Under the Radar

207: Privacy Labels and Analytics


00:00:00   - Welcome to Under the Radar,

00:00:02   a show about independent iOS app development.

00:00:04   I'm Mark O'Arment.

00:00:06   - And I'm David Smith.

00:00:07   Under the Radar is never longer than 30 minutes,

00:00:09   so let's get started.

00:00:11   So it is that time of year again,

00:00:12   it is the end of the year,

00:00:13   and interestingly for us, I think as iOS developers,

00:00:18   right now it means that it's time for us

00:00:20   to think about our privacy and our data tracking

00:00:24   and all the things as we've just had to go in

00:00:26   and fill in our, what is it,

00:00:29   Apple is calling them the privacy nutrition labels.

00:00:32   - Something like that.

00:00:32   - Or something with our app,

00:00:33   and some of these have turned out to be somewhat comical,

00:00:35   like if you look at the Facebook app one,

00:00:37   I feel like almost as a protest,

00:00:39   they just went in and checked every checkbox,

00:00:42   just like for funsies,

00:00:44   like they just had an intern go and check

00:00:46   every single checkbox,

00:00:47   because that seems like what they did.

00:00:50   They are collecting all the information.

00:00:52   - In a way, it's actually kind of smart,

00:00:54   because legally, they probably want to,

00:00:57   I bet the legal department wanted to cover their butts

00:01:00   and be like, all right,

00:01:01   we are just gonna say we collect everything

00:01:03   for every possible purpose,

00:01:05   because we want the ability to do that

00:01:07   without getting into trouble with Apple, or legally,

00:01:09   and also, I think it's smart,

00:01:11   because nobody expects Facebook to be good

00:01:15   in this way anyway,

00:01:16   so in a way, it doesn't even matter

00:01:18   what Facebook says on theirs,

00:01:19   and also, by making it so insanely long,

00:01:23   they remove all meaning from any of it,

00:01:25   which is actually, I think this is actually a little bit

00:01:28   of a flaw in Apple's design,

00:01:31   that certain things that are very commonplace,

00:01:33   like crash reporting,

00:01:35   these things are so common,

00:01:37   and Apple gives them so much size

00:01:39   and visual prominence in the display of this thing,

00:01:42   that actually, it's actually kind of hard

00:01:43   to get an idea of what in this app privacy label thing,

00:01:47   what is there that I need to notice and care about,

00:01:50   because there's so much noise in it,

00:01:51   and Facebook's approach is actually kind of genius,

00:01:53   because they filled it with so much noise

00:01:56   that you really get no information from that whatsoever.

00:01:59   - Yeah, no, it's a weird thing,

00:02:02   and I definitely, I will say,

00:02:03   having now gone through the experience for most of my apps,

00:02:06   and putting in my own information into it,

00:02:09   it is, I see what Apple is trying to do here,

00:02:12   but it is really confusing,

00:02:14   and some of the things show up in a way that is really,

00:02:19   not, I think deceptive's the wrong word,

00:02:21   but it's kind of in that way,

00:02:22   where if you do anything that,

00:02:25   if you record someone's IP address,

00:02:29   in many ways, you are collecting their course location,

00:02:33   probably, in terms of,

00:02:34   that is something that you could ultimately work out

00:02:37   back to being your location,

00:02:39   but if you put in that you are saying

00:02:42   that it's course location,

00:02:44   then it shows up just in the initial thing,

00:02:46   when the user opens the app store,

00:02:47   it says, "This app tracks your location,"

00:02:49   and it's like, "Really?

00:02:53   "It's tricky for me,"

00:02:54   'cause obviously, I've just,

00:02:55   I solved that problem by just making sure

00:02:58   that I never log or track an IP address anywhere,

00:03:01   and anything, and I can just avoid

00:03:03   making it look like I'm tracking your location,

00:03:05   but that's the one where I feel,

00:03:07   there's a bunch of these questions,

00:03:08   and some of these things are like, "I don't know."

00:03:11   Is this user analytics, or is it diagnostic information?

00:03:15   Is it,

00:03:16   is there a lot of the categories and things,

00:03:20   and what should be counted, and what shouldn't?

00:03:21   I feel like is,

00:03:22   I appreciate that Apple is trying to be very specific

00:03:26   and descriptive, but almost, it becomes,

00:03:30   I have the same problem that the user will have

00:03:32   when they look at their Facebook one,

00:03:34   like when I'm looking at all the check boxes,

00:03:35   and I'm just like, "I don't know."

