Surprised that Google didn't take proper pre-cautions here to not run into this.
If there is indeed such an identifier, enabled by default its pretty obvious that its technically possible to track a user. And with all the other data Google has, they also can link to the actual identity pretty easily.
The identifier itself it made to track the user by 3rd party apps, so it's pretty clear why its there :)
Apple provides the exact same API - https://developer.apple.com/documentation/adsupport/asidenti... although IIRC it manages it better (users can revoke it, but it's on by default). I wonder why Google is singled out here though - if Apple is also mining our data, they should also be on the hook.
I wonder if all other OS vendors could be fined as well because the OSes are full of tracking identifiers - device MACs, device install identifiers, serial numbers, etc. There's plenty of apps out there that use those identifiers to track user behaviour.
I looked at your link and I did not see how it could be turned off. It doesn't really say what Limit Ad Tracking does. You'd think that if it caused your advertising ID to be zeroes, then Reset Advertising Identifier would be greyed out if you turned on Limit Ad Tracking.
OK, so your new link @ Apple is more clear, and I do vaguely recall seeing this years ago: for all modern iOS versions, Limit Ad Tracking does set the Ad ID to all zeroes.
> When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking.
I think they are deliberately making things confusing. Also the double negative thing which is not very typical for other settings.
I added a link to an Apple support doc which to me suggests that limit = off (or it’s an even bigger conspiracy than I thought, but I’m not that paranoid)
> When Limit Ad Tracking is enabled on iOS 10 or later, the Advertising Identifier is replaced with a non-unique value of all zeros to prevent the serving of targeted ads. It is automatically reset to a new random identifier if you disable Limit Ad Tracking.
Surely it's easier for Google to ask forgiveness than permission. Why wouldn't they do this if they want to track you, especially if they can muster even a shred of plausible deniability to allow them to keep it in place longer?
It's not easier to ask forgiveness than permission - asking permission is free but having to 'ask forgiveness' under GDPR if you've intentionally not asked permission may involve fines up to 4% of annual global turnover which comes out to something like 6 billion dollars for google.
It is easier, at least in the short term, because it gets right away to that tracking sweetness. It might be regretted in the long term, although global companies don't seem to be taking GDPR seriously yet, probably because they don't sufficiently fear the enforcing bodies. (Let's see those consent walls come down first.) In the meantime, who knows how much Google made off the tracking information that they got this way?
If there is indeed such an identifier, enabled by default its pretty obvious that its technically possible to track a user. And with all the other data Google has, they also can link to the actual identity pretty easily.