Appleās Private Click Measurement (PCM) gives websites a way to measure the effects of advertising. Itās designed to replace the ubiquitous third-party cookies that secretly harvest our data, but is it actually any better for privacy? We find out.
What is PCM and why is it necessary?
The majority of āfreeā websites that most people use on a daily basis are paid for through advertising. Websites can host adverts and get paid for it. However, advertisers want to know that theyāre getting their moneyās worth. This requires some way of knowing when a user has clicked on an advert, and then bought (or signed up to something) on the advertiserās site.
Traditionally, this was achieved by putting cross-site trackingĀ cookiesĀ in site visitorsā web browsers. These āpersistentā cookies areĀ notoriously badĀ for privacy, enabling all manner of third parties to collect data about peopleās online activities to share, sell or otherwise exploit for financial gain.
The good news is that third-party cookies are on the way out. The Safari and Firefox browsers already block them by default, and Google isĀ phasing them outĀ for 1% of Chrome and Android users in the first quarter of 2024 with full deprecation by the end of that year.
With PCM, Apple is joining other big names such asĀ MicrosoftĀ andĀ GoogleĀ in attempting to create an alternative that satisfies advertisersā needs without sacrificing user privacy. PCM allows for ad-click attribution, while not allowing arbitrary cross-site tracking.
How does PCM work?
PCM is already enabledĀ in Safari and iOS through an in-browser API. It counts how frequently users click on ads and subsequently purchase a product, or perform some other action, on the linked site. Advertisers can use this data to judge how well an ad campaign is performing.
However, accordingĀ to marketing company Louder: āDemographic, geographic and or device type breakdowns will no longer be supported for conversion reporting.ā This, it says, will make campaign optimisation āmore difficult, since you wonāt be able to slice and dice conversions as easily as beforeā. So while the options for creating highly targeted ads will diminish, websites with successful conversion rates will likely continue to receive ad company business.
TheĀ PCMĀ process proceeds according to the following simplified outline:
1. A user is browsing the social.example site and sees an ad for a barbecue that they like the look of.
2. This ad contains a link to the shop.example site. The link HTML also contains an 8-bit attribution source ID and the address of the click destination website that wants to attribute incoming navigations to clicks (āattributeonā).
3. If the user clicks the link and arrives at the āattributeonā website, the āattributionsourceidā is silently stored in the userās browser as a click from social.example to shop.example for 7 days.
4. The userās activity while on this site can lead to a triggering event (e.g. if they buy something). This leads the āattributeonā website to make a HTTP GET request to social.example. It is this GET request that triggers attribution. The request includes a four-bit decimal value that encodes the user action that triggered the attribution (trigger data), an optional 6-bit value for allowing multiple triggering events to result in a single attribution report.
5. The browser then checks for relevant stored clicks. If thereās a match, it schedules a single attribution report to be sent out at some point within 48 hours.
6. Reports are sent as HTTP POST requests and include: the click source website, the 8-bit source id, the attribution destination website, and trigger data.
In essence, the userās browser creates a report when clicks and subsequent purchases (or other desirable actions) occur. PCM limits the information included in the report, submits them to the websites through an anonymization service, and only after a delay of one to two days.
In many ways, yes. The delay in sending an attribution report helps prevent it being matched to the event that triggered it ā as does sending it via an anonymizing proxy (Appleās Private Relay).
By limiting the availability of identifiers, PCM intends for multiple users to have the same identifiers ā thus increasing an individual’s anonymity. When a user clicks on a link, it can be assigned one of 256 identifiers. If they click to buy something (or perform some other action that creates a trigger event), it can be assigned one of 16 identifiers. The small number of allowed identifiers acts as a further privacy safeguard.
However, PCM is far from perfect. MozillaĀ carried outĀ a detailed analysis of PCM and concluded that, although PCM āprevents sites from performing mass tracking, it still allows them to track a small number of usersā.
For example, the delays in sending reports are only useful if there are a large number of them being generated. It could be possible to match reports to events if there was only one in a 24-hour period, for example. By the same reasoning, sites may be able to more easily identify users who are active at unusual hours.
The Mozilla analysis also describes how a pair of sites could agree to track a particular user. For example, a user that generates a report on one site could be shown a link to a second site where they generate a second report. If these reports arrive within two days then it could be inferred that they came from the same person. However, the reportās author admits that āconfirming a guess about user identity across sites is unlikely to be feasible for many sites.ā
Conclusion
PCM is a vast improvement on traditional third-party cookies. The limited availability of identifiers makes it far less feasible for sites to identify individual users who have clicked on an advert. However, as Mozzilla pointed out, it is not impossible. āPCM does not provide users with any guarantee that sites are unable to use the information it provides for tracking,ā it says.
Limiting the data collected by third parties while also providing advertisers with what they need to keep functioning is no easy task. Just ask Google. It firstĀ announcedĀ its plan to make āthird party cookies obsoleteā back in 2020. Almost four years later, itās just beginning to implement its Protected Audience API.
Designed to let ads be targeted without sharing usersā browsing history, the Protected Audience API has been criticized for being as bad for privacy as the third-party cookies it’s supposed to replace. Ad-blocking software company, AdGuard,Ā saysĀ that the API turns the ābrowser itself into an instrument to show ads, an ad auction tool of its own kindā.
Related:
 – Everything you need to know){kind=link}