WTF is Apple’s ITP 2.2 update?
Apple continues to close up loopholes in Safari’s anti-tracking feature, Intelligent Tracking Prevention.
In the latest update to ITP that was announced on April 24 and is currently being tested, Apple appears to be taking aim at the workaround that companies including Facebook and Google have rolled out since ITP’s introduction in 2017 that are meant to enable them to continue measuring traffic and attributing ads to site visits and online purchases on third-party sites.
ITP 2.2 does not disarm those workarounds entirely. Instead the update is largely intended to ensure that the companies are not using the workarounds to side-step Safari’s anti-tracking feature and persistently track people around the web.
ITP 2.2 significantly narrows the workarounds’ tracking window to 24 hours, restricting the ability of companies like Facebook and Google to measure traffic and attribute ads. “I expect that this has a big impact on attribution,” said Ameet Shah, vp of data and technology strategy at Prohaska Consulting. We break down what’s going on.
WTF is ITP again?
ITP is a feature that Apple added to Safari in 2017 to curtail companies’ abilities to monitor people’s browsing behavior when they visit other companies’ sites. Initially, Apple took aim at the third-party cookies that platforms like Facebook and Google, as well as a bevy of ad tech vendors, place on sites they don’t own that allow them to track people across the various sites that carry their third-party cookies. Then earlier this year, Apple updated ITP to account for a workaround that companies came up with in which they have a site drop a first-party cookie that mimics the functionality of the third-party cookie. With ITP 2.1, Safari deletes these first-party cookies seven days after they were installed on a browser.
If ITP 2.1 already affected these first-party cookie workarounds, what’s different about ITP 2.2?
ITP 2.2 cuts the first-party cookie’s lifespan from seven days to one day. As a result, the first-party cookies that Facebook and Google have introduced in order to continue measuring site traffic and attributing ads will be deleted after 24 hours. As a result, if a person clicks on an ad for a product on Friday and decides to take the weekend to think about buying, then the cookie wouldn’t be around on Monday to register when the person returns directly to the site to buy the product.
“Many actions advertisers are interested in attributing back to digital marketing efforts happen outside the newly implemented 24-hour window, creating a blind spot for advertisers and brands,” said Amanda Martin, vp of enterprise partnerships at Goodway Group.
I thought Apple was fine with companies using first-party cookies to attribute ads?
It was and still is. But it’s wary of companies taking advantage of that functionality to do more than attribute ads or analyze traffic, which is why ITP 2.2 only applies to a certain kind of first-party cookie.
What kind of first-party cookie does ITP 2.2 apply to?
It applies to the persistent first-party cookie that a site drops on a person’s browser on behalf of another company that Apple has determined is able to track people across multiple sites that it does not own. Specifically, the update is concerned with companies that use a method called link decoration to drop the first-party cookie and track people on the site. As it happens, Facebook’s and Google’s ITP workarounds employ link decoration to continue tracking Safari users on third-party sites.
WTF is link decoration?
Link decoration provides a way to attach information to a URL that a person clicks on in order to pass that information to the destination site. For example, let’s say you click a link in FakePublisher’s email newsletter to an article on its site. The newsletter can attach information to that URL — ex. http://fakepublisher.com?referrer=ouremailnewsletter — so that it knows a person navigated to its site by clicking a link in its email newsletter.
That sounds pretty common. What’s the problem?
The problem is that companies can use link decoration to pass information to other sites that enables them to persistently track a person on those sites. This practice is called cross-site tracking via link decoration, and it’s what Apple is addressing with ITP 2.2.
How does cross-site tracking via link decoration work?
It’s a three-step process that involves attaching a tracking monitor to a link, having the destination site store that tracking monitor and notifying the company that set the tracking monitor when the person who clicked on the link has visited the site, even if it has been days since the person clicked that initial link. Essentially, the link gets a unique identifier, which is then stored by the destination site in a first-party cookie. Then, when a page loads on a site with Facebook’s pixel or Google’s tag, those tracking mechanisms look for the first-party cookie, pull the click ID and send it to Facebook or Google, along with whatever other information that may be designed to attached, such as the page URL which enables them measure product purchases if it’s a transaction confirmation page. This enables Facebook and Google to track a person’s visits to the site long after they had clicked on the initial link, so long as the first-party cookie has not expired.
OK, but is this a big deal?
In some ways, yes. But it’s limited to Apple’s Safari browser, which limits the scope of its impact. On desktop, Safari accounted for only 4% of browser sessions worldwide in April 2019, according to NetMarketShare. However, for mobile, Safari accounted for 26% of browser sessions that month.
What are Facebook and Google doing about this?
“We have solutions in place to help our clients continue to measure their advertising in accordance with Apple’s policies,” said a Google spokesperson in an emailed statement.
“We are working with our partners to better understand these latest updates and how they affect Facebook. We plan to share more guidance for businesses in the future,” said Facebook spokesperson Joe Osborne in an emailed statement.
Facebook and Google could follow Microsoft’s example. In January 2018, the company’s advertising division introduced its own ITP workaround that is similar to Facebook’s and Google’s examples except that it uses a session cookie that expires once a person closes their Safari browser. ITP 2.2 only applies to persistent cookies that remain on the browser after it has been closed.
Are Facebook and Google the only companies affected by ITP 2.2?
No, though they are probably the biggest ones. ITP 2.2 would affect any company that uses link decoration to track people around the web. That includes ad tech vendors, measurement firms, affiliate marketers and certain types of influencers.
How would affiliate marketers and influencers be affected?
Publishers and individual bloggers use link decoration to get credit when people click on a product link featured on their sites and purchase the product on the merchant’s site. These publishers and bloggers would not be credited with a purchase made more than a day after a person clicked on that product link from their sites. Without that credit, the publisher or blogger may not be compensated for contributing to the purchase.
“That’s one key area that we’re going to start seeing companies or this market of small businesses start going out of business if they’re not going to get compensated properly. These are downstream impacts from those bad actors [that take advantage of link decoration to follow people around the web],” said Desiree Toto, vp of product development at affiliate marketing network CJ Affiliate.
‘More dollars to experiential’: Why Walmart is still using experiential marketing to pitch Walmart+ — even during coronavirus crisis
The company is working with influencers and media partners to bring some of the missed “special moments” that had been canceled throughout 2020 to life.
Member Exclusive‘Don’t have the luxury of doing good’: The age of dissonance continues at this year’s ANAs — and beyond
When there’s an on-going global pandemic that’s crippling whole brand categories, it was hard to hear the CMOs speaking at the ANAs.
Twitch emerges as rising platform for beauty brands
Twitch’s over 17.5 million daily active users are gaining growing attention from companies well beyond the traditional gaming world.
SponsoredPublishers must strengthen their relationships with brands and customers
Zara Erismann, MD Publisher EU, LiveRamp In today’s market of tightening data regulations — and with the end of third-party cookies now around the corner — it is critical that publishers focus on optimizing their data strategies to ensure and strengthen close relationships with their audience. In a recent report, The State of Publishing: Monetizing […]
‘Show we’re listening’: Why agencies are lending office furniture, offering WiFi stipends to employees as new pandemic-era perks
With a hybrid reality in the offing, rethinking perks to include ways to make working from home better for employees has become a focus for leaders.
‘Shopping patterns will feel longer and flatter’: Gap’s CMO on preparing for holiday campaigns
Mary Alderete on the upended marketing calendar and Gap’s plans to lean into the extended holiday season this year.