About internet cookies, web privacy and online tracking

In this article:

• A quick history of internet cookies 
• How Internet cookies work
• How Cookies are used in advertising
• How Apple, Google and Mozilla handle privacy in 2022
• How privacy restrictions affect digital marketing 

Cookies have been quite a debatable solution in terms of users’ privacy since the very beginning. As John Schwartz once wrote:

“One day in June 1994, Lou Montulli sat down at his keyboard to fix one of the biggest problems facing the fledgling World Wide Web – and, as so often happens in the world of technology, he created another one”.  

The technology, once created to allow websites to recognise your device as you browse between web pages, is now the centrepiece of almost every online privacy protection initiative.

With multiple tracking restrictions and privacy regulations constantly arising, we need to know what they mean for digital marketing and why almost every word with “cookie” in it turns into a buzzword.

Accept All Cookies

Cookies were created 28 years ago by Netscape, the company that built one of the Internet’s first widely used browsers. Ironically, the original idea behind cookies was to find a way for websites to remember visitors without enabling cross-site tracking.

The reason itself was that Netscape needed to build the cart functionality into the shopping server that they were working on. Cookies were implemented in Netscape’s browser as a technology to allow the shopping cart’s content to follow the user from page to page.

Were there any other ways to give the Web a “memory”? 

Before cookies, there was no way to identify that a person visited a website before. For users this means that their shopping experience was more like Groundhog Day – having to introduce themselves every time they visit a website or open a new page.

As for online advertising, publishers were only able to target users by the context of a website and on little pieces of information passed by a browser, i.e. the language and the operating system that was set on the visitor’s computer. 

Outside of cookies, there were a few other proposals, however for the most part they involved a unique identifier that allowed a website to personally “recognise” each user.

Eventually, it became apparent that cookies were the reliant choice and this technology was implemented in the Netscape browser in 1994, followed by Internet Explorer a year later.

What exactly is a cookie?

A web cookie itself is a file that website owners use to store information about the visitor. When you visit a website, it leaves a text file on your computer – this is a cookie. It contains a unique ID that helps a server remember who you are, keep you logged in, and help website owners analyse their site traffic. 

Even though cookies have a mixed reputation, they are useful for a lot of what we do on the web. However, there are two sides to every story, and as for cookies, they can also act as cross-site trackers. 

But cookies are tied to a domain name, meaning cookies set by one website cannot be read by another. 

Well, how then can they be used for cross-site tracking? 

Let’s find out.

Third-party cookies 

There was a problem that the inventors of this solution didn’t foresee - that cookies can be also used in a third-party context.

It’s possible through referrals to third-party domains, embedded in a website that a user is currently visiting. These referrals are usually ads, chats, or social media like/share buttons, that pulled from another domain.

For example, when I’m on a site that has an ad pulled from the advertiser’s side, I not only get cookies from the website I’m on, but I also let this advertiser drop its cookie on my computer. 

This is where good user experience ends and privacy concerns begin. 

Here’s an example:

I’ve searched for: “The best holiday places” on Yahoo and clicked on a few pages. Then I opened a website where I can probably catch a display ad, but which has nothing to do with the travel industry and belongs to Yahoo’s ad network.

As you can see, there is an ad suggesting booking a tour to Dubai. Although it’s not the best season for going to Dubai, so I’m not going to click on it. it is still a good example of how 3rd-party cookies are used in advertising.

Let’s jump into a more detailed view of how it works.

Before visiting TechCrunch, I was reading an article about SegmentStream on Yahoo Finance. Yahoo created and assigned me a unique ID, since I was visiting Yahoo’s network site for the first time. Then Yahoo stored this ID in a cookie in my browser.

Now Yahoo ad network knows that I’m an iPhone 12 Pro user with IOS 15.5 and the visit comes from IP XXX.XXX.XX.XX.

The network still doesn’t know my name, email or any other personal information, until I log into one of Yahoo’s apps or services. And when I do, Yahoo will again use the cookie to store my hashed credentials.

Login with social media platforms

Next, over time, I will be leaving a trail of digital breadcrumbs, visiting Yahoo’s advertising network products, 3rd-party websites and apps that they partner with. The information Yahoo will gather varies from basics like gender and age to my search queries and info from my social media, if I use them as a log in method. 

This is an example of how cookies can be used for cross-site tracking – exactly what ITP in Safari and other web privacy initiatives are aiming to stop. To learm more about these restrictions and regulations, let’s take a closer look at how the browsers handle cookies in 2022. 

How Apple, Google and Mozilla Handle Cookies in 2022

Apple

In 2017 Apple released the Intellectual Tracking Prevention (ITP) framework. It is a feature in Safari that prevents cross-site tracking in order to deliver a more privacy-focused experience for its users.

