to trust, he wants it to be built on kindness and facts, three worthy but difficult goals to achieve.
He said that there were several major issues that led him and his co-founders to build a new search tool. For starters, he says that there is too much information and nobody can possibly process it all. What’s more, as you find this information, it’s impossible to know what you can trust as accurate, and he believes that issue is having a major impact on society at large. Finally, as we navigate the internet in 2020, the privacy question looms large as is how you balance the convenience-privacy trade-off.
He believes his background in AI can help in a consumer-focused search tool. For starters the search engine, while general in nature, will concentrate on complex consumer purchases where you have to open several tabs to compare information.
“The biggest impact thing we can do in our lives right now is to build a trusted search engine with AI and natural language processing superpowers to help everyone with the various complex decisions of their lives, starting with complex product purchases, but also being general from the get-go as well,” he said.
While Socher was light on details, preferring to wait until GA in a couple of months to share some more, he said he wants to differentiate from Google by not relying on advertising and what you know about the user. He said he learned from working with Marc Benioff at Salesforce that you can make money and still build trust with the people buying your product.
He certainly recognizes that it’s tough to take on an entrenched incumbent, but he and his team believe that by building something they believe is fundamentally different, they can undermine the incumbent with a classic “Innovator’s Dilemma” kind of play where they’re doing something that is hard for Google to reproduce without undermining their primary revenue model.
He also sees Google running into antitrust issues moving forward and that could help create an opening for a startup like this. “I think a lot of stuff that Google [has been doing] … with the looming antitrust will be somewhat harder for them to get away with on a continued basis,” he said.
He acknowledges that trust and accuracy elements could get tricky as social networks have found out. Socher hinted at some social sharing elements they plan to build into the search tool including allowing you to have your own custom you.com URL with your name to facilitate that sharing.
Socher said he has funding and a team together working actively on the product, but wouldn’t share how much or how many employees at this point. He did say that Benioff and venture capitalist Jim Breyer are primary backers and he would have more information to share in the coming months.
For now, if you’re interested, you can go to the website and sign up for early access.
Powered by WPeMatico
As TC readers know, the tricky trade-off of the modern web is privacy for convenience. Online tracking is how this ‘great intimacy robbery’ is pulled off. Mass surveillance of what Internet users are looking at underpins Google’s dominant search engine and Facebook’s social empire, to name two of the highest profile ad-funded business models.
TechCrunch’s own corporate overlord, Verizon, also gathers data from a variety of end points — mobile devices, media properties like this one — to power its own ad targeting business.
Countless others rely on obtaining user data to extract some perceived value. Few if any of these businesses are wholly transparent about how much and what sort of private intelligence they’re amassing — or, indeed, exactly what they’re doing with it. But what if the web didn’t have to be like that?
Berlin-based Xayn wants to change this dynamic — starting with personalized but privacy-safe web search on smartphones.
Today it’s launching a search engine app (on Android and iOS) that offers the convenience of personalized results but without the ‘usual’ shoulder surfing. This is possible because the app runs on-device AI models that learn locally. The promise is no data is ever uploaded (though trained AI models themselves can be).
The team behind the app, which is comprised of 30% PhDs, has been working on the core privacy vs convenience problem for some six years (though the company was only founded in 2017); initially as an academic research project — going on to offer an open source framework for masked federated learning, called XayNet. The Xayn app is based on that framework.
They’ve raised some €9.5 million in early stage funding to date — with investment coming from European VC firm Earlybird; Dominik Schiener (Iota co-founder); and the Swedish authentication and payment services company, Thales AB.
Now they’re moving to commercialize their XayNet technology by applying it within a user-facing search app — aiming for what CEO and co-founder, Dr Leif-Nissen Lundbæk bills as a “Zoom”-style business model, in reference to the ubiquitous videoconferencing tool which has both free and paid users.
This means Xayn’s search is not ad-supported. That’s right; you get zero ads in search results.