00:03:37   Which category does this go into?

00:03:39   Is this actually something that I need to worry about,

00:03:41   or is it actually just totally fine?

00:03:44   I've found it to be a little bit frustrating,

00:03:46   and the degree to which,

00:03:49   if you, for my subscription management,

00:03:53   I use RevenueCat, and they have, thankfully,

00:03:57   they have, most third-party services seem to have these now,

00:04:01   they have their little checklist of,

00:04:02   if you use our service,

00:04:03   this is what you probably have to check.

00:04:06   But some of these things get a little questionable,

00:04:08   where it's like, if you use random identifiers

00:04:11   to attach to a user, is that tracking the user,

00:04:15   'cause it's not personally identifiable,

00:04:18   and it's not tracked across anything else,

00:04:21   but it's a way for them to keep track of them.

00:04:22   Is that a user ID, is it a device ID?

00:04:24   Anyway, so this has been my life recently,

00:04:27   of trying to unfurl a little bit of what check boxes

00:04:32   I'm actually supposed to check,

00:04:33   and I really, it feels like there's gotta be a better way

00:04:36   than the hundred-check box approach that Apple settled on.

00:04:40   - It also, when I designed the Overcast privacy

00:04:44   and tracking screen for each podcast recently,

00:04:47   this is a thing, if anybody's not familiar,

00:04:48   where you can go into each podcast screen in Overcast,

00:04:50   and it'll tell you which services

00:04:52   its files are hosted through,

00:04:53   'cause each one of those services gets your IP address

00:04:55   when you request a file.

00:04:57   That's just how podcast downloads work.

00:04:59   And so, and I try to categorize all the known services

00:05:02   that I could find as like, what are these things?

00:05:05   So I could display on that screen,

00:05:06   all right, this thing goes through Libsyn,

00:05:08   this is a hosting service, it provides stats.

00:05:11   This thing goes through PodTrack,

00:05:12   this is a tracking service,

00:05:13   and this service provides dynamic ad insertion,

00:05:16   and this service provides cross-site tracking,

00:05:18   and I tried to categorize those into these,

00:05:21   into a handful, I think it's four or five broad categories.

00:05:24   I try to distill it down to like,

00:05:26   what do you really wanna know about this?

00:05:28   Like, dynamic ad insertion,

00:05:30   I say something along the lines of like,

00:05:31   this can dynamically insert ads into your podcast

00:05:33   which may be targeted to your region, or to your behavior.

00:05:38   It's something like that.

00:05:39   And that's what people wanna know.

00:05:41   People don't care, for the most part,

00:05:44   if a hosting service like Libsyn collects regional stats

00:05:48   based on IP address lookups to know

00:05:50   how many of your listeners live in the USA

00:05:52   versus the UK or whatever.

00:05:54   That kind of stuff, most people don't care about.

00:05:56   So there is this kind of hierarchy of like,

00:05:58   what do people really care about

00:05:59   and what do people not care about?

00:06:00   What's more kind of just noise and technical details?

00:06:03   And it's hard to make, it's kind of a judgment call,

00:06:06   and different people have different amounts

00:06:07   of what they care about and don't care about,

00:06:09   but one thing that I tried to do

00:06:10   in my design of that screen was,

00:06:13   if there's something, if it's one of the categories

00:06:15   that I think people should know about

00:06:17   that might be alarming or unexpected

00:06:19   in the context of podcast downloads,

00:06:21   like being able to track you between different sites,

00:06:25   being able to say, inject an audio ad

00:06:28   into a podcast you play from a major publisher

00:06:30   about something that you looked at on Amazon,

00:06:33   which they totally can do.

00:06:36   Like some of these podcast servers can totally do that.

00:06:39   And so there's like two or three things

00:06:41   that if a podcast has one of those capabilities

00:06:44   in the services that it's hosted by,

00:06:47   I will change the icon of the privacy screen

00:06:50   from the little eye circle for info

00:06:53   to the little warning triangle.

00:06:55   To just kind of say like, this podcast has something

00:06:56   you should maybe look at and know about

00:06:58   if you care about this privacy stuff.

00:06:59   And the reason I did that is because every podcast

00:07:01   has some degree of, well, this is a hosting site,

00:07:03   they're gonna see your IP address,

00:07:05   but some of them just have stuff you care about

00:07:07   versus stuff you don't.

