August 27, 2019 ↘︎

Is Apple ITP breaking the internet?

Apple’s ITP is creating ghost audiences; it’s getting worse, and there’s no cure. 

A quick primer for you, without getting into the technical specifics:

    • Around 50% of your mobile visitors are ghosts.
    • Around 10% of your desktop visitors are ghosts.
    • That means 20%-30% of all visitors are ghosts.

Did that get your attention?

ITP or Intelligent Tracking Prevention is Apple Safari’s ability to stop cross-domain tracking (specifically ad tracking), deleting or blocking cookies (1st and 3rd), with the intention of protecting user privacy by restricting the ability of ad tech companies to track people around the web.

And the impact?  Mind-boggling really. And so far, hardly anyone seems to take notice.  Are marketers and agencies just sticking their heads in the sand?

And what do I mean by ghosts?  The Safari browser is now deleting 1st Party JavaScript cookies after 24 hours (under certain conditions).  It already blocks 3rd party cookies by default (generally adtech cookies).  And it’s going to get worse because the other browsers are following suit with different versions of the same thing, and the ITP team at Safari will tighten the noose over time. 

They’re also stopping stateful tracking, navigational tracking, link decoration, fingerprinting, and of course cross site tracking.

When you start to peel away the impacts caused by this, you start to have an appreciation of the depth and breadth of this.  

And then you realise ITP is a far-reaching business problem.

Let’s put aside the fact that at the very least, the accuracy of your attribution is out the window, because Safari no longer tracks visitors beyond 24 hours.

It was, after all, specifically designed to devastate cross-site tracking which enables re-marketing, so the likes of Google and Facebook were it’s initial targets.

“Casualties of war” a novel by ITP

According to the ITP team, there are some unintended casualties in the war on tracking…and they don’t really make any apology for that.

Analytics platforms

Google Analytics and Adobe Analytics are two of them.  Adobe’s solution (for analytics) is to revert back to using CNAMEs.  But the reality is that currently only fixes data in one of the suite of products.  Target and Audience Manager both require cookies set through JavaScript currently.   Google Analytics, as far as we understand has no solution yet.

DMPs and CDPs

Unfortunately, your actionable audiences, in whatever DMPs you’re running, are truly up the creek without a paddle. The true size of the audience is getting smaller and smaller. 

If you’re getting audiences from 2nd parties through partnerships, you’re being fed Safari “ghost audiences” because you’re never going to be able to target them again.  They’re ghosts because they’ve just been deleted by Safari.

Likewise, your CDPs suddenly think they have a bunch more customers – who strangely do nothing!  They’re ghosts too.

Optimisation and Personalisation

Your optimisation and personalisation platforms are going to be delivering lots of great new visitor experiences, but re-engagement programs over multiple visits are going to be tricky to say the least. 

Visitor-based conversion rates are going to cave. 

Journey-based experiences are going to be tough to deliver too – because the journeys are apparently re-starting. 

And what about those Recommendation platforms?  People who looked at this, bought that…?  Let’s hope they bought it in the same session otherwise those recommendation algorithms are going to be working with “people who looked at this, bought nothing”.

Programmatic Advertising

And your programmatic advertising is slowly imploding, algorithmically dying in front of your eyes. 

Why?  Because it sees fewer conversions, and with less data it becomes less effective.  When your ROAS decreases, the automated bidding decreases bids, resulting in fewer clicks, and even fewer conversions.  Now it bids even lower.  Circular meltdown.  Or it starts optimising on non-safari visitors…but that might only be 50% of your audience…

As for everything else

Every other platform you use generally relies on cookies and so your data is getting wonkier by the day.

So this is massive.  And it’s far reaching.  It’s not a technical problem – it’s business problem.

And we’ve all been like the proverbial boiled frog on this.  It’s snuck up slowly, without too much impact.  

But it’s not exactly a trending topic amongst marketers or anyone else really, comparatively…


Policy pearlers 

The ITP Policy which was just released, has a few clangers statements in it (beyond what they consider to be types of tracking that they will be stopping):

“WebKit will do its best to prevent all covert tracking, and all cross-site tracking (even when it’s not covert)”

“We treat circumvention of shipping anti-tracking measures with the same seriousness as exploitation of security vulnerabilities”

“We may add additional restrictions without prior notice”

“We will typically prioritize user benefits over preserving current website practices”

“We do not grant exceptions to our tracking prevention technologies to specific parties”

“We want to see a healthy web ecosystem, with privacy by design”

They’ve clearly got cross-site tracking and remarketing squarely in their sights, and as valid technology vendors and unscrupulous companies find workarounds and ways to adapt, ITP will be closing the door just as fast.  