Instead, the idea is for the consumer app to act as a showcase for a b2b product powered by the same core AI tech. The pitch to business/public sector customers is speedier corporate/internal search without compromising commercial data privacy.
Lundbæk argues businesses are sorely in need of better search tools to (safely) apply to their own data, saying studies have shown that search in general costs around 18% of working time globally. He also cites a study by one city authority that found staff spent 37% of their time at work searching for documents or other digital content.
“It’s a business model that Google has tried but failed to succeed,” he argues, adding: “We are solving not only a problem that normal people have but also that companies have… For them privacy is not a nice to have; it needs to be there otherwise there is no chance of using anything.”
On the consumer side there will also be some premium add-ons headed for the app — so the plan is for it to be a freemium download.
One key thing to note is Xayn’s newly launched web search app gives users a say in whether the content they’re seeing is useful to them (or not).
It does this via a Tinder-style swipe right (or left) mechanic that lets users nudge its personalization algorithm in the right direction — starting with a home screen populated with news content (localized by country) but also extending to the search result pages.
The news-focused homescreen is another notable feature. And it sounds like different types of homescreen feeds may be on the premium cards in future.
Another key feature of the app is the ability to toggle personalized search results on or off entirely — just tap the brain icon at the top right to switch the AI off (or back on). Results without the AI running can’t be swiped, except for bookmarking/sharing.
Elsewhere, the app includes a history page which lists searches from the past seven days (by default). The other options offered are: Today, 30 days, or all history (and a bin button to purge searches).
There’s also a ‘Collections’ feature that lets you create and access folders for bookmarks.
As you scroll through search results you can add an item to a Collection by swiping right and selecting the bookmark icon — which then opens a prompt to choose which one to add it to.
The swipe-y interface feels familiar and intuitive, if slightly laggy to load content in the TestFlight beta version TechCrunch checked out ahead of launch.
Swiping left on a piece of content opens a bright pink color-block stamped with a warning ‘x’. Keep going and you’ll send the item vanishing into the ether, presumably seeing fewer like it in future.
Whereas a swipe right affirms a piece of content is useful. This means it stays in the feed, outlined in Xayn green. (Swiping right also reveals the bookmark option and a share button.)
While there are pro-privacy/non-tracking search engines on the market already — such as US-based DuckDuckGo or France’s Qwant — Xayn argues the user experience of such rivals tends to fall short of what you get with a tracking search engine like Google, i.e. in terms of the relevance of search results and thus time spent searching.
Simply put: You probably have to spend more time ‘DDGing’ or ‘Qwanting’ to get the specific answers you need vs Googling — hence the ‘convenience cost’ associated with safeguarding your privacy when web searching.
Xayn’s contention is there’s a third, smarter way of getting to keep your ‘virtual clothes’ on when searching online. This involves implementing AI models that learn on-device and can be combined in a privacy-safe way so that results can be personalized without putting people’s data at risk.
“Privacy is the very fundament… It means that quite like other privacy solutions we track nothing. Nothing is sent to our servers; we don’t store anything of course; we don’t track anything at all. And of course we make sure that any connection that is there is basically secured and doesn’t allow for any tracking at all,” says Lundbæk, explaining the team’s AI-fuelled, decentralized/edge-computing approach.
Xayn is drawing on a number of search index sources, including (but not solely) Microsoft’s Bing, per Lundbæk, who described this bit of what it’s doing as “relatively similar” to DuckDuckGo (which has its own web crawling bots).
The big difference is that it’s also applying its own reranking algorithms in order generate privacy-safe personalized search results (whereas DDG uses a contextual ads-based business model — looking at simple signals like location and keyword search to target ads without needing to profile users).
The downside to this sort of approach, according to Lundbæk, is users can get flooded with ads — as a consequence of the simpler targeting meaning the business serves more ads to try to increase chances of a click. And loads of ads in search results obviously doesn’t make for a great search experience.
