Today I’m going to introduce you to Apple’s radical, internet-destroying new privacy technology: informed consent.

What is App Tracking Transparency?
Apple is calling its new program App Tracking Transparency (ATT). And it’s basically just what it implies – it makes ad tracking transparent to the user. Because ads are what makes the digital world go around, Apple has a built-in ID for advertisers (“IDFA”). Any app on the device can use this ID to correlate various activities on your device back to you – that is, they can use this identifier to build up information about you.
Advertising companies (like Facebook and Google) will tell you that this tracking is for your benefit, to show you more “relevant” ads and to “improve your experience” by tailoring their services to your wants and needs. While that is somewhat true, it’s also true that these companies makes tens of billions of dollars every year by creating incredibly detailed dossiers on you and selling access to the highest bidder. Note that that also makes this data available for theft by hackers and spies or abuse by rogue employees. At a higher level, this data can be used to influence public opinion and even sway elections. (Apple has a nice explainer video here, but if you really want to understand this issue, you need to read Privacy is Power.)
Misinformed Consent (aka Dark Patterns)
Facebook says that blocking tracking will hurt small businesses because they can’t possibly reach new customers without it (like they did for all of human history prior to Facebook). They even took out a full page newspaper ad to make this case. Facebook is also trying to convince you that life without personalized ads is somehow unlivable. Just trust us. We’re here to help. No, really. It’s fine. Just let us track you.
Does that seem overly sarcastic? A little too facetious? Then let’s study this actual example (from AppleInsider):

First of all, note the serene and happy image at the top. Calm, happy person about to click “Allow”. Fresh flowers, piping hot coffee and a good book. Ahhh! Life is so much better when I allow tracking! Then read their helpful explanation… surely you want to support businesses, right? And who wouldn’t want a “better ad experience”? Don’t worry – it won’t give us access to “new types of information”… because until now, you’ve allowed this to happen without informed consent, so they already have this type of information – you’re just allowing them to continue to access it. Also notice how in Facebook’s dialog, the “Allow” button is already helpfully highlighted for you. Just like the “Agree” button on their terms of service and cookie dialogs. These are called Dark Patterns. [UPDATE: A newer version of this screen now includes the bullet point “Help keep Instagram/Facebook free of charge”. This strongly implies that if you don’t allow tracking, you’ll have to start paying for Facebook and Instagram – even though they claimed for years that Facebook will always be free.]
Compare that to Apple’s dialog. “Facebook would like permission to track you across apps and websites owned by other companies.” That’s the simple truth, without euphemisms or biased language. It also makes it clear that it’s not just Facebook who will get your data or only on this app that Facebook will track you. And finally notice that neither option is pre-selected or phrased in a way to influence your choice.
Disabling App Tracking in v14.5
The first thing you need to do is to upgrade your iPhone, iPad and Apple TV to version 14.5. On iPhone and iPad, go to Settings, then General, then Software Update. On Apple TV, go to Settings, then System, then Software Updates and Select Update Software. You should have automatic updates enabled for all of these devices – so if you haven’t done that, enable that while you’re in the settings. Automatic updates should occur whenever your device is on WiFi and connected to power. If you connect it to a charger overnight, that should do it.
Once you’ve updated the software, you should start seeing these new pop-up messages for apps that want you to allow this tracking. You can simply disable the setting for all apps with one setting. Go to Settings, then Privacy, then Tracking. Turn off “Allow apps to request to track”. However, if for some reason you want to allow this for some apps, you can enable this and then you’ll get the pop-up questions. And all the apps that have asked you will be listed in this dialog under Settings, so that you can change the setting on a per-app basis.
If you have an Apple TV, to disable app tracking, go to Settings, then General, then Privacy, then Tracking. And of course, turn off the toggle for “Allow apps to request to track”.
Limitations to App Tracking Transparency
If I’ve made you properly paranoid and cynical, you noticed that the dialog says “ask” app not to track, not tell app not to track. Why? According to Apple, it’s because they don’t want to promise what they can’t truly deliver. Apple has full control over the tracking mechanism they themselves provided: ID For Advertisers (IDFA). While Apple is requiring developers to respect this setting for other forms of tracking, it can’t enforce these other tracking techniques programmatically. Some companies are already trying to create other IDs to track you with. Some are even offering to reward you for allowing them to track you. Apple is trying to stop all that, but some techniques are hard to detect and block. That said, Apple has declared that they’ll remove any apps that are caught cheating.
Need practical security tips?
Sign up to receive Carey's favorite security tips + the first chapter of his book, Firewalls Don't Stop Dragons.
Don't get caught with your drawbridge down!