All in the name of privacy.  They have taken it upon themselves to do it, because no one else is doing it, no one adheres to previous measures of best practice etc.  And that’s ok because, let’s face it, sometimes those ads that follow you around are quite annoying and can be a little creepy…but there are some significant casualties in this war as pointed out above.

The ITP Timeline

Now it’s been around for quite a while now, in various stages:

    • March 2018 – ITP 1.0 was launched, targeting 3rd Party Cookies, deleting them after 30 days of inactivity.
    • September 2018 – ITP 2.0 focused on first-party cookies that mimic functionality of the third-party cookie.
    • February 2019 – ITP 2.1 deletes all persistent 1st party client-side cookies, after 7 days of inactivity.  
    • April 2019 – ITP 2.2, the strictest by far, deleting all cookies after 24 hours when the following two conditions are true:
      • The traffic originated from a domain classified with cross-site tracking capabilities (major ad networks, Google and Facebook included, are certainly classified this way)
      • The final URL of the navigation has a query string and/or fragment identifier

ITP2.2 is having by far the largest impact on not only the industry, but businesses.  This could in fact make legitimate businesses fail. 

What about Commercial Agreements?

Many companies have commercial agreements in place to share audiences – albeit for remarketing purposes. One company will pay another company (2nd party) to share specific audiences that have an interest in the first company’s products, services or destinations. 

If the 2nd party data partners for DMPs use pixels to populate audiences in the original company’s DMP there’s a good chance they’ll be sending them “ghost audiences” – because the cookie will be deleted after 24 hours, and the first company will never be able to target them.

So what does that mean for the commercial agreement?  They have paid for an audience they’ll never get…or at least a partial audience.

It’s probably time to re-evaluate your commercial agreements.

And what about Media companies?

Of course, the intended victim to all of this was actually re-marketing, enabled through cross-domain tracking.  

Companies have contractual agreements with media agencies to market to specific audiences.  These could be in the form of actual audiences, or impressions or clicks.

If it’s in the form of audiences, they’ll be a problem, because the audience pools are shrinking.  So what do they do to meet the original contractual volumes?  Do they knowingly send more “ghost” traffic?  Do they increase impressions? 

I would definitely be asking my media company how they’re now managing my media spend and targets in this new world…and I think I’d like to see some evidence of that too.

It’s probably time to re-evaluate your media agreements too.

How can I get around this?

The short answer is that you can’t get around it in a long term and reliable way (at the moment).  This is new to the internet and like all things new, it’s going to take some time to level out, calm down, and proper solutions put in place by the legitimate tech vendors.

There are a number of workarounds that are being talked about:

    • CNAME-based solutions
    • Server side solutions
    • HTTP response cookies
    • localStorage

Of course, the danger is that you spend thousands of dollars on implementing these solutions, even from recommendations of the vendors, and then ITP comes back and closes the door on them.

And of course, these workarounds are not generally simple to do either.

If you’d like some more information about the Adobe CNAME solution, please get in touch with us and we can guide you through the process.

What’s the future look like?

Make no mistake, things are going to get tighter.  Cookies will probably be a thing of the past.  Vendors will certainly find workarounds, legitimate or otherwise.  But ITP is mandated to defeat the workarounds.  Other browsers will follow suit because consumers are demanding protection.   

There will be more casualties. 

It’ll certainly cause a media shake-up, thats for sure.  The end of media? No, the industry is too big, but certainly things will change.

It’s really down to the vendors and, probably more importantly, the big enterprise clients to get onboard and not fight this.  

Needless to say, we’ll continue to bring you the cold hard facts as we become aware of them.

While this is only affecting Safari traffic at the moment, and that can account for between 20-30% of your over site traffic, currently visitors using other browsers are unaffected.  Chrome continues to represent the largest browser market (excluding mobile).  So it’s worth at least establishing a baseline of impact.  The other browsers are very likely to follow suit though in the future.

An impact assessment

If you’d like us to assess the possible impacts of ITP on your business, you can get in contact with us and we’d be happy to assist.

In the name of Privacy

ITP exists to help protect the privacy of individuals on the internet.  We fully support that. 

We believe that data really can help brands create meaningful experiences, but it’s a shame that some parties have been profiting from data that leads to experiences of questionable value for internet users – which is forcing ITP to make such dramatic changes.

We’ve seen many instances of data collected incorrectly or inadvertently, and ITP is meant to help with that. 

While there are casualties to their methodology, it is for a good cause. 

DB logo
DB logo
DB logo