If there is indeed such an identifier, enabled by default its pretty obvious that its technically possible to track a user. And with all the other data Google has, they also can link to the actual identity pretty easily.
Apple provides the exact same API - https://developer.apple.com/documentation/adsupport/asidenti... although IIRC it manages it better (users can revoke it, but it's on by default). I wonder why Google is singled out here though - if Apple is also mining our data, they should also be on the hook.
I wonder if all other OS vendors could be fined as well because the OSes are full of tracking identifiers - device MACs, device install identifiers, serial numbers, etc. There's plenty of apps out there that use those identifiers to track user behaviour.
why can't google train a neural net on each person they've gathered data on and track them using a custom model?
Have you confirmed that the click through agreements and privacy policies don't mention anything like this?
He has a legal background, and has fought a number of high-profile privacy cases in Europe.
The day the GDPR came into effect, he filed violations complaints against Facebook and Google in four different jurisdictions. He's a spearhead figure in this regard.
Nobody know how to change it or turn it off. That means a lot of developers and advertisers assume it is actually a good way to track users. So if you go in and reset/disable it, you'll be in such a small minority that you'd become an edge case and they'd lose the historical data on you.
Obviously this isn't true 100% of the time but if it didn't exist then advertisers would use a hardware fingerprint probably, which is a lot harder to spoof
As a denizen of statistics and technology, fooey with non-anonymized identifier bits outside of bug reports. We have ways of making data speak. We genuinely rarely care the specific record identifier.
When people do this it comes across as malicious harassment rather than a genuine legal complaint for harm caused. Why so many jurisdictions, and why on the very day it came into effect?
He has any right to use all existing laws to file complaints. When a new law is being introduced it should be followed immediately, especially when it impacts the lives of many. Would you argue that a speeding ticket is harassment when the fines were raised just the day before? No, you wouldn't because that would be ridiculous.
Legal harassment is an issue when individual citizens and small businesses are targeted with frivolous lawsuits clearly intended to burn as much of their time and money as possible.
This is not the case here. Google and Facebook deserve every privacy lawsuit they get. They have the resources to deal with it too.
The very day should be obvious: because these companies had two years to prepare for and become compliant with the GDPR.
This wasn't Facebook et al. saying "oh no, we need more time please'. This was them saying "we made up our mind on the implementation; if you disagree, we'll let a judge decide."
No idea about the jurisdictions, but I'd expect there to be good reasons, too. He's an activist, but I never perceived him as an over-the-top "in-your-face" activist. On the contrary.
Why? Not trying to be snarky, just genuinely curious, I'd expect that those people would generally be less susceptible to advertising.
I'd be surprised if they didn't.
No …? I'm not sure why I would have; I was just responding to @kerng's surprise at its presence (https://news.ycombinator.com/item?id=23180801).
When there's a new law or a new speeding limit on an existing road the police do usually spend a while just politely warning people about it before they charge anyone.
He's an activist. Not someone who's genuinely been harmed and seeking a legal resolution as a last resort after trying to resolve in good faith first.
Privacy advocates have been saying for years that Google is building profiles for every user on the internet. You were not able to get to know what Google knows about you. This changed and it is really good that it changed.
They'd probably become a big target for regulators then.
But it’s on by default.
https://blog.gingerlime.com/2020/does-apple-care-about-your-...
EDIT also https://support.apple.com/en-us/HT202074
OK, so your new link @ Apple is more clear, and I do vaguely recall seeing this years ago: for all modern iOS versions, Limit Ad Tracking does set the Ad ID to all zeroes.
I added a link to an Apple support doc which to me suggests that limit = off (or it’s an even bigger conspiracy than I thought, but I’m not that paranoid)
As another comment mentioned, the only effective mechanism is to reset the identifier periodically. That's not a disable mechanism, though.
Shouldn't that be enough?