Comment by pnw
2 days ago
Nobody has explained to me how iOS ad SDKs across different apps can track individual users given that there hasn't been an accessible GUID on iOS for many years now.
2 days ago
Nobody has explained to me how iOS ad SDKs across different apps can track individual users given that there hasn't been an accessible GUID on iOS for many years now.
Enough location data becomes effectively unique: There is likely only one phone in the world that averages over X nighttime hours in my apartment-complex and averages over Y workday-hours in the the same office block where I work.
That kind of pattern can be used to determine that two or more different app-identities are the same person, and anybody buying that data has a strong incentive to try it.
Which I guess is what iCloud private relay solves. But only if you pay.
So basically like a VPN or Tor? That won't defend against local code that can read location data and send it to a remote server.
Fingerprinting devices once you’re installed on them isn’t much harder than doing so in a web browser.
Have Instagram installed on your phone? Great, now every Meta-owned app _or advertiser running on their platform_ has a pretty good shot at identifying you based on IP, location, app usage, etc.
There is a ton of signal about identity available just by virtue of running alongside other apps. Screen size, OS version, and IP are pretty good proxies for unique identity, especially if all you care about is _probable_ matches.
My understanding was that it's very difficult to reliably fingerprint iOS devices. Apple limits access to identifiers and specifically disallows fingerprinting. For this application of tracking people, you'd need decent reliability or you'd just get noise.
And no, I don't have any Meta published apps on my phone for exactly the reason you outline. I'm very aware of how IDFV and IDFA work.