00:07:08   And I feel like that's kind of where Apple

00:07:09   has fallen down a little bit with the design

00:07:10   of this App Store privacy label stuff

00:07:12   is that there's a lot of stuff in here

00:07:14   that almost no one's gonna ever care about.

00:07:15   Or that's kind of just inherent to how apps work.

00:07:18   And some of that I feel like the display of this,

00:07:24   once an app has more than two or three things

00:07:27   that it collects, the display of this information

00:07:29   does not adequately convey what of this

00:07:32   should I maybe be alarmed by or should I know about

00:07:34   more prominently than everything else

00:07:36   versus what's an entire exhaustive list

00:07:39   of what all they could possibly do.

00:07:41   - Yeah, and I think it's this weird,

00:07:43   yeah, it's like what you wanna know is,

00:07:44   is something creepy happening or is it just normal

00:07:49   and something that you shouldn't have to worry about?

00:07:51   And obviously that's a hard problem to,

00:07:53   well, what's creepy depends on who you are

00:07:55   and what your threshold for things is

00:07:59   where it's creepy when you, if you search

00:08:01   for something on Amazon and then you hear an ad for it

00:08:03   in a podcast you're listening to,

00:08:05   that's a little creepy, but--

00:08:07   - More than a little to me, but--

00:08:08   - Yeah, sure, it's very creepy.

00:08:10   - But to some people they'd be like, eh, whatever.

00:08:12   - But it's even like knowing, yeah, it's,

00:08:15   I think as a developer what I find frustrating about this

00:08:18   is like I wanna be, it's like I wanna be a good guy, right?

00:08:22   Like I wanna, I intentionally and consciously

00:08:25   collect as little information as I possibly can

00:08:29   about my users and I do my best to use third party providers

00:08:34   that are, when I have to use a third party provider

00:08:36   that I use a third party provider that is like,

00:08:38   has a good privacy policy and is being respectful,

00:08:43   like I try and do that and I feel like this system

00:08:47   in some ways, I just was getting frustrated

00:08:49   'cause I don't, it's like if you check all the boxes,

00:08:52   if you're just like Facebook, then, like, oh well,

00:08:55   but if you, it's like the extreme version is obviously,

00:08:58   and I think there's been a lot of this,

00:09:00   like everyone loves when they're like,

00:09:02   I didn't have to check any boxes

00:09:03   and it's like data tracked, none.

00:09:05   And it's like as a badge of honor,

00:09:07   like I don't think that's actually practical

00:09:09   for a large swath of applications

00:09:12   if you're actually accounting for and like referencing

00:09:17   any possible interaction that you have in that application.

00:09:22   And so it's just a bit frustrating when I feel like,

00:09:24   I don't know, like I don't, I wanna click as little of these

00:09:28   as I possibly can, but, and I don't even really know

00:09:31   necessarily how many of them I do need to check

00:09:34   just because some of it's so ambiguous

00:09:36   and kind of confusing.

00:09:37   So it's been a slightly frustrating sort of period for me.

00:09:40   And especially I think doubly complicated by this,

00:09:44   so like in WidgetSmith recently,

00:09:46   I found myself in this position where like,

00:09:49   I wanted to collect some very basic information

00:09:53   about my users, which is like, it's analytics, right?

00:09:56   Like this is, and this is where you are confronted

00:09:59   by this question of like what's creepy

00:10:01   and what isn't creepy and how do I do this?

00:10:05   And I think what's especially complicated with WidgetSmith

00:10:07   is I have to collect, like I wanna collect private,

00:10:11   anonymous demographic information at scale immediately.

00:10:16   Like I'm, and I don't have an existing web service for this.

00:10:21   And so I've spent the last couple of weeks building

00:10:24   my own little like ultra privacy conscious tinfoil hat

00:10:29   wearing privacy framework.

00:10:32   And well, of course I have to share the name

00:10:34   because once I had the name it was perfect.

00:10:36   It's called Underlytics.

00:10:38   (laughing)

00:10:40   Which I loved because both my name

00:10:43   and the fact that it collects almost nothing,

00:10:46   but it collects just enough.

00:10:48   And it's just been really interesting to kind of think

00:10:50   through as I've been building this is,

00:10:52   it's like all I need is some very basic stuff.

00:10:54   Like I'm mostly I'm just looking at like,

00:10:56   what size phones do people have?