“We get a lot of results on device level and we do some ad hoc indexing — so we build on the device level and on index — and with this ad hoc index we apply our search algorithms in order to filter them, and only present you what is more relevant and filter out everything else,” says Lundbæk, sketching how Xayn works. “Or basically downgrade it a bit… but we also try to keep it fresh and explore and also bump up things where they might not be super relevant for you but it gives you some guarantees that you won’t end up in some kind of bubble.”
Some of what Xayn’s doing is in the arena of federated learning (FL) — a technology Google has been dabbling in in recent years, including pushing a ‘privacy-safe’ proposal for replacing third party tracking cookies. But Xayn argues the tech giant’s interests, as a data business, simply aren’t aligned with cutting off its own access to the user data pipe (even if it were to switch to applying FL to search).
Whereas its interests — as a small, pro-privacy German startup — are markedly different. Ergo, the privacy-preserving technology it’s spent years building has a credible interest in safeguarding people’s data, is the claim.
“At Google there’s actually [fewer] people working on federate learning than in our team,” notes Lundbæk, adding: “We’ve been criticizing TFF [Google-designed TensorFlow Federated] at lot. It is federated learning but it’s not actually doing any encryption at all — and Google has a lot of backdoors in there.
“You have to understand what does Google actually want to do with that? Google wants to replace [tracking] cookies — but especially they want to replace this kind of bumpy thing of asking for user consent. But of course they still want your data. They don’t want to give you any more privacy here; they want to actually — at the end — get your data even easier. And with purely federated learning you actually don’t have a privacy solution.
“You have to do a lot in order to make it privacy preserving. And pure TFF is certainly not that privacy-preserving. So therefore they will use this kind of tech for all the things that are basically in the way of user experience — which is, for example, cookies but I would be extremely surprised if they used it for search directly. And even if they would do that there is a lot of backdoors in their system so it’s pretty easy to actually acquire the data using TFF. So I would say it’s just a nice workaround for them.”
“Data is basically the fundamental business model of Google,” he adds. “So I’m sure that whatever they do is of course a nice step in the right direction… but I think Google is playing a clever role here of kind of moving a bit but not too much.”
So how, then, does Xayn’s reranking algorithm work?
The app runs four AI models per device, combining encrypted AI models of respective devices asynchronously — with homomorphic encryption — into a collective model. A second step entails this collective model being fed back to individual devices to personalize served content, it says.
The four AI models running on the device are one for natural language processing; one for grouping interests; one for analyzing domain preferences; and one for computing context.
“The knowledge is kept but the data is basically always staying on your device level,” is how Lundbæk puts it.
“We can simply train a lot of different AI models on your phone and decide whether we, for example, combine some of this knowledge or whether it also stays on your device.”
“We have developed a quite complex solution of four different AI models that work in composition with each other,” he goes on, noting that they work to build up “centers of interest and centers of dislikes” per user — again, based on those swipes — which he says “have to be extremely efficient — they have to be moving, basically, also over time and with your interests”.
The more the user interacts with Xayn, the more precise its personalization engine gets as a result of on-device learning — plus the added layer of users being able to get actively involved by swiping to give like/dislike feedback.
The level of personalization is very individually focused — Lundbæk calls it “hyper personalization” — more so than a tracking search engine like Google, which he notes also compares cross-user patterns to determine which results to serve — something he says Xayn absolutely does not do.
“We have to focus entirely on one user so we have a ‘small data’ problem, rather than a big data problem,” says Lundbæk. “So we have to learn extremely fast — only from eight to 20 interactions we have to already understand a lot from you. And the crucial thing is of course if you do such a rapid learning then you have to take even more care about filter bubbles — or what is called filter bubbles. We have to prevent the engine going into some kind of biased direction.”
To avoid this echo chamber/filter bubble type effect, the Xayn team has designed the engine to function in two distinct phases which it switches between: Called ‘exploration’ and (more unfortunately) ‘exploitation’ (i.e. just in the sense that it already knows something about the user so can be pretty certain what it serves will be relevant).
