Privacy & Consent

Safari ITP 2.2: Apple Cracks Down Further on Cross-device Tracking

Pinterest LinkedIn Tumblr

Two months after the release of ITP 2.1, Safari is now ready with another update—Apple Intelligent Tracking Prevention 2.2.

With ITP, Apple aims to prevent user tracking and safeguard user information online. The frequent updates to ITP imply that Apple is not stopping until its user privacy goals are met.

What is Apple ITP About?

In 2017, Apple first updated its browser with intelligent tracking prevention or ITP. As the name suggests, ITP is designed to prevent user tracking across the internet. At first, it was limited to blocking third-party cookies and purging first-party cookies after a fixed period of time.

However, bad actors found workarounds for tracking user data for ads targeting and remarketing. This led Apple to come up with more stringent rules to limit cookie access and cross-device tracking.

What was Apple ITP 2.1 Lacking?

This March, Apple announced the launch of ITP 2.1, which had the following criteria:

  • In order to prevent tracking, Safari banned all the third-party cookies.
  • The first-party cookie lifetime was capped to 7 days.
  • After 30 days, all the cookies of a site were purged from the browser.

ITP 2.1 allowed a 7-day window for marketers to track and collect user data. ITP 2.1 was unable to eliminate persistent cookies, which reside for 30 days before the browser purges them.

Next, walled gardens—or companies who have their own ecosystem, like Amazon and Facebook, have unique user profile data. This allows them to freely track user interactions which can be used for cross-device tracking.

For instance, if a user opens Facebook on Chrome and later on Safari, Facebook knows it’s the same user.

How will ITP 2.2 Help?

With ITP 2.2, Apple intends to block persistent cookies and cap the life of first-party cookies to 1 day (from 7 days). Meaning, if a user visits a website on Monday, and then returns on Wednesday to purchase an item, Safari will have no recollection of the user.

For the website, the user will be a new visitor who landed on the website and got converted at once. The browser will not let the website collect any past user interactions, which companies usually collect for remarketing purpose and/or to know about the journey of their users.

With ITP 2.2, Apple also aspires to limit user tracking via link decoration, a common method practiced by companies such as Amazon and Facebook for cross-device tracking.

What is Link Decoration and What Role Does it Play in Tracking?

Link decoration, similar to UTM tracking among marketers, is a way of manipulating the link of a page to track users. For example, a simple URL looks like example.com. However, marketers may create a link that looks like example.com/?source=social. If a user clicks on this link, a marketer will immediately know that the user landed from a social platform.

Adding an extra piece of code at the end of the URL enables tracking where cookies don’t work.

Here is an example to understand link decoration:

Suppose a user sees an article suggestion: 10 Time-saving Applications That Everyone Must Have on XYZ.COM. The user opens the article and reads it. The article contains decorated links to install these apps. Meaning, each link is attached with a URL to install the listed application with its source, such as app.savetime.com/?source=time-saving-apps&medium=xyz.com. Now, no matter when the user clicks on the link, the app company will know that the user came via a specific blog post on a specific website.

Apart from UTM-like parameters, companies also sometimes assign a clickID to track individual users across sites. Considering the number of times in day users click within websites such as Facebook and Amazon, these sites are able to create a huge database of click IDs and use it to track users.

This doesn’t sound alarming. Then why does Apple wants to stop this?

If the sales pitch of a browser is “Intelligent Tracking Prevention”, then it would want to be true to its promise by preventing user tracking. Hence, first-party cookies are purged within 24 hours with ITP 2.2. Meaning after 1 day, no tracking will be possible using these cookies.

Who is Going to Get Affected?

The ITP updates have already been affecting various industries such as marketing, ad tech, social networking, etc. Also, Safari accounts for approximately 30% web users, making the losses tangible and significant.

From the context of ad tech, ITP is another technology designed to bolster user privacy, but at the cost of preventing user tracking is usually paid by publishers in terms of low yield and lost revenue.

Also, some publishers who put decorated links of other brands (used extensively in affiliate marketing) will not be able to claim the sale coming from their site after 1 day. This will directly affect the earnings and credibility of the publisher.

Before ITP 2.2, walled gardens like Facebook and Amazon weren’t affected much. However, now, their decorated links aren’t going to work.

Looking at the trend, adtech industry will most certainly find workarounds for ITP 2.2. In response to which, Apple Safari will release another update, and so on, leading to a never-ending game of cat-and-mouse.