00:10:59   Because that's really, really helpful for me

00:11:01   as I develop things to make sure like if 2% of people

00:11:05   are using the iPhone SE screen and there's a feature

00:11:07   I wanna build that requires it,

00:11:10   like that would be awkward on that,

00:11:11   like I might not worry about it.

00:11:13   Or like those kinds of things.

00:11:15   And so it's like tracking that kind of information

00:11:18   is really interesting and kind of interesting

00:11:20   trying to as an engineering experience

00:11:22   has been kind of challenging too because,

00:11:25   you know, it's like I'm talking about building a system

00:11:28   that even though it only records sort of reports in

00:11:32   once a day I think is the way that I structured it

00:11:35   when I was building this, you know,

00:11:36   it's suddenly a system that has to deal with,

00:11:39   you know, sort of tens if not hundreds

00:11:41   of requests per second sort of out the gate.

00:11:44   And or even that was a question

00:11:47   because it's like part of me had this funny thought of this,

00:11:48   like I don't actually care about it.

00:11:50   I don't want, I don't really care about

00:11:52   any individual person's report

00:11:54   as I'm already immediately like anonymizing it

00:11:56   and like aggregating it immediately.

00:12:00   So maybe I'll just have, you know,

00:12:03   like a random number generator

00:12:04   and you only get to report analytics if you are, you know,

00:12:08   if you could get a one out of a one to 100 number generator

00:12:12   or something, so I just collect, you know,

00:12:14   a hundredth of the data, but it's probably

00:12:16   because it's randomized,

00:12:17   it's probably still statistically useful.

00:12:19   But anyway, so that's been my week.

00:12:22   It's kind of banging my head up against trying to,

00:12:25   like trying to do the right thing,

00:12:26   trying to be a good guy in this,

00:12:27   but being frustrated by the fact that I can't just,

00:12:31   I think most people would just say

00:12:32   you just drop Firebase or something, right?

00:12:34   Like all of these, like there's dozens

00:12:36   of these analytics frameworks

00:12:38   that you could just drop into your app.

00:12:39   But then it's like, if I do that,

00:12:41   I need to check like 12 boxes probably

00:12:43   in the privacy report, which is like frustrating.

00:12:47   And instead you have, and I'm spending a week

00:12:49   building something that like no user will ever see

00:12:53   and I barely see, but I have to be thoughtful

00:12:56   about it in the first place either way.

00:12:59   - We are sponsored this week by Pingdom from SolarWinds.

00:13:02   While you've been listening to this podcast,

00:13:03   how would you know if your website had gone down?

00:13:06   Would you know if customers couldn't click

00:13:07   that buy now button or access your content?

00:13:09   You might stumble across the problem by luck,

00:13:11   but that's no good.

00:13:12   You need a system to monitor.

00:13:13   You need something to tell you everything

00:13:15   is running smoothly on your site

00:13:17   and more importantly, when it's not.

00:13:19   You need Pingdom.

00:13:21   Pingdom detects around 13 million outages every month.

00:13:24   That's more than 400,000 outages every day.

00:13:27   They help keep your sites and the sites you love online.

00:13:30   I use Pingdom.

00:13:30   I've used them for probably a decade now.

00:13:33   I've used it to monitor like everything

00:13:35   that anybody would ever know that I made.

00:13:37   You can even use Pingdom to monitor sites that aren't yours.

00:13:40   Like if you wanna monitor like Apple's WBC site

00:13:43   for monitoring when things change

00:13:45   or monitoring when like a hot new item goes for sale

00:13:49   on a website, you can monitor that with Pingdom.

00:13:51   It's pretty cool.

00:13:52   So it doesn't matter if you're an individual

00:13:54   or a startup or a huge company.

00:13:55   You need alerts about any critical website issues

00:13:58   that you have and then you can customize

00:14:00   how you're alerted depending on the severity of an outage.

00:14:02   Plus, Pingdom can track and analyze your website's load time.

00:14:05   You can see what's affecting user experience.

00:14:07   So for sites of any size, you need Pingdom

00:14:10   and Pingdom has a no fuss approach to getting started.

00:14:12   All you need is the URL that you wanna monitor.

00:14:14   They take care of the rest.

00:14:16   Go to Pingdom.com/RelayFM right now

00:14:19   for a 14 day free trial with no credit card required.

00:14:23   When you wanna sign up, use the code radar at checkout

00:14:26   to get a huge 30% off your first invoice.

