My understanding around how this works (and I might be wrong!) is that Apple tracks a variety of usage on device and your device itself knows which ad to serve, versus say Google or Facebook collating your data on their own servers.
I'd not be surprised to learn there was some level of phoning home though.
There’s a common misconception that ad tracking is all about targeting ads. That’s part of it, but the truth is that tracking conversions is a more important differentiator for advertising platforms. A conversion is where the user clicks on the ad and then makes a purchase. The top digital ad companies (Apple, Google, Meta, Amazon) all charge for conversions. There is no way to charge for conversions without sending data about the user’s behavior off the device (which ads they saw, and which purchases they made).
That’s not true. They could use differentially private on-device joins using anonymously downloaded ad data. Or they could securely aggregate the results. Or both.
Can you elaborate? I see an ad in the News app, then click on it and make a purchase from Clash of Clans in the App Store. Apple needs to charge Clash of Clans for the conversion. How do they do it?
Apple knows that I bought the app (they charged me for it).
In order to charge Clash of Clans for the conversion, my phone needs to connect to Apple and send them a record of the ad click. What if clicking on that ad and buying the app are the only thing I ever did on the phone? There’s nothing to aggregate locally, and Apple knows they got the conversion data from me.
Perhaps the claim is that my phone is going to send all these records to Apple, and Apple is just going to do the right thing and run programs that do the business without letting any of their people look at anything they aren’t supposed to look at (they could internally accomplish this by differential privacy, rigorous internal controls, etc). That’s the same claim Google and everyone else is going to make.
That's not at all how adtech works. You cannot download all activity between ad supply (website/app/etc) and advertisers and every vendor in the middle onto your device for some joins.
You misunderstand, completely. A device needn't download all activity, or indeed download anything additional at all. It knows which ads it clicked on and it knows the conversion signal for each ad the user saw. It can thus easily count the user's conversions on the device, then privately aggregate the result with its peers using secure multi-party computation (or a secure enclave).
Even the ads can be anonymously downloaded using a shuffler/mixer, such that nobody knows which ads out of the universe of ads the device chose to target the user with.
This just has all of the negative privacy implications FLoC does[1], which is also something pushed by Google that was heavily criticized. I guess now that Apple is doing it, it's okay.
Similar! The biggest difference in my mind is that any website using FLoC would be able to know what cohort I belonged to.
FLoC is definitely more anonymous than "davidlumley visited nytimes.com twice on December 1st 2022". However, that particular usage information was previously only available to nytimes.com, any ad/data vendor using third party tracking cookies that were present on nytimes.com at the time of my visit, and finally any company that purchased data from the ad/data vendor.
My FLoC was theoretically available to any website and had much of the same intent data that intent ad/data vendors were/are selling.
If my understanding of Apple's ad platform is correct, advertisers don't know which cohort the user davidlumley belongs to, or that their ads are being served to me because that's all handled on device.
is that Apple tracks a variety of usage on device and your device itself knows which ad to serve
This is a distinction without a difference. Do you regularly share your phone with other people, to the extent that "device data" can not be correlated back to you?
I'd not be surprised to learn there was some level of phoning home though.