June 2021 update: Read our response to WWDC21 and Intelligent Tracking Prevention “3.0”, or jump straight to our in-depth e-book resources on ITP 2.0+ and conversion tracking methods.
If you’re in the performance marketing industry, you’ve noticed that major browsers have been making big changes to their privacy and security rules. And that means big changes for advertisers, networks, and publishers alike.
The September 2018 launch of the Intelligent Tracking Prevention (ITP) 2.0 update for Safari browsers is just one in a series of updates and announcements by Apple, Google, and Mozilla that are making it more difficult to do business on the internet. While internet users may welcome these changes, tracker blocking, decreased access to cookies, and the need for secure transport (https) have increased the barriers to entry for online commerce. These changes have also created a discrepancy gap between high and low complexity performance marketers.
In this post, we’ll review recent changes made by three major browsers, what these changes mean for performance marketers and TUNE, and how advertisers, networks, and publishers can prepare for the future of digital advertising.
[optin-monster-shortcode id=”kyarwgjnqalmy5cu” followrules=true]
Browser Updates: Safari, Chrome, and Firefox
While the browser names remain different, Safari, Chrome, and Firefox all seem to be heading the same direction when it comes to privacy and security changes. For a browser-specific breakdown, see our previous post, What Apple’s Intelligent Tracking Prevention 2.0 (ITP) Means for Performance Marketing, and these articles:
- Firefox: January 2018 – Mozilla releases broader tracker blocking
- Firefox: March 2018 – Mozilla distrusts Symantec TLS/SSL certificates
- Safari: June 2018 – Apple unveils ITP 2.0
- Chrome: July 2018 – Google increases focus on securing domains
- Firefox: August 2018 – Mozilla rethinks tracker blocking
What It All Means
In essence: Unsecured, client-side session tracking is dead. (Likely due to the rampant client-side tracking of individuals as they move across the internet.) This is currently the reality on Safari browsers, and recent updates have indicated that Firefox will follow, as Mozilla makes meaningful efforts to improve user security and privacy.
At TUNE, we believe these changes are meaningful evolutions, and should be accepted with open arms. We also know these changes mean a revolution in tracking and reporting methodologies is coming — a revolution that will impact the entire performance marketing industry.
So … where does that leave performance marketers?
How Advertisers, Networks, and Publishers Should Prepare
In our previous post on ITP 2.0, we shared that the best path forward for all performance marketers is to immediately move to server-side tracking, also known as postback tracking.
For advertisers, there is still an opportunity to make use of pixels and cookies, as long as the cookies are on the same domain (or a subdomain) of the advertiser’s primary domain. Cookie access is still possible, but there are new constraints, including 30-day limits on cookie storage and increased dropped sessions.
However, the same cannot be said for network or publisher domains. Upon the release of the ITP 2.0 update on September 17th, Safari began identifying domains that are solely used as “first-party bounce trackers,” and blocking these domains from accessing cookies on user browsers. The only tracking method approved by Apple and still allowed for this use case is server-side (postback) tracking.
Postbacks: The Path Forward
For some time now, we at TUNE have recognized the power of the postback. (So much so that we named our annual conference after it, and our CEO has sung its praises.) We invented it, after all. It’s a defining feature of the TUNE platform, natively integrated and mobile-ready, and has been our recommended attribution method for years. But we also recognize not everyone in the performance space is ready to take such a bold step.
ITP 2.0 Tracking FAQ
As promised, our FAQs about Apple’s ITP 2.0 update:
|What should TUNE clients who use pixels / cookie tracking do?||If you are a network or publisher, and are currently utilizing pixel tracking to receive conversion information from your advertiser: Contact your advertiser and begin the process of switching to postback tracking immediately. You will lose all conversions from Safari.
If you are an advertiser: As long as your cookies are on a subdomain of your primary site (e.g., if your site is advertiser.com, track.advertiser.com would be a subdomain), you should be fine. However, your tracking cookies will still be subject to the 30-day activity window.
|Are there any limitations to using TUNE “cookieless” pixel tracking?||Yes. Cookieless pixels rely on the transaction_id (the TUNE session identifier) to function. As cookies will be constrained by ITP, and one of the key arguments in favor of cookie tracking is the development effort of implementing storage for third-party identifiers like the transaction_id, cookieless pixels are likely to confine conversion tracking to the immediate session on the advertiser’s website. (This makes a 30-day cookie window more like a three-minute cookie window.)|
|Do TUNE clients need a custom domain in response to ITP? What about SSL certificates?||Yes. Advertisers need a custom tracking domain on the same domain as the primary website to allow for pixel tracking. If no pixel tracking is present, there is no specific need for a custom domain. However, it is best practice to use a custom domain to insulate your tracking from the issues of shared domains.
With regard to the SSL certificates: If you are an advertiser and want to use cookie-based tracking, and your conversion/thank you page is secure (i.e., https), you will need an SSL certificate on the domain you use for tracking purposes. Additionally, we expect Chrome and Safari to block unsecured domains. While it is not a requirement at the moment, it would be prudent to support secure tracking on your domain to future-proof your tracking.
If you are a network or publisher, a secure tracking domain is not required. However, with https becoming the norm across the internet, it would be prudent to make use of it. If any third party (not a user) attempts to capture traffic, they will be unable to view the query string because https encrypts the query string parameters of the link while in transit.
|I am an advertiser who works with multiple networks as publishers. How will ITP change how I work with them?||Working with multiple networks as an advertiser can be a challenge, especially with a number of different tracking technologies working behind the scenes. Apple and Mozilla have specifically said that server-side (postback) tracking is the ideal standard for sharing data between tracking platforms. However, not all platforms can currently support server-side notifications. If you encounter a network platform that is unable to accept server-side notifications, there are two options:
2) If you do not have an ITP-compliant pixel set up for your site, your network must either use server-side conversion notifications (postbacks) or will need to receive statistics from your Affiliate interface.
Interested in learning more about the TUNE platform, postback tracking, and how we solve for Apple’s ITP and other cookie-blocking measures? Contact us at [email protected]. To learn more about TUNE and user privacy under the General Data Protection Regulation, visit our GDPR page.
For in-depth guides to performance marketing measurement you can use right now, download TUNE’s e-books on online tracking in a post-ITP world and the 4 most popular conversion tracking methods.
September 2019 update: Read our point of view on ITP 2.2.
June 2019 update: The February update to ITP 2.1 and the April release of ITP 2.2 target a specific workaround used by companies like Facebook and Google to bypass the third-party cookie restrictions introduced in ITP 2.0. This workaround drops on sites a first-party cookie that acts as a third-party cookie for tracking purposes; ITP 2.2 now deletes these first-party cookies after 24 hours. TUNE’s recommended method of conversion tracking, server-side postback tracking, remains unaffected by these updates, as it does not rely on cookies to work.
November 2018 update: The release of Intelligent Tracking Prevention 2.0 on Safari for iOS 12 and macOS Mojave has severely impacted the tracking capabilities of traditional performance and affiliate marketing platforms. Not so for the TUNE Partner Marketing Platform. Server-side postback tracking is natively built into our platform, and therefore tracking on TUNE using this method has not been affected by ITP 2.0.
Becky is the Senior Content Marketing Manager at TUNE. Before TUNE, she led a variety of marketing and communications projects at San Francisco startups. Becky received her bachelor's degree in English from Wake Forest University. After living nearly a decade in San Francisco and Seattle, she has returned to her home of Charleston, SC, where you can find her enjoying the sun and salt water with her family.