“We have to keep fresh and we have to keep exploring things,” he notes — saying that’s why it developed one of the four AIs (a dynamic contextual multi-armed bandit reinforcement learning algorithm for computing context).
Aside from this app infrastructure being designed natively to protect user privacy, Xayn argues there are a bunch of other advantages — such as being able to derive potentially very clear interests signs from individuals; and avoiding the chilling effect that can result from tracking services creeping users out (to the point people they avoid making certain searches in order to prevent them from influencing future results).
“You as the user can decide whether you want the algorithm to learn — whether you want it to show more of this or less of this — by just simply swiping. So it’s extremely easy, so you can train your system very easily,” he argues.
There is potentially a slight downside to this approach, too, though — assuming the algorithm (when on) does some learning by default (i.e in the absence of any life/dislike signals from the user).
This is because it puts the burden on the user to interact (by swiping their feedback) in order to get the best search results out of Xayn. So that’s an active requirement on users, rather than the typical passive background data mining and profiling web users are used to from tech giants like Google (which is, however, horrible for their privacy).
It means there’s an ‘ongoing’ interaction cost to using the app — or at least getting the most relevant results out of it. You might not, for instance, be advised to let a bunch of organic results just scroll past if they’re really not useful but rather actively signal disinterest on each.
For the app to be the most useful it may ultimately pay to carefully weight each item and provide the AI with a utility verdict. (And in a competitive battle for online convenience every little bit of digital friction isn’t going to help.)
Asked about this specifically, Lundbæk told us: “Without swiping the AI only learns from very weak likes but not from dislikes. So the learning takes place (if you turn the AI on) but it’s very slight and does not have a big effect. These conditions are quite dynamic, so from the experience of liking something after having visited a website, patterns are learned. Also, only 1 of the 4 AI models (the domain learning one) learns from pure clicks; the others don’t.”
Xayn does seem alive to the risk of the swiping mechanic resulting in the app feeling arduous. Lundbæk says the team is looking to add “some kind of gamification aspect” in the future — to flip the mechanism from pure friction to “something fun to do”. Though it remains to be seen what they come up with on that front.
There is also inevitably a bit of lag involved in using Xayn vs Google — by merit of the former having to run on-device AI training (whereas Google merely hoovers your data into its cloud where it’s able to process it at super-speeds using dedicated compute hardware, including bespoke chipsets).
“We have been working for over a year on this and the core focus point was bringing it on the street, showing that it works — and of course it is slower than Google,” Lundbæk concedes.
“Google doesn’t need to do any of these [on-device] processes and Google has developed even its own hardware; they developed TPUs exactly for processing this kind of model,” he goes on. “If you compare this kind of hardware it’s pretty impressive that we were even able to bring [Xayn’s on-device AI processing] even on the phone. However of course it’s slower than Google.”
Lundbæk says the team is working on increasing the speed of Xayn. And anticipates further gains as it focuses more on that type of optimization — trailing a version that’s 40x faster than the current iteration.
“It won’t at the end be 40x faster because we will use this also to analyze even more content — to give you can even broader view — but it will be faster over time,” he adds.
On the accuracy of search results vs Google, he argues the latter’s ‘network effect’ competitive advantage — whereby its search reranking benefits from Google having more users — is not unassailable because of what edge AI can achieve working smartly atop ‘small data’.
Though, again, for now Google remains the search standard to beat.
“Right now we compare ourselves, mostly against Bing and DuckDuckGo and so on. Obviously there we get much better results [than compared to Google] but of course Google is the market leader and is using quite some heavy personalization,” he says, when we ask about benchmarking results vs other search engines.
“But the interesting thing is so far Google is not only using personalization but they also use kind of a network effect. PageRank is very much a network effect where the most users they have the better the results get, because they track how often people click on something and bump this also up.