00:14:29   Thanks to Pingdom from SolarWinds

00:14:31   for their support of this show and RelayFM.

00:14:33   Yeah, for Overcast, I did something similar

00:14:37   but longer ago and much smaller scale

00:14:40   where I didn't wanna have any kind of third party

00:14:44   analytics frameworks in my app.

00:14:45   I did a long time ago, many years ago,

00:14:48   but I dropped those a while back

00:14:50   because it didn't feel right to have to embed

00:14:53   third party code and send stuff to some service

00:14:57   that I think at the time I used Crashlytics for a little while

00:15:00   I think it was owned by Twitter at the time.

00:15:02   It was a whole weird thing.

00:15:03   Why Twitter needs that, I don't know, but it doesn't matter.

00:15:07   And it was weird because it was collecting

00:15:11   way more information than I actually needed

00:15:13   and it was doing so in a way that was totally

00:15:16   out of my control both in the binary side of my app

00:15:18   and on the analytics side.

00:15:19   And so I decided back then, I'm just gonna build

00:15:22   something myself that's really basic and minimal.

00:15:24   And when you do that, yeah, it's a little bit of work,

00:15:27   you have to occasionally do things to it

00:15:28   and it isn't just as easy as dropping something in,

00:15:31   but you also retain full control over all the data

00:15:35   you're collecting, all the data you're not collecting,

00:15:37   and all the binary side of things.

00:15:39   I was able to make a really simple, elegant client side

00:15:43   version of how it collects this information

00:15:45   because I knew exactly what I needed and what I didn't.

00:15:47   Like for instance, as you are adding analytics events,

00:15:50   and I use it for things like not only whatever

00:15:54   your device size and OS version and stuff like that is,

00:15:56   which helps me decide what features to support

00:15:58   and what OS I need to support and everything,

00:16:00   I also use it for basic things like if you add a new podcast,

00:16:04   what region of the app did you get that from?

00:16:07   Did you get it from the search box?

00:16:08   Did you get it from the directory?

00:16:09   Did you get it by adding by URL?

00:16:11   That way I know what do people actually use?

00:16:14   Like from recommendations, and that helps me

00:16:16   make better recommendation features and stuff like that.

00:16:18   Like with this little technical detail I did was,

00:16:20   these things are just kept in memory until the next sync.

00:16:23   These events normally are added to a dispatch queue,

00:16:26   and the dispatch queue adds them to an array,

00:16:29   and during a sync, I just suspend the dispatch queue.

00:16:32   If the sync succeeds, I clear out the queue,

00:16:34   and no matter what, I resume the queue afterwards.

00:16:37   So these events never hit the disk,

00:16:40   and they take almost no memory.

00:16:43   I don't need to do a lot of complicated logic.

00:16:46   It's just super simple stuff like that.

00:16:47   And then on the server side, it's just a giant

00:16:51   analytics today table, and I have a cron job

00:16:54   that runs at midnight every day that takes

00:16:57   yesterday's analytics today table and just totals up

00:17:00   all the totals and inserts them into

00:17:02   the analytics archive table, which is just totals.

00:17:05   So I only have user-specific data for one day,

00:17:08   and I made a change back when Apple released

00:17:11   all these definitions a little while back.

00:17:14   I made a change.

00:17:15   It used to just be the table was user ID,

00:17:18   comma, event name, comma, event value, something like that.

00:17:21   Now it's just random ID, 'cause who cares?

00:17:23   And I have the devices now make a rotating ID,

00:17:28   'cause I do wanna know if the same device

00:17:31   is reporting twice a day, I wanna know

00:17:34   that it was the same device, but I also don't care

00:17:36   who it was, and it doesn't matter at all.

00:17:39   And so I have a thing where devices just randomly,

00:17:41   roughly every couple of weeks, change their random ID.

00:17:46   And this is all stuff that I was able to do

00:17:47   because I control the entire stack of this thing,

00:17:50   and I know what I need and what I don't need.

00:17:51   I knew that it doesn't really matter if the app crashes

00:17:55   before it sent a certain event, and that's why

00:17:57   I don't have to persist it to a disk, because I don't care.

00:18:01   It's like, none of these stats are that important.

00:18:03   I just need, as you were saying, you just need

00:18:05   like one out of 100, I just need like general,

00:18:07   gross, aggregate totals of things.

