Since the release of version 1.0 in September 2017, Webkit has released 5 new versions of its Intelligent Tracking Prevention (ITP) to strengthen user privacy for Safari users.
We’ve put together an FAQ post to answer some questions you may have about what ITP is, how it works, and what impact it has on AdTech and MarTech companies.
What Is Intelligent Tracking Prevention?
Intelligent Tracking Prevention (ITP) is a feature of Apple’s Safari web browser. It’s designed to improve the privacy for Safari users by blocking third-party cookies (aka trackers) that identify and track users across different websites; a process known as cross-site tracking. It also restricts the lifespan of other types of web browser storage that can be used to identify users, such as first-party cookies and local storage.
Intelligent Tracking Prevention is built by Webit, which is an open-source web browser engine that powers the Safari browser, among others.
We Can Help You Build an AdTech Platform
Our AdTech development teams can work with you to design, build, and maintain a custom-built AdTech platform for any programmatic advertising channel.
How Does Intelligent Tracking Prevention Work?
Intelligent Tracking Prevention uses a machine-learning model called the Machine Learning Classifier to identify which domains can be used for cross-site identification and tracking.
Once the Machine Learning Classifier identifies a domain as having cross-site tracking capabilities, certain limitations are placed on cookies created by those domains.
You can read more about this and see some scenarios in one of our previous blog posts.
What Restricts Does ITP Place on Cookies and Other Web Browser Storage?
Here’s an overview:
- Third-party cookies are blocked by default.
- First-party cookies created by JavaScript’s document.cookie will expire in 7 days. If the cookies are accessed within those 7 days, then their expiration date will be extended by 7 days.
- First-party cookies created by JavaScript’s document.cookie AND are created by a tracking domain AND use link decoration will expire in 24 hours. If the cookies are accessed within 24 hours, then their expiration date will be extended by another 24 hours.
- All non-cookie data stored in Safari, such as in local storage, will expire in 7 days. If the data in local storage is accessed within those 7 days, then its expiration date will be extended by 7 days.
- Companies like Google and Facebook will have to get consent from users via the Storage Access API to set cookies and access data for widgets, like those used to log in to accounts.
How Has ITP Evolved?
Intelligent Tracking Prevention was announced in June 2017 and released with Safari 12 and iOS 11 in September 2017.
Since its release, several new versions have been published. Each new release has brought with it more restrictions on cross-site tracking.
To view the full details about each ITP release, read our blog post.
Which Companies or Services Are Affected by ITP?
AdTech Vendors
Not being able to identify users across different websites means AdTech companies can’t run cross-site ad targeting, perform frequency capping, and measure the performance of campaigns across different publishers and advertisers.
Publishers
Because advertisers aren’t able to identify their audience, they will pay less for a publisher’s ad inventory. This means lower CPMs and ad revenue.
Advertisers
Although ITP doesn’t affect advertisers in the same way as publishers or AdTech companies as they can simply adjust their target criteria to exclude traffic from Safari browsers, the limitations mean that it’s harder for advertisers to reach their target audience.
MarTech Vendors
Most MarTech companies weren’t impacted by ITP initially as the main restrictions were on first-party cookies originating from known trackers (most MarTech platforms don’t do this), but ITP 2.1 now deletes first-party cookies set via JavaScripts document.cookie within 7 days.
What Are Possible ITP Workarounds and Solutions for AdTech Companies?
While most AdTech processes that rely on third-party cookies (e.g. cross-site identification) will be restricted, it’s still possible to run some types of attribution, such as click-through attribution.
Click-through attribution can be done by passing a unique click ID (or visitor ID) in the URL to the destination website. Then, the destination site can use a JavaScript tag to capture and store the ID and notify the ad server about the click ID.
It may also be possible to measure conversions, but the attribution window will be limited to 24 hours as per ITP 2.2 if the referring domain is classified as a cross-site tracking domain, which is highly probable with a majority of AdTech platforms.
Also, second-party data (or data co-operative) partnerships may also implement a workaround to ITP by exchanging identifiers between sites, for instance, between partner sites or domains owned by the same company. To do this, the websites would pass the IDs via URLs and then store them in a first-party cookie.
One of the workarounds that some AdTech companies have also created is to store IDs in the browser’s LocalStorage.
However, ITP 2.3 deletes all non-cookie data from a web visitor’s Safari browser after 7 days if the referring domain has been classed as a tracking domain and the referring URL contains a link decoration.
Possible Workarounds for Analytics and MarTech Companies?
Because ITP 2.1 includes a seven-day expiry for first-party cookies created via JavaScript’s document.cookie, web analytics and MarTech vendors will need to implement a workaround to maintain accurate data.
Simon Ahava provides some ITP 2.1 workarounds for analytics tools in his blog post, such as setting first-party cookies server side via the HTTP response, storing the first-party cookie in LocalStorage, and creating a reverse proxy server.
Because of this restriction on first-party cookies, the metrics and reports on users in Safari browsers will be inaccurate if their last visit was more than seven days ago, so web analytics and MarTech tools will need to implement a workaround to measure activity outside of this 7-day window.
How Does ITP Impact Walled-Garden Advertising Ecosystems?
While tech giants like Facebook, Google and Amazon weren’t affected too much by ITP 1.0 and 1.1, the introduction of ITP 2.0, 2.1, and 2.2 and 2.3 has changed this.
Before companies like Facebook and Google can set cookies via their widgets (i.e. the ‘Sign in with your Facebook or Google account’ ones), users will first have to consent via the Storage Access API.
Also, all conversion attribution carried out via link decoration and first-party cookies will be limited to 24 hours as part of ITP 2.2’s release, or 7 days as per ITP 2.3.
Can Safari Users Still See Ads?
Yes. AdTech companies will still be able to display ads in Safari, but they won’t be able to create third-party cookies.
However, if a Safari user has an ad blocker plugin installed, then they won’t see ads because ad blockers stop the ad tags from loading, meaning ads can’t be displayed.
We Can Help You Build an AdTech Platform
Our AdTech development teams can work with you to design, build, and maintain a custom-built AdTech platform for any programmatic advertising channel.