“The interesting effect there is that right now, through AI technology — like for example what we use — the network effect becomes less and less important. So actually I would say that there isn’t really any network effect anymore if you really want to compete with pure AI technology. So therefore we can get almost as relevant results as Google right now and we surely can also, over time, get even better results or competing results. But we are different.”
In our (brief) tests of the beta app Xayn’s search results didn’t obviously disappoint for simple searches (and would presumably improve with use). Though, again, the slight load lag adds a modicum of friction which was instantly obvious compared to the usual search competition.
Not a deal breaker — just a reminder that performance expectations in search are no cake walk (even if you can promise a cookie-free experience).
“So far Google has so far had the advantage of a network effect — but this network effect gets less and less dominant and you see already more and more alternatives to Google popping up,” Lundbæk argues, suggesting privacy concerns are creating an opportunity for increased competition in the search space.
“It’s not anymore like Facebook or so where there’s one network where everyone has to be. And I think this is actually a nice situation because competition is always good for technical innovations and for also satisfying different customer needs.”
Of course the biggest challenge for any would-be competitor to Google search — which carves itself a marketshare in Europe in excess of 90% — is how to poach (some of) its users.
Lundbæk says the startup has no plans to splash millions on marketing at this point. Indeed, he says they want to grow usage sustainably, with the aim of evolving the product “step by step” with a “tight community” of early adopters — relying on cross-promotion from others in the pro-privacy tech space, as well as reaching out to relevant influencers.
He also reckons there’s enough mainstream media interest in the privacy topic to generate some uplift.
“I think we have such a relevant topic — especially now,” he says. “Because we want to show also not only for ourselves that you can do this for search but we think we show a real nice example that you can do this for any kind of case.
“You don’t always need the so-called ‘best’ big players from the US which are of course getting all of your data, building up profiles. And then you have these small, cute privacy-preserving solutions which don’t use any of this but then offer a bad user experience. So we want to show that this shouldn’t be the status quo anymore — and you should start to build alternatives that are really build on European values.”
And it’s certainly true EU lawmakers are big on tech sovereignty talk these days, even though European consumers mostly continue to embrace big (US) tech.
Perhaps more pertinently, regional data protection requirements are making it increasing challenging to rely on US-based services for processing data. Compliance with the GDPR data protection framework is another factor businesses need to consider. All of which is driving attention onto ‘privacy-preserving’ technologies.
Xayn’s team is hoping to be able spread its privacy-preserving gospel to general users by growing the b2b side of the business, according to Lundbæk — so it’s hoping some home use will follow once employees get used to convenient private search via their workplaces, in a small-scale reverse of the business consumerization trend that was powered by modern smartphones (and people bringing their own device to work).
“We these kind of strategies I think we can step by step build up in our communities and spread the word — so we think we don’t even need to really spend millions of euros in marketing campaigns to get more and more users,” he adds.
While Xayn’s initial go-to-market push has been focused on getting the mobile apps out, a desktop version is also planned for Q1 next year.
The challenge there is getting the app to work as a browser extension as the team obviously doesn’t want to build its own browser to house Xayn. tl;dr: Competing with Google search is mountain enough to climb, without trying to go after Chrome (and Firefox, and so on).
“We developed our entire AI in Rust which is a safe language. We are very much driven by security here and safety. The nice thing is it can work everywhere — from embedded systems towards mobile systems, and we can compile into web assembly so it runs also as a browser extension in any kind of browser,” he adds. “Except for Internet Explorer of course.”
Powered by WPeMatico
Trump’s election denialism saw him retaliate in a way that isn’t just putting the remainder of his presidency in jeopardy, it’s already putting the next administration in harm’s way.
In a stunning display of retaliation, Trump fired CISA director Chris Krebs last week after declaring that there was “no evidence that any voting system deleted or lost votes, changed votes or was in any way compromised,” a direct contradiction to the conspiracy-fueled fever dreams of the president who repeatedly claimed, without evidence, that the election had been hijacked by the Democrats. CISA is left distracted by disarray, with multiple senior leaders leaving their posts — some walked, some were pushed — only for the next likely chief to stumble before he even starts because of concerns with his security clearance.
