Since the release of version 1.0 in September 2017, Webkit has released 5 new versions of its Intelligent Tracking Prevention (ITP) to strengthen user privacy for Safari users.
We’ve put together an FAQ post to answer some questions you may have about what ITP is, how it works, and what impact it has on AdTech and MarTech companies.
What Is Intelligent Tracking Prevention?
Intelligent Tracking Prevention (ITP) is a feature of Apple’s Safari web browser. It’s designed to improve the privacy for Safari users by blocking third-party cookies (aka trackers) that identify and track users across different websites; a process known as cross-site tracking. It also restricts the lifespan of other types of web browser storage that can be used to identify users, such as first-party cookies and local storage.
Intelligent Tracking Prevention is built by Webit, which is an open-source web browser engine that powers the Safari browser, among others.
How Does Intelligent Tracking Prevention Work?
Intelligent Tracking Prevention uses a machine-learning model called the Machine Learning Classifier to identify which domains can be used for cross-site identification and tracking.
Once the Machine Learning Classifier identifies a domain as having cross-site tracking capabilities, certain limitations are placed on cookies created by those domains.
You can read more about this and see some scenarios in one of our previous blog posts.
What Restricts Does ITP Place on Cookies and Other Web Browser Storage?
Here’s an overview:
- Third-party cookies are blocked by default.
- All non-cookie data stored in Safari, such as in local storage, will expire in 7 days. If the data in local storage is accessed within those 7 days, then its expiration date will be extended by 7 days.
- Companies like Google and Facebook will have to get consent from users via the Storage Access API to set cookies and access data for widgets, like those used to log in to accounts.
How Has ITP Evolved?
Intelligent Tracking Prevention was announced in June 2017 and released with Safari 12 and iOS 11 in September 2017.
Since its release, several new versions have been published. Each new release has brought with it more restrictions on cross-site tracking.
To view the full details about each ITP release, read our blog post.
Which Companies or Services Are Affected by ITP?
Not being able to identify users across different websites means AdTech companies can’t run cross-site ad targeting, perform frequency capping, and measure the performance of campaigns across different publishers and advertisers.
Because advertisers aren’t able to identify their audience, they will pay less for a publisher’s ad inventory. This means lower CPMs and ad revenue.
Although ITP doesn’t affect advertisers in the same way as publishers or AdTech companies as they can simply adjust their target criteria to exclude traffic from Safari browsers, the limitations mean that it’s harder for advertisers to reach their target audience.
What Are Possible ITP Workarounds and Solutions for AdTech Companies?
While most AdTech processes that rely on third-party cookies (e.g. cross-site identification) will be restricted, it’s still possible to run some types of attribution, such as click-through attribution.
It may also be possible to measure conversions, but the attribution window will be limited to 24 hours as per ITP 2.2 if the referring domain is classified as a cross-site tracking domain, which is highly probable with a majority of AdTech platforms.
Also, second-party data (or data co-operative) partnerships may also implement a workaround to ITP by exchanging identifiers between sites, for instance, between partner sites or domains owned by the same company. To do this, the websites would pass the IDs via URLs and then store them in a first-party cookie.
One of the workarounds that some AdTech companies have also created is to store IDs in the browser’s LocalStorage.
However, ITP 2.3 deletes all non-cookie data from a web visitor’s Safari browser after 7 days if the referring domain has been classed as a tracking domain and the referring URL contains a link decoration.
Possible Workarounds for Analytics and MarTech Companies?
Simon Ahava provides some ITP 2.1 workarounds for analytics tools in his blog post, such as setting first-party cookies server side via the HTTP response, storing the first-party cookie in LocalStorage, and creating a reverse proxy server.
Because of this restriction on first-party cookies, the metrics and reports on users in Safari browsers will be inaccurate if their last visit was more than seven days ago, so web analytics and MarTech tools will need to implement a workaround to measure activity outside of this 7-day window.
How Does ITP Impact Walled-Garden Advertising Ecosystems?
While tech giants like Facebook, Google and Amazon weren’t affected too much by ITP 1.0 and 1.1, the introduction of ITP 2.0, 2.1, and 2.2 and 2.3 has changed this.
Before companies like Facebook and Google can set cookies via their widgets (i.e. the ‘Sign in with your Facebook or Google account’ ones), users will first have to consent via the Storage Access API.
Also, all conversion attribution carried out via link decoration and first-party cookies will be limited to 24 hours as part of ITP 2.2’s release, or 7 days as per ITP 2.3.
Can Safari Users Still See Ads?
Yes. AdTech companies will still be able to display ads in Safari, but they won’t be able to create third-party cookies.
However, if a Safari user has an ad blocker plugin installed, then they won’t see ads because ad blockers stop the ad tags from loading, meaning ads can’t be displayed.