Apple is on the anti-tracking warpath again. The company has further tightened its anti-tracking policies in order to prevent ad tech vendors from using loopholes in its existing user privacy policy to track users across the web.

As of last week, ad tech vendors and advertisers can no longer use a range of more supposedly covert user tracking techniques, like link decoration and fingerprinting, which had been gaining popularity as ways to circumvent Apple’s earlier efforts to prohibit tracking across Safari.

In the short term, publishers anticipate revenue decline and uncertainty over product investment. However, publisher executives don’t believe the drop will be as severe as the initial ITP updates, after which some publishers saw CPMs on the open exchange drop by 40%, according to ad tech sources.

“It’s pointed at third-party tracking and ad tech junk, and that plays better for publisher-owned data,” said a publishing executive speaking on condition of anonymity. “The specific call-out that ‘Like’ buttons, federated comments or other social widget buttons may stop working looks like an obvious hammer blow to Facebook and others, who federate and collate data that is harmful when played back against publishers.”

Along with this latest update on Aug. 16., Apple listed 11 unintended consequences that would arise due to it wiping out tracking techniques, many of which have made media consultants nervous. As well as “Like” buttons, Apple lists federated login using a third-party login provider and single sign-on to multiple websites controlled by the same organization as potentially being affected. These are two techniques that multiple media organizations within alliances deploy so users can log in once to access numerous sites. This allows media organizations to share data with each other to offer ad buyers an alternative ad platform with competitive scale to Facebook and Google. The impact on media alliances that require users to log in once for multiple sites is going to be painful.

“The list of unintended impacts make it clear that the overall industry approach of whack-a-mole is unsustainable,” said Alessandro De Zanche, founder of media consultancy ADZ Strategies. “Single sign-on and federated logins could affect media alliances that are genuinely trying to implement a more powerful future vision for the business. This is a huge issue, I can’t see it being any benefit to the industry; it’s just a further sign of back and forth.”

Ad tech vendors popularizing workarounds and circumventions to Apple’s anti-tracking ITP had already prompted the company to update its policy in February and again in April this year, forcing an anti-tracking arms race.

Approximately 37% of users in the U.K. in June came to publisher sites via Safari browsers and 5% from Mozilla Firefox, according to data from data-management platform Permutive. Firefox has its own anti-tracking policy, which Apple nods to, and Google has pledged to crack down on cross-site tracking and fingerprinting. Publishing sources are keeping a watchful eye as to whether Google can commit with the same conviction to its privacy pledge.

Since the ITP 2.0 update last summer, publishers have sold open marketplace inventory for Google Chrome audiences, rather than Safari, which they instead now sell direct to agencies. For instance, some publishers have found that by setting up private marketplaces for their Safari audiences directly with agencies, they have managed to recoup some of the revenue they lost with the initial ITP update, according to Joe Root, co-founder at Permutive.

Another temporary fix for advertisers has been to try and find these audiences in the app ecosystem. Advertisers can still track users across the app ecosystem with Apple’s identification for advertising. But Apple’s no-nonsense stance toward privacy on the open web means industry sources question how long Apple will keep identification for advertising alive.

“It’s not until Apple kills IDFA that the buy side will see the scale of the problem and will force the relationship with publishers,” said Root.

Apple’s anti-tracking moves have implications for the whole ad tech ecosystem. Apple intends to treat ad tech vendors, as well as tech giants such as Facebook and Google, like malware if they continue to use cookies for cross-site targeting purposes. It stands to reason those hardest hit will be third-party data providers, DSPs, and in the long term Facebook and Google, which won’t be able to retarget on Apple devices, leading to large holes in their ad businesses, said Root.

“Publishers, Facebook and Google are all aware of the scale of the problem and talking actively about it,” he said. “The rest of the industry is trying to obscure it. The scale of the problem is enormous.”

For instance, ITP 2.0, released in August 2018, helped prompt Nordic publisher Schibsted — which provides login and identity services to a range of its digital newspapers in Norway and Sweden — to rebuild its login and identity system so that users’ logged-in sessions are based on first-party rather than third-party cookies.

“Apple’s ITP 2.0 update had a big effect on how we need to operate to secure a stable and reliable login and identity solution,” said Ida Kristine Norddal, product manager, identity, at Schibsted. “It has not impacted the revenues directly, as we have rebuilt our solution accordingly. But there are, of course, costs associated with rebuilding the solution.”

For now, there are still a lot of unknowns about exactly how much of a problem the unintended consequences will cause publishers.

“If it starts hurting user experience because it prevents us from persistently identifying session-to-session users, then that’s obviously bad for the user and bad for us,” added the first anonymous publishing executive. “But that’s equally bad for everyone.”

  • LinkedIn Icon