Private Browsing 2.0

Original Article ↗ Hacker News Discussion ↗

Ad attribution in “Private” mode

  • Many are alarmed that Web AdAttributionKit is now active in Private Browsing.
  • Critics argue: private mode should “do nothing for advertisers,” not spend user resources on ad measurement.
  • Some see this as capitulation to adtech; others argue it’s a constrained, “privacy-preserving” alternative to worse tracking, and that sites need some ad analytics to survive.
  • Debate over whether this is “worse for privacy”:
    • One side: before, private mode had no ad attribution at all; now it does.
    • Other side: it replaces more invasive techniques and doesn’t track individuals.

Tracking, fingerprinting, and GDPR

  • Discussion of fingerprinting: only 20–30 bits of entropy plus IP can uniquely identify users; even “cookieless” systems can track.
  • Some note this is likely not GDPR-compliant, but enforcement is seen as weak.
  • New Safari protections claim to blunt behavior-based signals (typing speed, cursor movement) and add canvas noise; concern this may break games or web photo editing.

Proxying HTTP and DNS; who to trust

  • Safari’s multi-hop proxy for unencrypted HTTP and DNS splits knowledge between Apple and a CDN provider.
  • Some trust this more than ISPs; others explicitly trust their ISP more than Apple/US companies.
  • Comparisons to Tor: more hops and jurisdiction diversity, but still vulnerable to global traffic analysis.
  • Disagreement about whether this model increases practical deanonymization risk vs. plain HTTP through an ISP.

Private Browsing semantics

  • Several note original “private mode” was about hiding history from local device users, not network/website tracking.
  • Expectations have shifted; now people assume strong online privacy, leading to confusion and lawsuits.

Extension breakage and site compatibility

  • Advanced tracking protection can break Safari extensions that rely on full URLs.
  • Some expect these protections will also break sites, but see that as an acceptable tradeoff.

Comparisons and alternatives

  • Firefox lauded for built-in first-party data whitelisting and cookie auto-delete patterns.
  • Brave and Firefox’s own ad-measurement features mentioned; Firefox enables a “privacy-preserving ad measurement” option by default but lets users disable it.

General sentiment

  • Mixed: appreciation for Apple’s privacy work overall, but strong discomfort that even Private Browsing now includes any ad attribution.