The Electronic Frontier Foundation has raised concerns over retargeting company Criteo’s commitment to consumer privacy and its inclusion in the Acceptable Ads initiative.
In a post published on December 22, the advocacy group details Criteo’s attempts to overcome Apple’s decision to block third-party cookies on its Safari browser — which the EFF argues is an attempt to circumvent explicit privacy tools for the purpose of tracking.
“EFF is concerned about Criteo’s continued anti-privacy actions and their continued inclusion in Acceptable Ads,” the group writes.
A week earlier, Criteo’s share price fell off a cliff when it told the market Apple’s Intelligent Tracking Prevention (ITP) solution in its Safari browser would put a bigger dent in the company’s revenues than previously forecast.
ITP limits the ability of third parties to collect information on website visitors which creates huge problems for businesses like Criteo that retarget advertising based on a user’s cookies.
For its part Criteo maintains it does not collect any information prior to gaining user consent and consumers can opt-out of cross-site tracking by changing their settings.
“Criteo styles itself as a leader in privacy practices, yet they have dedicated significant engineering resources to circumventing privacy tools,” The EFF writes.
The company’s previous Safari workarounds included diverting consumers to Criteo.com in between visiting pages so it would become a first party entitled to set a cookie rather than a third party, the EFF writes. That was exposed by researchers in 2015.
More recently, Criteo’s response was to abandon cookies for Safari users and to generate a persistent identifier by piggybacking on a key user safety technology called HSTS, according to the EFF writes. But Apple closed that loophole in December, triggering the steep drop in Criteo’s share price.
“Earlier this month, Apple launched a new version of its mobile operating system, iOS 11.2, which disables the solution that some companies in the advertising ecosystem, including Criteo, currently use to reach Safari users,” the company said in a statement on December 14.
Criteo said it was working on a fix, which is “under development and “its effectiveness cannot be assessed at this early stage.”
“We are focused on developing an alternative sustainable solution for the long term, built on our best-in-class user privacy standards, aligning the interests of Apple users, publishers and advertisers,” the French company said.
In response to the EFF article, Criteo told Which-50:
The other part of the EFF criticism is Criteo’s inclusion in Acceptable Ads initiative, which whitelists “non-intrusive ads”. This means their ads are unblocked by adblockers like Adblock and Adblock Plus for a fee.
“Criteo pays Eyeo, the operator of Acceptable Ads, for this whitelisting and must comply with their format requirements. But this also means they can track any user of these adblockers who has not disabled Acceptable Ads, even if they have installed privacy tools such as EasyPrivacy with the intention of protecting themselves,” the EFF writes.
“The fact that the Acceptable Ads Initiative has approved Criteo’s user-tracking-by-misusing-security-features ads is indicative of the privacy problems we believe to be at the heart of the Acceptable Ads program.’”