00:18:09   I need to know, do a lot of people use this thing,

00:18:12   or does almost no one use this thing?

00:18:14   Do a lot of people still use iOS 12,

00:18:16   or does almost no one still use iOS 12?

00:18:17   That's the kind of stuff I need to know.

00:18:19   And so I'm able to do really minimal, basic stuff

00:18:23   on both sides, and because I wrote and maintain all of it,

00:18:28   when something like this comes up from Apple,

00:18:29   where they wanna know what I do,

00:18:31   I can answer the questions almost immediately.

00:18:33   I had to look up almost nothing about what I did here,

00:18:35   because I just know, because I wrote it,

00:18:38   like I know exactly what it does,

00:18:40   I know exactly what it doesn't do,

00:18:41   and there's a lot of power to that,

00:18:43   even though, yeah, my graphs are hideously ugly

00:18:46   on my little admin control panel,

00:18:48   the whole system is hideously ugly.

00:18:50   I don't have all the features that something fancier

00:18:52   might have, but I don't need that.

00:18:55   I'm perfectly happy with the information I have

00:18:57   of just like roughly, you know, OS versions,

00:19:00   and how many people use like the send to watch feature,

00:19:02   and stuff like that.

00:19:04   - Yeah, and I think what's, obviously,

00:19:05   I imagine at some point, this is what Apple would love

00:19:08   for every developer to do, right,

00:19:09   is this, if you take a thoughtful approach

00:19:12   about what actual data, I mean, and Apple,

00:19:14   every, like every year at WDC, there's a talk about privacy,

00:19:18   and this is always their refrain, is it's like,

00:19:20   collect only what you need, keep it for only as long

00:19:23   as you need it, and like, be thoughtful

00:19:26   about why you need it.

00:19:28   And very much, I think, what their hope is,

00:19:31   but like, by making this be something that we have

00:19:34   to actually disclose is something that they're hoping

00:19:38   that people are, increase the level of thoughtfulness

00:19:40   that people have about it, and it is certainly

00:19:42   an interesting exercise, and I think what has been

00:19:44   most fascinating to me is understanding, too,

00:19:46   is it's, if you take a hard look at what you're actually

00:19:51   needing, is like, how, the degree to which you can boil down

00:19:55   the information that you actually want

00:19:57   from something that is potentially more of a privacy concern

00:20:01   to something that is less of a privacy concern,

00:20:03   like, do you actually need the count of something,

00:20:05   or do you just need the proportion of something?

00:20:08   'Cause proportion is sort of fundamentally,

00:20:11   it's like, it's another level of sort of obfuscation

00:20:15   of the data, rather than, even to, even obviously,

00:20:18   like, if it isn't something that's specifically tied

00:20:20   to someone or is, you know, is dealt with in that way,

00:20:24   like, if you end up with something that is a proportion,

00:20:26   it is just, you know, it's less specific,

00:20:29   and you're just increasingly, like, adding these

00:20:31   fuzz factors to what you're seeing, but if it's still useful

00:20:34   to you, like, the fact that knowing that some, you know,

00:20:36   40% of people did something versus knowing that it's,

00:20:40   you know, 36,201 people did it, like, that is something

00:20:44   that if you don't need that data, then don't keep that data.