Until yesterday, Biden’s presidential transition team was stuck in cybersecurity purgatory because the incumbent administration refused to trigger the law that grants the incoming team access to government resources, including cybersecurity protections. That’s left the incoming president exposed to ongoing cyber threats, all while being shut out from classified briefings that describe those threats in detail.
As Biden builds his team, Silicon Valley is also gearing up for a change in government — and temperament. But don’t expect too much of the backlash to change. Much of the antitrust allegations, privacy violations and net neutrality remain hot button issues, and the tech titans resorting to cheap “charm offenses” are likely to face the music under the Biden administration — whether they like it or not.
Here’s more from the week.
Apple and Facebook are back in the ring, fighting over which company is a bigger existential threat to privacy. In a letter to a privacy rights group, Apple said its new anti-tracking feature will launch next year, which will give users the choice of blocking in-app tracking, a move that’s largely expected to cause havoc to the online advertising industry and data brokers.
Given an explicit option between being tracked and not, as the feature will do, most are expected to decline.
Apple’s letter specifically called out Facebook for showing a “disregard for user privacy.” Facebook, which made more than 98% of its global revenue last year from advertising, took its own potshot back at Apple, claiming the iPhone maker was “using their dominant market position to self-preference their own data collection, while making it nearly impossible for their competitors to use the same data.”
Powered by WPeMatico
A unique device identifier that Apple assigns to each iPhone for third parties to track users for ad targeting — aka the IDFA (Identifier for Advertisers) — is itself now the target of two new complaints filed by European privacy campaign not-for-profit, noyb.
The complaints, lodged with German and Spanish data protection authorities, contend that Apple’s setting of the IDFA breaches regional privacy laws on digital tracking because iOS users are not asked for their consent for the initial storage of the identifier.
Noyb is also objecting to others’ being able to access the IDFA without prior consent — with one of its complainants writing that they were never asked for consent for third-party access yet found several apps had shared their IDFA with Facebook (per their off-Facebook activity page).
We’ve reached out to the data protection agencies in question for comment. Update: Spain’s AEPD confirmed it has received noyb’s complaint and said it will investigate — making no further comment at this stage.
While Apple isn’t the typical target for digital privacy campaigners, given it makes most of its money selling hardware and software instead of profiling users for ad targeting, as adtech giants like Facebook and Google do, its marketing rhetoric around taking special care over user privacy can look awkward when set against the existence of an Identifier for Advertisers baked into its hardware.
In the European Union there’s a specific legal dimension to this awkwardness — as existing laws require explicit consent from users to (non-essential) tracking. Noyb’s complaints cite Article 5(3) of the EU’s ePrivacy Directive, which mandates that users must be asked for consent to the storage of ad-tracking technologies such as cookies. (And noyb argues the IDFA is just like a tracking cookie but for iPhones.)
Europe’s top court further strengthened the requirement last year when it made it clear that consent for non-essential tracking must be obtained prior to storing or accessing the trackers. The CJEU also ruled that such consent cannot be implied or assumed — such as by the use of pre-checked “consent” boxes.
In a press release about the complaints, noyb’s Stefano Rossetti, a privacy lawyer, writes: “EU law protects our devices from external tracking. Tracking is only allowed if users explicitly consent to it. This very simple rule applies regardless of the tracking technology used. While Apple introduced functions in their browser to block cookies, it places similar codes in its phones, without any consent by the user. This is a clear breach of EU privacy laws.”
Apple has long controlled how third parties serving apps on its iOS platform can use the IDFA, wielding the stick of ejection from its App Store to drive their compliance with its rules.
