Apple Extends Privacy Protections to Traffic Leaving Its Walled Garden

Privacy ranked highly among the messages underlying Apple’s Worldwide Developer Conference keynote, meriting top-level billing from software chief Craig Federighi. Apple doubled down on previous efforts to ensure your personal, financial, and confidential information would remain private. The company also extended its offerings to block tracking in email, offer more anonymous Web browsing, and push back even harder against advertisers, marketers, and others trying to track your behavior without your knowledge or permission.

With iOS 15, iPadOS 15, and macOS 12 Monterey, Apple has further limited tracking data fed to third parties within Safari and added a blocking mechanism for invisible tracking images embedded in email messages. With iCloud+, the new name for the paid tiers of the iCloud service, you can also send email from anonymous addresses managed by Apple’s servers and use a proxy service for Safari that defeats tracking through a combination of encryption and redirection.

Conceptually, anonymity, privacy, and security have a complicated relationship:

• Anonymity refers to situations in which you can act without your identity becoming known to others. While it’s not synonymous with privacy, you can think of anonymity as one technique for realizing privacy. It may also prevent you from carrying out everyday tasks like making a purchase or participating in discussion forums or social networks.
• Privacy refers to the ability to control the level to which you’re willing to share information about yourself in any interaction, on a scale from entirely anonymous to fully and verifiably identified. That includes being free from surveillance as you browse the Web, open email messages, and communicate with others.
• Security refers to protection against potential harm caused by others, whether that’s accessing information about you without your permission or attacking your system via malware. It can be used as a catchall term for anything that lets you control your personal data, allowing for both the specific state of anonymity and the general notion of retaining privacy.

Apple has striven for several years to ratchet up its protection of personal data across all its platforms, particularly in Safari. While some advertising systems respect our requests, settings, and technological measures to prevent tracking and observation, other ad tech plays a ceaseless game of cat and mouse with Apple, bypassing the company’s protections and causing Apple to expand those protections repeatedly. Ad tech firms aggressively engage in this antisocial behavior to assemble and sell electronic dossiers of marketing information and for targeted advertising, which can be sold at higher prices than more general ads.

This constant pressure to subvert user intentions led to the death of the Do Not Track consensual setting. It also pushed Apple into making roughly annual changes to Safari that limit what information a third party (an ad network or other tracking company) can deduce or extract by having its code, cookies, or embedded media on a website displaying an ad or by trying to obtain visitor statistics. (Confusingly, and perhaps for historical reasons, the website is considered the first party and you the second party in that interaction.)

The specifics added in the operating system updates slated for the third quarter of 2021 tie up many loose ends. But they also blur the lines between anonymity and privacy. As TidBITS writer and security expert Rich Mogull of Securosis said, “Due to the insane intrusiveness of online tracking, the only way to maintain privacy is to use anonymity. It’s the advertisers and their supporting infrastructure that have forced this. They took away choice, so the only response is anonymity.”

Here’s the rundown of what you can expect to see later this year:

• Safari extends Intelligent Tracking Prevention: Apple first added this technology to Safari on the Mac in 2017 to prevent cross-site tracking, which allows cookies from one site to track you across unrelated other sites. Apple continually toils to block new workarounds that ad tech companies come up with. In Safari 15, Intelligent Tracking Protection will also prevent trackers from obtaining a user’s IP address for guessing a location or trying to track them across pages or sites.
• Mail blocks one-pixel and similar trackers: A lot of commercial and some personal email embed invisible images, often just a 1-by-1 pixel graphic, that essentially “phones home” when loaded. A tracking service can infer various details about the email recipient, including that the message was read, when it was read, and where the user is located, among other details. Mail currently offers a switch that controls image loading in a message. When enabled, everything loads; when disabled, you have to click Load Remote Content selectively for messages that have graphic content you want to view—and thus load invisible tracking images! In the next update of Mail, you will be able to allow remote content to load while blocking invisible trackers. Mail will also mask IP addresses to prevent tracking and geolocation.
  
• Embedded location sharing: To reduce the availability of unwanted location tracking in apps, iOS 15 and iPadOS 15 gives developers a way to request that the user provide their current location through an affirmative action. Each time the app wants the location, it can make this query again. The current options only allow a developer to obtain continuous access during a session with an app (Allow Once), continuously while the app is in the foreground (Allow While Using the App), or both in the foreground and background (by going to Settings > Privacy > Location Services > AppName and selecting Always Allow). (Always Allow is useful for apps like those that track exercise, children’s whereabouts, or navigate by GPS.)
• iCloud Private Relay: New to iCloud+, this feature offers something like the Tor routing network, a combination of VPN (encrypted data transit over the Internet) combined with quasi-anonymity. When you turn on iCloud Private Relay, all your Safari browsing is encrypted and associated with an anonymous IP address. The request goes first to an Apple-controlled “ingress proxy” (which knows who you are but not what site you’re visiting) and then to a third-party “egress proxy” (which knows what site you’re visiting but not who you are) before being delivered to the ultimate destination. For non-logged-in sessions, this approach prevents effective user tracking or even knowing much about them at all. As with other secure services Apple offers, the company designed the system so it can’t decrypt your browsing session. Private Relay also protects two other leaky types of traffic outside Safari: DNS queries, which reveal the domains accessed by any Internet-connected software on your devices, and most insecure (non-HTTPS) Web queries from any app. For more details, see Dave Hamilton’s MacObserver article.
• Hide My Email: An extension of the Sign in with Apple offering for developers to use for account-based access, Hide My Email is also included with iCloud+. It lets you create a unique, random email address that forwards to your iCloud address, so you can send and receive email without sharing your actual email address. As with Sign in with Apple, you can disable or delete these addresses and never receive any email from that source again.

Apple didn’t decide to develop these additional privacy protections and anonymity enhancements in a void. They stem from a desire to protect users against unceasing attempts to monetize your every moment online by firms ranging from Facebook, one of the world’s largest corporations, to shadowy ad-tech shops.

By adding both free and paid features—iCloud+ starts at $0.99 per month for 50 GB of storage and other benefits—Apple ups the pressure on companies like Amazon, Google, and Microsoft to step up their privacy protections, too. Because Apple continues to focus on services as a pathway to maintaining its high margins and increasing its revenue outside of the vagaries of hardware sales, these privacy-first moves may also attract customers who make purchases on Apple platforms rather than others. It’s simultaneously user-friendly and good for Apple’s bottom line, and it forces other companies to try to meet Apple’s bar—or lie about their intentions with regard to your data.