00:20:47   And also, like, it was interesting, too, when I was going

00:20:51   through this exercise, is how most analytics,

00:20:54   I only need for a day at a time, which, like,

00:20:59   conceptually, and originally I thought it was like,

00:21:01   oh, you know, do I need to have, how do I deal with storage

00:21:03   of something like this, and it's like, well,

00:21:05   if you just don't store it, if you just keep the current

00:21:07   day's data, and then at the next day, like, the old data

00:21:11   goes away, and there's just the new data, like,

00:21:13   that's probably fine for 90% of what kind of analytics

00:21:16   you need are, and if you need the long-term stuff,

00:21:20   you can always go to Apple's own analytics system,

00:21:22   and look at that, and it'll give you a lot of this kind

00:21:24   of information, but I think that part of this exercise

00:21:28   has certainly been nice, that this sort of being thoughtful

00:21:30   about it, and like, do you actually need it,

00:21:31   what actually data do you want, but, yeah, and it's,

00:21:36   I don't know, it's a weird, I just feel, I have such this,

00:21:38   this weird mixed feeling about Apple's sort of stance here

00:21:41   on privacy, and then wanting to have these labels be useful,

00:21:44   but it's either something where you're being super thoughtful

00:21:47   and you have, like, three things in there, and in some ways,

00:21:50   those three things, like, stand out and make me feel,

00:21:52   like, guilty, but if I just went in and checked, like,

00:21:56   20 check boxes, and just said, like, eh, I collect

00:21:58   a bunch of stuff, it may not actually, it may actually

00:22:02   look less suspicious in some ways, I don't know, like,

00:22:06   but it's been an interesting process, for sure,

00:22:08   and I do kind of wish that Apple had, or someone, honestly,

00:22:13   had a more sort of, like, took an approach to privacy

00:22:17   and did a lot of this work so that individual developers

00:22:22   didn't have to, like, I found myself, as I was going

00:22:24   through this process, too, like, really missing iAd,

00:22:29   Apple's old, now defunct advertising framework,

00:22:33   because when I used it, the primary reason why I used iAd

00:22:38   back in the day was because I didn't have to worry

00:22:41   that Apple was being shady and doing weird stuff

00:22:44   with Apple's, with, you know, with my users' data

00:22:47   when they showed, when I showed ads in my applications,

00:22:50   and it's like, in the current world, in the current climate,

00:22:54   like, I really kind of wish that Apple brought that back,

00:22:57   and it gave users, like, developers a place to say,

00:23:01   if you care about privacy, you can put in this ad framework,

00:23:04   and it's not gonna do anything weird, it's not gonna be,

00:23:08   you know, it's not, it's gonna be respectful

00:23:10   of users' privacy, and you'll still, like, you know,

00:23:14   you'll make reasonable money, and everybody wins,

00:23:16   but it really is frustrating to me that those kind

00:23:19   of services don't exist, and you end up with either,

00:23:21   with, like, using Google's AdSense and AdMob and things,

00:23:25   which are, like, fine in the sense that I think, you know,

00:23:29   Google is reasonably transparent about what they're doing,

00:23:32   and hopefully what they're doing is reasonable.

00:23:34   It's like, or you have to take an approach

00:23:36   like what you're doing, where you have, like,

00:23:37   a totally custom advertising system,

00:23:39   which I don't think scales particularly well--

00:23:41   - Nope.

00:23:42   - To a lot of use cases.

00:23:44   - It's great for me.

00:23:45   - Yeah. (laughs)

00:23:46   But it's like, man, I just wish I, I wish I,

00:23:49   like, that would be, it's too early in the year

00:23:52   to start having our, like, wish casting for WWDC 2021,

00:23:55   but man, the return of iAd is high on my list, I think,

00:23:59   after going through this advertising

00:24:01   and tracking, like, experience.

00:24:03   - I don't, I wouldn't hold my breath on that.

00:24:05   If for nothing else, like, imagine the antitrust allegations

00:24:09   if, like, Apple made all their advertising

00:24:11   on the phone much harder, and then launched

00:24:13   their own network again. (laughs)

00:24:15   That's, that wouldn't fly.

00:24:17   - You just ruined my whole year, Mark.

00:24:19   It's never coming, you're right.

00:24:20   - Even if Apple wanted to get back into it,

00:24:22   which I think they very much don't,

00:24:24   they would never do that. (laughs)

00:24:27   - That would be a bad situation.

00:24:28   That is a pretty bad look, it's true.

00:24:31   So instead, like, we're stuck.

00:24:32   Like, I wish there was a better solution

00:24:34   for so much of this stuff, like, but there just isn't.

00:24:37   - One of the great things about all this privacy stuff

00:24:39   is that it creates demand for better stuff like this.

00:24:41   Like, right now, if I were to actually have my stuff

00:24:45   together, or you wanted to, like, actually release

00:24:49   your analytics package, or I wanted to actually release

00:24:51   my analytics package for anybody to use, which I can't,

00:24:54   it's just, it's not in my app, it's too custom.

00:24:55   But, like, you know, this is a great time

00:24:59   for a new open source, freely downloadable,

00:25:02   self-hosted, free analytics package to take over the world.

00:25:06   'Cause, like, right now there's massive demand

00:25:08   created for that.

00:25:09   And that's one of the great things about, like,

00:25:11   whenever something like this, or, you know,

00:25:13   back when GDPR and CCPA laws came into effect,

00:25:18   everyone all of a sudden had to evaluate.

00:25:20   And they had to do, like, what you were saying

00:25:21   a few minutes ago of, like, think about,

00:25:23   do I really need to collect this information?