Recently, though, it has gone further — telling advertisers this summer they will soon have to offer users an opt-out from ad tracking in a move billed as increasing privacy controls for iOS users — although Apple delayed implementation of the policy until early next year after facing anger from advertisers over the plan. But the idea is there will be a toggle in iOS 14 that users need to flip on before a third-party app gets to access the IDFA to track iPhone users’ in-app activity for ad targeting.
However, noyb’s complaint focuses on Apple’s setting of the IDFA in the first place — arguing that since the pseudonymised identifier constitutes private (personal) data under EU law they need to get permission before creating and storing it on their device.
“The IDFA is like a ‘digital license plate’. Every action of the user can be linked to the ‘license plate’ and used to build a rich profile about the user. Such profile can later be used to target personalised advertisements, in-app purchases, promotions etc. When compared to traditional internet tracking IDs, the IDFA is simply a ‘tracking ID in a mobile phone’ instead of a tracking ID in a browser cookie,” noyb writes in one complaint, noting that Apple’s privacy policy does not specify the legal basis it uses to “place and process” the IDFA.
Noyb also argues that Apple’s planned changes to how the IDFA gets accessed — trailed as incoming in early 2021 — don’t go far enough.
“These changes seem to restrict the use of the IDFA for third parties (but not for Apple itself),” it writes. “Just like when an app requests access to the camera or microphone, the plans foresee a new dialog that asks the user if an app should be able to access the IDFA. However, the initial storage of the IDFA and Apple’s use of it will still be done without the users’ consent and therefore in breach of EU law. It is unclear when and if these changes will be implemented by the company.”
We reached out to Apple for comment on noyb’s complaints but at the time of writing an Apple spokesman said it did not have an on-the-record statement. The spokesman did tell us that Apple itself does not use unique customer identifiers for advertising. Update: The company has now sent us this statement:
The claims made against Apple in this complaint are factually inaccurate and we look forward to making that clear to privacy regulators should they examine the complaint. Apple does not access or use the IDFA on a user’s device for any purpose. Our aim is always to protect the privacy of our users and our latest software release, iOS 14, is giving users even greater control over whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers. Our practices comply with European law and support and advance the aims of the GDPR and the ePrivacy Directive, which is to give people full control over their data.
In a separate but related recent development, last month publishers and advertisers in France filed an antitrust complaint against the iPhone maker over its plan to require opt-in consent for accessing the IDFA — with the coalition contending the move amounts to an abuse of market power.
Apple responded to the antitrust complaint in a statement that said: “With iOS 14, we’re giving users the choice whether or not they want to allow apps to track them by linking their information with data from third parties for the purpose of advertising, or sharing their information with data brokers.”
“We believe privacy is a fundamental human right and support the European Union’s leadership in protecting privacy with strong laws such as the GDPR (General Data Protection Regulation),” Apple added then.
That antitrust complaint may explain why noyb has decided to file its own strategic complaints against Apple’s IDFA. Simply put, if no tracker ID can be created — because an iOS user refuses to give consent — there’s less surface area for advertisers to try to litigate against privacy by claiming tracking is a competitive right.
“We believe that Apple violated the law before, now and after these changes,” said Rossetti in another statement. “With our complaints we want to enforce a simple principle: trackers are illegal, unless a user freely consents. The IDFA should not only be restricted, but permanently deleted. Smartphones are the most intimate device for most people and they must be tracker-free by default.”
Another interesting component of the noyb complaints is they’re being filed under the ePrivacy Directive, rather than under Europe’s (newer) General Data Protection Regulation. This means noyb is able to target them to specific EU data protection agencies, rather than having complaints funnelled back to Ireland’s DPC — under the GDPR’s one-stop-shop mechanism for handling cross-border cases.
Its hope is this route will result in swifter regulatory action. “These cases are based on the ‘old’ cookie law and do not trigger the cooperation mechanism of the GDPR. In other words, we are trying to avoid endless procedures like the ones we are facing in Ireland,” added Rossetti.
Powered by WPeMatico