November 2018 update: The recent release of ITP 2.0 on Safari for iOS 12 and macOS Mojave has severely impacted the tracking capabilities of traditional performance and affiliate marketing platforms. Not so for HasOffers. Server-side postback tracking is natively built into our platform, and therefore tracking on HasOffers using this method has not been affected by ITP 2.0.
To learn more about ITP 2.0 and how TUNE can future-proof your tracking capabilities, contact [email protected].
If you’re in the performance marketing industry in 2018, you’ve noticed that major browsers have been making big changes to their privacy and security rules. And that means big changes for advertisers, networks, and publishers alike.
The September 2018 launch of the Intelligent Tracking Prevention (ITP) 2.0 update for Safari browsers is just the latest in a series of updates and announcements by Apple, Google, and Mozilla that are making it more difficult to do business on the internet. While internet users may welcome these changes, tracker blocking, decreased access to cookies, and the need for secure transport (https) have increased the barriers to entry for online commerce. These changes have also created a discrepancy gap between high and low complexity performance marketers.
In this post, we’ll review recent changes made by three major browsers, what these changes mean for performance marketers and HasOffers, and how advertisers, networks, and publishers can prepare for the future of digital advertising.
Browser Updates: Safari, Chrome, and Firefox
While the browser names remain different, Safari, Chrome, and Firefox all seem to be heading the same direction when it comes to privacy and security changes. For a browser-specific breakdown, see our previous post, What Apple’s Intelligent Tracking Prevention 2.0 (ITP) Means for Performance Marketing, and these recent blogs:
- Firefox: January 2018 – Mozilla releases broader tracker blocking
- Firefox: March 2018 – Mozilla distrusts Symantec TLS/SSL certificates
- Safari: June 2018 – Apple unveils ITP 2.0
- Chrome: July 2018 – Google increases focus on securing domains
- Firefox: August 2018 – Mozilla rethinks tracker blocking
What It All Means
In essence: Unsecured, client-side session tracking is dead. (Likely due to the rampant client-side tracking of individuals as they move across the internet.) This is currently the reality on Safari browsers, and recent updates have indicated that Firefox will follow, as Mozilla makes meaningful efforts to improve user security and privacy.
At TUNE, we believe these changes are meaningful evolutions, and should be accepted with open arms. We also know these changes mean a revolution in tracking and reporting methodologies is coming — a revolution that will impact the entire performance marketing industry.
So … where does that leave performance marketers?
How Advertisers, Networks, and Publishers Should Prepare
For advertisers, there is still an opportunity to make use of pixels and cookies, as long as the cookies are on the same domain (or a subdomain) of the advertiser’s primary domain. Cookie access is still possible, but there are new constraints, including 30-day limits on cookie storage and increased dropped sessions.
However, the same cannot be said for network or publisher domains. Upon the release of the ITP 2.0 update on September 17th, Safari began identifying domains that are solely used as “first-party bounce trackers,” and blocking these domains from accessing cookies on user browsers. The only tracking method approved by Apple and still allowed for this use case is server-side (postback) tracking.
Postbacks: The Path Forward
For some time now, we at TUNE have recognized the power of the postback. (So much so that we named our annual conference after it, and our CEO has sung its praises.) We invented it, after all. It’s a defining feature of the HasOffers platform, natively integrated and mobile-ready, and has been our recommended attribution method for years. But we also recognize not everyone in the performance space is ready to take such a bold step.
ITP 2.0 Tracking FAQ
As promised, our FAQs about Apple’s ITP 2.0 update:
|What should HasOffers clients who use pixels / cookie tracking do?||If you are a network or publisher, and are currently utilizing pixel tracking to receive conversion information from your advertiser: Contact your advertiser and begin the process of switching to postback tracking immediately. You will lose all conversions from Safari.
If you are an advertiser: As long as your cookies are on a subdomain of your primary site (e.g., if your site is advertiser.com, track.advertiser.com would be a subdomain), you should be fine. However, your tracking cookies will still be subject to the 30-day activity window.
|Are there any limitations to using HasOffers “cookieless” pixel tracking?||Yes. Cookieless pixels rely on the transaction_id (the HasOffers session identifier) to function. As cookies will be constrained by ITP, and one of the key arguments in favor of cookie tracking is the development effort of implementing storage for third-party identifiers like the transaction_id, cookieless pixels are likely to confine conversion tracking to the immediate session on the advertiser’s website. (This makes a 30-day cookie window more like a three-minute cookie window.)|
|Do HasOffers clients need a custom domain in response to ITP? What about SSL certificates?||Yes. Advertisers need a custom tracking domain on the same domain as the primary website to allow for pixel tracking. If no pixel tracking is present, there is no specific need for a custom domain. However, it is best practice to use a custom domain to insulate your tracking from the issues of shared domains.
With regard to the SSL certificates: If you are an advertiser and want to use cookie-based tracking, and your conversion/thank you page is secure (i.e., https), you will need an SSL certificate on the domain you use for tracking purposes. Additionally, we expect Chrome and Safari to block unsecured domains. While it is not a requirement at the moment, it would be prudent to support secure tracking on your domain to future-proof your tracking.
If you are a network or publisher, a secure tracking domain is not required. However, with https becoming the norm across the internet, it would be prudent to make use of it. If any third party (not a user) attempts to capture traffic, they will be unable to view the query string because https encrypts the query string parameters of the link while in transit.
|I am an advertiser who works with multiple networks as publishers. How will ITP change how I work with them?||Working with multiple networks as an advertiser can be a challenge, especially with a number of different tracking technologies working behind the scenes. Apple and Mozilla have specifically said that server-side (postback) tracking is the ideal standard for sharing data between tracking platforms. However, not all platforms can currently support server-side notifications. If you encounter a network platform that is unable to accept server-side notifications, there are two options:
2) If you do not have an ITP-compliant pixel set up for your site, your network must either use server-side conversion notifications (postbacks) or will need to receive statistics from your Affiliate interface.
To learn more about TUNE and user privacy under the new General Data Protection Regulation, visit our GDPR page.
Never miss a thing!
Want the goods delivered straight to your inbox?
Sign up for our blog recap emails to stay in-the-know about digital marketing, analytics, and optimization.
Thanks for Subscribing!
Groundbreaking mobile content is headed to your inbox.
As the Director of Innovation at TUNE, Alex plays a variety of roles: team manager, product manager, and future-thinking agitator. He spends most of his time learning and turning his learnings into confluence documents. He is a recovering entrepreneur, and occasional Canadian. Alex holds a Computer Science degree from the University of British Columbia.