The Problem

In the latest versions of Intelligent Tracking Prevention (ITP), Apple introduced key changes which will significantly impact data collection. This means that your current online conversion setups will be missing a large amount of data. However, there are ways you can continue recording user data while respecting user privacy.

What are cookies?

The internet and the world of digital marketing runs on cookies - small pieces of text sent to your browser by websites which you visit. Websites can then use them to remember information about your visit and use them to improve your experience.

There are a variety of cookies, each with different functions.

• Session/temporary cookies
• Permanent/persistent cookies
• First-party cookies
• Third-party cookies
• Flash cookies
• Zombie cookies

Of particular interest are first and third party cookies. First-party cookies are cookies which are directly stored by the website or domain that you visit. For example, Amazon uses first-party cookies to record the log-in credentials, and cart contents of a user under their domain. Often, first-party cookies are used to improve user experiences and quality of life by remembering preferences and settings.

In contrast, third-party cookies are cookies which are placed on a website by a third party to collect information for the third party. This information can then be used between websites, such as ads which appear between websites with DoubleClick. Another example could be support chats provided by 3rd party services.

Cookies are sort of like an online billboard that every ad you’ve ever seen is posted on. Every website you browse is then able to reference this billboard to learn about your interests and browsing habits, and use this to give you more ads that appeal to you. This model is widely used by advertising driven businesses such as Google and Facebook.

What is ITP?

On the contrary, Apple has opted to portray itself as a safer alternative for users who are more privacy-conscious. First released in 2017, Apple’s ITP limits third-party cookie usage to 24 hours. This thus reduces ad retargeting ability and user tracking methods (such as URL redirection). Apple’s The number of web traffic through mobile sources has increased from a mere 6.9% in 2011 to 46.54% of users in 2021. Of the mobile browsers, Safari is by far the most popular choice, capturing a total of 54.23% of mobile traffic in the United States.

A consequence of this policy has been the reinforcements of established publishers, including the aforementioned Google and Facebook. Since users regularly visited these websites directly, they consistently were able to receive new cookies that could be read later on. On the other hand, third-party advertisers such as criteo.com were never visited directly and had no way to respond when their cookies were removed by ITP. As a loophole, first-party cookies could be read in the third-party context but that was closed with ITP 2.0 in September 2018. Following this patch, Apple implemented ITP 2.1 and 2.2 which forced the expiration of first-party cookies to 7 days, then eventually 1 day. This way, they could ensure only genuine first-party cookies were set and accessed by tracking tags.

ITP 2.3 takes direct action against loopholes in the previous versions. This is primarily done by leveraging localStorage, allowing sites to store data directly in a browser with no expiration date. Thus, sites will be marked for non-cookie website data deletion if:

• A Safari user reaches your site from a domain considered to have cross-tracking capabilities (such as Google or Facebook)
• The user reaches a final URL that contains link decoration

This poses an important question for advertisers and those who need access to cookies? Check out this article to learn about how to resolve the problems introduced by ITP.