Apple Rolls Out New Intelligent Tracking Prevention (ITP) Version 2.2
What is Intelligent Tracking Prevention And How Does The Latest Update Impact Marketers?
In April 2019, Apple announced version 2.2 of its Intelligent Tracking Prevention (ITP). ITP 2.2 is a new feature of WebKit, which is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux. So far there have been four prior releases of ITP — 1.0, 1.1, 2.0, and 2.1. So, what exactly is Intelligent Tracking Prevention?
Intelligent Tracking Prevention is a feature on Safari web browsers that protects user privacy by preventing cross-site tracking of users by changing the way Safari handles first-party cookies. Since ITP 1.0 was launched, Apple has noted an increase in usage of URL query strings (a way to work around the ITP feature) for cross-site tracking purposes – hence the reason for multiple ITP releases.
Why is Apple committed to implementing ITP on its Safari browsers? Apple has always focused on the security and privacy of its consumers. Previously, privacy features primarily lived on Apple devices. However, with the recent data privacy concerns around advertising, Apple is taking steps to further enhance security features that extend to its browsers.
How Does Intelligent Tracking Prevention Work?
First, it is important to understand how a cookie works. As it relates to a computer browser, a cookie is a small file that collects data specific to a user and a website. When a user visits a website, a cookie collects user data and sends that information to be stored on a server for future use. When the user revisits that website, the server resends the collected cookie data to the browser to provide a personalized experience. For example, a cookie can “remember” information like login status, products added to a cart, website settings (i.e., language version), and values entered into a form (e.g., name, email, company).
First-Party Vs. Third-Party Cookies
- First-party cookies: First-party cookies are issued and stored by a website that a user visits directly. So, if a user lands on a website – for example, forbes.com – then this site creates a cookie which is saved on the user’s computer.
- Third-party cookies: Third-party cookies are not created by the website being visited, but rather by someone else (think ad retargeting). What does this mean in practice? Let’s say a user visits forbes.com, which has a YouTube video on one of its pages. In this case, YouTube will set a cookie which is saved on the user’s computer. In this example, YouTube is the third-party cookie because the cookie was created by a different domain than forbes.com.
Cross-Device Tracking With Cookies
With recent advancements in marketing tech and personalized advertising, cookies have provided a much more personalized and seamless online experience for consumers. However, the personalized experience also comes with a drawback for consumers: cookies can also become trackers and track users across the internet and devices such as desktop and mobile. Historically, cookies have been safe from any automatic blocking or removal.
Here’s how cross-device tracking works for advertising:
- A user visits a website that creates a first-party cookie, which is assigned to that user
- The user then clicks on an ad and is directed to the ad tech platform (like Facebook)
- The ad tech platform creates another first-party cookie under its domain and again, assigns that cookie to the user
- The ad tech platform then redirects the browser to the advertiser’s product landing page
In the above scenario, the ad tech platform can now track a user’s activity across the internet – and sometimes across devices, too.
So where does ITP fit in? ITP’s primary objective is to prevent tracking users across websites and devices. However, the main objective of a cookie is to do exactly that. So, how can companies ensure that the first-party or third-party cookie and the browser can continue to work together while still preventing anyone from collecting too much information on a user? This is exactly what Apple is trying to solve with ITP.
Breakdown Of The 5 Different ITP Releases
Below is a breakdown of the five different releases Apple has rolled out over the last 14 months and what has changed across various versions:
Intelligent Tracking Prevention 1.0 and 1.1, June 2017 and March 2018
In versions 1.0 and 1.1 of ITP there was a feature that allowed first-party trackers to behave like third-party trackers, as long as the user visited the website within 24 hours. This meant Apple was giving advertisers a 24-hour window from when a first-party cookie was last accessed in a third-party context for things like retargeting or just cross-website tracking, but after 24 hours the time was up and that cookie could no longer be accessed to track the user’s behavior. First-party cookies remained on the user’s browser, but Safari would delete them entirely after 29 days.
Intelligent Tracking Prevention 2.0, June 2018
ITP 2.0 release had a few major inclusions with a much larger impact on advertisers related to attribution reporting and conversion tracking by channel or tactic. The biggest difference in ITP 2.0 from ITP 1.0 was the 24-hour window. ITP 2.0 completely scrapped the 24-hour grace period for advertisers that helped attribute data to a user after they visited a company’s website. Websites could no longer leave cookies in the Safari user’s website for later retargeting and attribution reporting.
To use Facebook tracking as an example, Facebook typically allows users to log into their accounts on multiple websites to facilitate a more seamless experience for users to share, comment, or otherwise engage with on content that is outside of Facebook. Originally, ITP 1.1 enabled this feature and allowed Facebook to track this cross-site engagement. ITP 2.0 detected this cross-site tracking and broke up the cookies, eliminating the ability for ad platforms like Facebook to be able to track the user data. However, Apple allowed users to choose if they wanted Facebook to access their interactions and activities across different websites by displaying a consent box like the one below.
Note: Facebook’s default browser on both Apple and Android devices is Safari, so all of the in-app engagements, including visiting a brand’s website, were affected by this change.
Intelligent Tracking Prevention 2.1, February 21, 2019
As you can imagine, the release of ITP 2.1 made it even harder for trackers to identify and follow users across the web when browsing on Safari. ITP 2.1 set a 7-day expiration rather than the original 30 days on all first-party also cookies, regardless of their existing expiration date.
Intelligent Tracking Prevention 2.2, April 24, 2019
Only two months after the release of ITP 2.1, Apple released ITP 2.2 to combat cross-domain tracking with link decorating, which is a simple way to track activity within a URL. Link decorating was a workaround created by all media platforms (think Google, Facebook, and others). These first-party cookies will now be set to expire within 1 day.
Below is an example of a decorated link:
https://www.example.com? utm_source=googleads&utm_medium=cpc&utm_campaign=summer-promotion
Everything after the “?” are parameters used by publishers to identify which visits to their website came from this source; in the example above would be a paid search campaign on Google Ads.
Another example of link decoration could look like this: https://www.example.com?clickID=789
Here, a marketer would be able to track users by passing a unique user ID in the URL. This clickID could be used to identify and track users as they move from one website to another. Which is exactly what ITP 2.1 is aimed at preventing.
How Does Intelligent Tracking Prevention Impact Marketers, Martech, And AdTech Companies
Undoubtedly, ITP 2.2 creates new marketing challenges around tracking, retargeting, and measuring attribution across channels. Specifically, marketers may not be able to attribute channels assisting in conversions and will need to rely more on first-party behavioral data to create audiences and target. However, ITP is just one of many limitations to come that will impact the digital advertising industry; moving forward, marketers will need to adjust to users’ growing expectations of their right to privacy.
Right now, ITP only impacts Apple and its Safari browsers – Safari is the second-most adopted browser after Google Chrome and is used by approximately 14% of users in the United States. However, depending on a target audience (i.e. if a specific audience primarily uses Apple products), ITP could have a larger impact for specific companies.
That said, Apple’s continued ITP releases also open the door for other browsers to follow suit – browsers like Firefox and Internet Explorer will not want to be left behind as more and more users demand higher privacy and control over how their data is shared and used. In the meantime, marketers need to start thinking about how to continue to measure the impact of media with different attribution models, and ensure that impact is measured across all channels rather than silos.
Sources: