Hacker News new | past | comments | ask | show | jobs | submit login

ICYMI, this analysis is written by the principal engineer behind Intelligent Tracking Prevention in Safari. John knows what he’s talking about.



I wish someone could explain how Apple does this with advertising segments. https://support.apple.com/en-us/HT205223

> Segments We create segments, which are groups of people who share similar characteristics, and use these groups for delivering targeted ads.


The attributes apple uses is listed in that very link.

The key to segments is ensuring that the attributes give you enough entropy.


Isn't Google doing the same or less based on only browser data? How does each solution differ in entropy? I didn't get that from Apple's policy page. I am genuinely trying to understand and this isn't a snarky comment.


The key is: who is allowed to see the segment ID?

In Apple's world, Apple owns the supply side ad surfaces, Apple maintains the segmentation and mapping, and Apple mediates the demand side.

What does an advertiser see? Pretty much nothing.


So Apple can do segmentation aka user tracking at a group level because it doesn't expose the group IDs. Yet, we as consumers don't have transparency into the segments we inhibit. I am not sold that Apple's segment solution truly respects our privacy compared to solutions that don't rely on user identity or store segments.


No because of the attack on the OP. They are able to deduce who you are quite quickly.

You can learn more about how safari protects you by reading these blog posts.

https://webkit.org/blog/category/privacy/


ICYMI: In Case You Missed It


I'm not sure I understand it. Sure, if a website knows the floc of a user on multiple weeks they can presumably use a third party service for identification.

But how does the website initially join the different floc ids, unless they have already identified the user?


(floc,ip) is for all intents and purposes unique.

So just track that and you have your user.

If floc changes - just look what floc is dead on that ip and match to that user.

If IP changes in same subnet (ipv6 privacy extension) just match new ip to old floc.

Add in browser fingerprint for overkill.

A sufficiently large network can identify a user if he's logged in anywhere and you have everything you need


Never thought I'd ask for this, but I wish Safari was available on Linux.


I hear the performance and memory usage of WebKitGTK is much worse than WebKit on macOS.


You mean Midori (AFAIK the only browser using WebKit outside of Safari)?


Midori has been overhauled and is Electron based now. old [0] new [1]

See also this extensive list of browsers [2].

[0] https://github.com/midori-browser/core [1] https://gitlab.com/midori-web/midori-desktop [2] https://wiki.archlinux.org/index.php/Web_browsers#WebKit-bas...


Thanks for the Arch link, but seems outdated (lists Midori under WebKit still). And the warning sounds a bit ominous too: what is an up to date and secure WebKit browser?

I guess I'll still be waiting for Safari.


All the PlayStation browsers use WebKit, and I think Kindle / Kobo too?


GNOME Web is a user, and it happens to integrate with Firefox Sync.


Well, it is! Just not the version you're hoping to use.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: