How Apps Can Respect Privacy While Still Getting Personal

We’ve all had that moment. You casually mention something in conversation and then, like magic, there it is: an ad about that very thing pops up while you’re doomscrolling. It can be unsettling. 

Whether or not our devices are indeed listening to us, the perception of surveillance is real, and it’s affecting how people use the internet.

According to the Pew Research Center, nearly half of Americans (49%) have stopped using a digital device, website, or app because they were worried about their personal information being used. That’s not just anecdotal unease — that’s millions of people choosing to disengage based on privacy fears.

App companies need to take these concerns seriously if they want to stay competitive. At the same time, mobile apps rely on sensitive personal signals, like IP addresses, location, and session behavior, to deliver responsive, personalized experiences. Here we face a challenge: how to keep offering personalized content without violating user privacy? Keep reading to find out. 

The Rising Demand for Privacy

The same Pew Research Center report I mentioned above also says that 44% of users have turned to privacy-focused browsers or search engines that don’t track their activity. About one in three use encrypted messaging apps to keep their conversations private.

Privacy is no longer a nice-to-have — it is a must-have. Big tech giants like Apple and Google have taken action, and the shift has triggered a domino effect across the industry. However, a poor implementation of privacy can lead to friction and even lost revenue. That’s because the wrong kind of privacy solution can be too disruptive, take CAPTCHAs for example, and end up turning customers away. Poor privacy solutions can also give out too much personal information to the app the user is trying to access.

For example, traditional device fingerprinting or app-specific sign-in flows allow the app provider to validate users but also collect and retain full access to identifying information, such as IP address, device metadata, or behavioral profiles. This creates a privacy imbalance: users may be shielded from third-party trackers, but the app itself has high visibility into the user's identity and activity.

Private Access Tokens: Verification Without the Tracking

When privacy is done right, it verifies the legitimacy of the user without violating their privacy or slowing them down. Fastly issued private access tokens are great examples of privacy done right since they allow apps to know that they’re interacting with a human while hiding identifying user characteristics.

The verification process is split between two parties so that no single party sees the full picture. When a user requests access to a protected resource (like a login page), the origin asks for a token. An attestation service, such as Apple’s, verifies the user is human, but doesn’t know what site they’re visiting. If the request passes Apple’s attestation, it asks Fastly (the token issuer) to generate a token. Fastly only knows a trusted attester requested it. When the client presents the token to the website, the website has little information about the user, but knows that it came from a trusted source and allows access.The result is strong privacy protection without tracking or annoying CAPTCHAs.

Double-Blind Privacy with Oblivious HTTP

Another great way to protect user privacy without hurting the user experience is Oblivious HTTP (OHTTP). With OHTTP, requests from users are encrypted and routed through two separate components: a Relay and a Gateway. The Relay sees who the user is (metadata like IP address and HTTP headers) but not the content of the message, while the Gateway sees only what the user is requesting (like a crash log or API call), but not who it’s from. Fastly acts as a key component in this two-proxy architecture where one party sees the user and the other sees the destination, but never both. That split builds trust by ensuring no one party is a witness to the entire user journey.

OHTTP runs on our compute or delivery platform. When someone makes an encrypted HTTP request to us we remove the private information of the user from the headers. The gateway then decrypts the request and passes it to the origin. These messages pass through our CDN datacenters but are never cached. Additionally, Fastly OHTTP customers do not get access to logs, so they can’t figure out the user’s IP address. That’s how we act as a third party that protects the user’s data.

But what does all this mean for customers who want to deliver localized, personalized experiences? The good news is that you can still enable personalization. It just depends on how you structure your request payloads. It’s up to you to decide what to route through the relay and what to keep personalized using traditional methods.

Location-Aware Privacy with MASQUE Relay

OHTTP relay is relatively easy to set up, but sometimes more flexibility is required. Fastly’s Privacy Proxy  (MASQUE Relay) can be operated as part of a multi-hop proxy that blinds the client's IP address from any origin without requiring a gateway that is aware that a proxy is being used. It is a customized solution that can be configured to share the client's approximate location to the origin.

Instead of forwarding the user’s actual IP, the client or “proxy A” can include an approximate geolocation in a header. Fastly then uses an IP address from that same general area when making the request to the origin. So to the origin, the request looks like it’s coming from, say, Chicago or Berlin even though it has no idea who the user really is.

The result? Users stay anonymous, but the app can still deliver content tailored to the customer’s region.

Privacy Keeps Evolving

This isn't the end of the road. Fastly is already exploring next-gen privacy tech like the Distributed Aggregation Protocol, a privacy-safe way to count ad impressions without revealing user identities. New technologies are going to continue to be developed and we are getting involved in supporting and promoting their growth.

Are you ready for privacy-first architecture? Book a free demo to see how we can build a better, more privacy-focused internet together.