It has never been safer to browse the internet.
Built in privacy controls, powerful adBlockers, and initiatives from Mozilla and web consortiums to restrict web-based tracking give today's consumers a powerful control over their data.
Additionally, regulations such as Privacy Shield and the EU's GDPR (General Data Protection Regulation) work to institutionalize the protection of consumer's data online.
While PartnerStack strongly supports data and privacy regulations, we also acknowledge how data protection efforts can introduce new challenges for your performance marketing efforts.
In this post, we'll highlight how PartnersStack keeps your partner program humming, while staying compliant and respectful of your user's data.
Note: The content in this post relates to web-to-web advertising. Traffic that goes web-to-app or app-to-app is not affected by this
Cookie Tracking & Performance Marketing
Most modern browsers provide consumers with strong controls over the types of cookies websites can store. Cookies are generally described as being either 1st-party, or 3rd-party cookies.
First-party cookies are cookies that are set by the current website you're on.
These cookies control
- login authentication
- user preferences
- web interfaces (presence of a pop-up)
Because these cookies can affect the usability of the website you're on, these cookies are usually not the target of blockers or user controls.
Third-party cookies are cookies that are set by a website other than the one you are currently on.
For example, cnn.com might have a Facebook like button on their site. That like button will set a cookie that can be read by Facebook. That would be considered a third-party cookie.
Many advertising networks lean on 3rd-party cookies to tag traffic and individuals who have taken a certain action on another website. These can be actions such as "Liking" a Facebook page, making a purchase on a website, or simply just visiting a particular page.
The tracking nature of these cookies has lead them to be the target of adBlockers, web browsers, and industry leads who natively block them from tagging traffic.
One of the most substantial initiatives to control 3rd-party tracking is through ITP 2.0 on Apple's Safari browser.
Apple Safari & ITP 2.0
Intelligent Tracking Prevention (ITP) was first introduced by Apple in 2017 as a way to better protect the privacy of Safari users by limiting the scope of tracking data available to 3rd-parties.
If you have the time and interest you can read the the full blog posts here:
- Intelligent Tracking Prevention (1.0)
- Intelligent Tracking Prevention 1.1
- Intelligent Tracking Prevention 2.0 (most recent)
Apple Safari & ITP 2.0 Technical Breakdown
Step 1: Classification of Domains
Domains are dynamically classified:
- First Party Bounce Tracker Detection. Detects when a domain is used for redirect tracking only. This will be applied recursively for all domains in the redirect chain.
- Sub Resource under number of unique domains. Related to the number of paths available under a domain. Tracking platforms currently have a very small number of these.
- Sub Frames under number of unique domains. Related to the number of page frames available under the domains.
- Number of unique domains redirected to. If you’re still reading, this one probably doesn’t need any explanation.
The system does not have a whitelist or blacklist. Rather each device will build its own tracking prevention list based on web usage. Apple suggests this can be reset by clearing cookies.
Step 2: Destroy all Cookies
You heard it here: the third-party cookie is dead — well, on Safari at least. If a domain is classified as a tracking domain via the machine learning-based classification engine described above, Safari will prevent the storing of cookies. To persist cookie data, Apple will require three things:
- The cookie must be from a first-party domain.
- That first-party domain must have user interaction. This definition isn’t totally clear, but it seems to suggest that the user must actually browse the site and click on something.
- That first-party domain must receive repeat user interaction. Cookies will persist for only 30 days. After 30 days, data will be blackholed until the next user session.
Step 3: Limit Referrer Data
For domains classified as possible trackers that have not received user interaction, the referrer will be truncated to just the fully qualified domain name, therefore dropping any additional path information. This will prevent trackers from gaining access to user information contained in the path that may have required cookie access to obtain.
This action will make it impossible for most tracking domains to store and recall cookies. It will also make it impossible to obtain user interest information from referrer collection. It would seem the target of many of these enhancements are the “like” and “+1” buttons that track user interactions across the internet, but it’s obvious there will be collateral damage in performance advertising as well.
How PartnerStack protects your program
Are you a Company (Advertiser)?
Due to ITP, your tracking cookies will be blocked on Safari. To circumvent this, PartnerStack uses 1st-party cookies to store click details without relying on the now blocked 3rd-party cookies.
Chat with your account manager about how the depth of your PartnerStack integration adds layers of redundancies to keep your program growth on track,
Are you a Partner (Publisher)?
Due to ITP, your tracking cookies will not be accepted by Safari users and the ITP algorithm will flag your domain.
Message your Company (Advertiser) to ensure their integration is following best practices as outlined by PartnerStack.
Where does that leave us now?
This is an exciting time for partner channels and performance marketing platforms. Working alongside Companies and Partners in the PartnerStack marketplace, we are formalizing new solutions to your unique channel attribution issues.
Chat with us as email@example.com with any questions about how ITP 2.0 effects your channel program.