00:25:25   Like, back when all that stuff went around,

00:25:27   I stopped doing anything related to IP addresses.

00:25:29   'Cause IP addresses are personal identifiable information.

00:25:32   And some of it's unavoidable, like, you know,

00:25:34   when somebody makes a request to my sync server,

00:25:37   I can see their IP address.

00:25:39   It's part of how networking works.

00:25:41   But I stopped, I removed it from all logs on my servers.

00:25:46   And I used to even save, like, the last IP

00:25:50   on login tokens back forever ago.

00:25:52   'Cause I figured this might be useful someday

00:25:54   to help detect some kind of abuse problems,

00:25:56   or fraud, or who knows what.

00:25:58   And it was, I never needed it.

00:25:59   And so, when GDPR came around, I just dropped all that data,

00:26:02   I dropped the IP logging from the web server logs,

00:26:05   I dropped anything, like, I was even using it

00:26:07   for rate limiting, and I just switched rate limiting stuff

00:26:11   instead of using the IP address to use the user ID.

00:26:14   And nothing happened.

00:26:15   Like, I lost no functionality, I lost,

00:26:17   no abuse became possible that wasn't possible before,

00:26:20   or at least nobody did anything with it.

00:26:22   Like, it was fine.

00:26:23   Like, everything was fine.

00:26:24   So I had this information before,

00:26:27   then I stopped collecting it, and stopped logging it,

00:26:29   and nothing bad happened to me.

00:26:31   I was just able to then say, all right,

00:26:33   this is not something I collect anymore.

00:26:35   And the more that we have in the legal, or regulatory,

00:26:39   or platform rules environment that can push developers

00:26:44   towards making decisions like that, the better we all are.

00:26:47   I think, you know, design questions aside,

00:26:50   like, again, I do think that the design of this

00:26:52   is too information heavy, basically,

00:26:56   and it kind of bores you into not paying attention

00:27:00   by how much they're telling you.

00:27:02   But overall, the concept of having these kind of

00:27:06   at privacy labels, I think is a very good thing.

00:27:09   And while most consumers won't care, and won't look,

00:27:13   and if they do look, they won't know, or understand,

00:27:16   or care what's in it, but for the few people

00:27:18   that do look and care, this can be something

00:27:21   that makes your app stand out from the rest.

00:27:22   Like, I looked at what other podcast apps

00:27:24   have in their list, woo!

00:27:27   - Yeah. - I was surprised to see

00:27:29   some of, how bad some of them were.

00:27:31   (laughs)

00:27:32   So, you know, for the few people who care,

00:27:35   this can be a competitive advantage for you,

00:27:36   and even if that's a very small number,

00:27:38   and even if you only ever get one or two extra downloads

00:27:41   because of the choices you made on this,

00:27:43   it's better for you.

00:27:44   You have less private information, you collect less data,

00:27:47   you have to store less data, you have to be concerned

00:27:50   and liable about less data if you ever get hacked,

00:27:53   or leaks, something like that.

00:27:54   So this is a good thing overall, even though

00:27:57   the implementation's a little bit iffy sometimes.

00:27:59   - Yeah, and I certainly agree.

00:28:01   I think it's a good thing, I just wish,

00:28:03   yeah, it feels like this is only half the solution,

00:28:07   and I really hope that Apple doesn't think that,

00:28:09   oh, we've done it, our privacy labels and we're sorted.

00:28:12   I hope there's a big strong redesign or clearer guides

00:28:16   or automating for some of this stuff.

00:28:18   You could imagine a world where they are pre-populating

00:28:21   some of your answers based on scanning

00:28:23   what third-party libraries are in your application.

00:28:26   I feel like there's a lot of things here

00:28:27   that would be helpful, in the same way that you do

00:28:30   with your thing where you say, this is Libsyn,

00:28:33   this is what this app does.

00:28:35   I feel like a lot of static analysis

00:28:37   could be done to potentially identify things like that

00:28:40   and make this process more straightforward,

00:28:42   because the goal is so admirable and so, I think, necessary,

00:28:47   but the mechanics and the process of it

00:28:49   could be so much more improved,

00:28:51   and I look forward to hopefully that happening.

00:28:55   - Thanks for listening, everybody,

00:28:56   and we'll talk to you in two weeks.

00:28:58   - Bye.

00:28:59   [ Silence ]