It automatically blocks third-party cookies and limits the lifespan of first-party cookies (expire after 1 or 7 days in some cases). ITP also sets a 7-day limit on all non-cookie storage data, which includes LocalStorage – a method that allows sites to store data directly in the browser, usually with no expiration date.

App Tracking Transparency

For the past years, app developers have been relying on IDFA – an Apple’s ID for Advertisers to measure clicks and compare them to installs. But by introducing iOS 14.5 in 2021, Apple significantly impacted mobile marketing measurement and attribution. Starting with the iOS 14.5 update, app developers need to ask users to opt in to tracking in order for advertisers to access IDFA.  App Tracking Transparency pop-up

Mozilla

From 2019 Mozilla blocks third-party cookies in its browser by default. Firefox’s users already had a possibility to block 3rd-party cookies before, but this had to be done manually.

But that’s not all, in 2021 Firefox rolled out Total Cookie Protection, calling it the most powerful cookie-blocking technology ever.

With this solution, each website a user visits gets its own “cookie jar”. Now, a cookie for a given site must be put in its dedicated cookie jar. It restricts cross-site tracking in a case when third-party content is embedded on a website, such as a Facebook-like button: because the technology doesn’t allow a site to access any jar besides its own.

Total Cookie Protection in Firefox

Google

We’ve heard that Google is going to phase out third-party cookies soon, but the more news we hear, the more it becomes a story about a boy who cried wolf.

Firstly we were promised “a more private web” in 2020, however recently Google announced it’s pushing back this plan to the latter half of 2024.

In a nutshell, what Google is planning is called the Privacy Sandbox. This initiative aims at capping cross-site and cross-app tracking. How? By phasing out 3rd-party cookies and giving up using user-level identifiers to track individuals across the web. It plans to use Privacy-preserving APIs and FLoC (Federated Learning of Cohorts) instead to group users based on shared interests.

How privacy restrictions affect digital marketing 

After we’ve seen how many limitations are put on cookies in both: first-party and third-party context and how restricted app and web tracking is now, it’s time to talk the impact.

Let’s take a look at how today’s privacy affects digital marketing in a context of measurement and attribution.  

How IOS 14.5+ affects marketing measurement

As I’ve mentioned before, now app developers need to ask users to opt in to tracking. 

As a result, we now have Meta’s Aggregated Event Measurement and Apple’s SKAdNetwork for measuring events from people using iOS 14.5+. Which is basically yet another “black box” that became darker. For marketers, Meta’s AEM resulted in a reduction in audience size, limited learning and fewer data points in general. 

Attribution after ITP

Capped lifespan of 1st-party cookies to 1-7 days means that conversions happened outside this window will not be attributed to the right source. Since tools like Google Analytics and Adobe heavily rely on first-party cookies.

One more thing that privacy initiatives have resulted in - is shrinking attribution windows.

Take Facebook Ads for example, historically an attribution window in Facebook ad ecosystem was 1 day after seeing an ad or 28 after clicking. In October 2020 as a response to Apple capping first-party cookies lifespan to 7 days in Safari, Facebook has slashed the default attribution window for ad Conversions to 7 days.

It’s also a hard hit in numbers on the upper-funnel campaigns for businesses with consideration cycles longer than 7 days. In these cases, a part of closing Conversions (e.g. Purchases or Leads) fall out the 7-day window and not being attributed to the right source. 

On the other hand, lower-funnel campaigns get more credit than they deserved, which may lead to inaccurate budget allocation decisions and significantly put the brakes on growth.  Conversions attributed using cookies

It falls not only on the measurement, optimisation is also affected.

Facebook’s algorithms learn and communicate by the means of Conversions. When you want more sales, you choose to optimise towards a particular Conversion – Purchase. Facebook shows your ad to many groups of people and based on whether their interaction with your ad result in a Conversion (Purchase), it learns to select the right ad for the right audience. 

Meaning that conversions play a role of feedback signals for the ad platforms’ algorithms.

And a result of ITP, ad platforms often don’t receive enough of those signals (conversions) for accurate learning and optimisation. Which results in “limited learning” status and lower performance. 

The solution is to think differently

People can go searching for workarounds, but it typically results in getting caught up in a game of whack-a-mole with companies like Apple, that will keep closing up loopholes.

What marketers need now is not to keep pace with constantly changing rules, but to stay ahead of the curve.

This is exactly why we at SegmentStream solve tracking restrictions and privacy regulations by looking at things differently. 

Our approach is based on a simple fact that knowing your customers’ complete path to conversion is no longer possible. ITP, IOS 14.5+, other privacy initiatives described above plus the complexity of customer journeys in a world where people have more than one personal device, hence more than one set of cookies, result in:

• Marketing teams struggling to measure true CPA, ROAS, Revenue and Conversions at channel or campaign level.
• Ad platforms being restricted in their optimisation and targeting capabilities due to incomplete feedback about the true value of each paid click. 

SegmentStream addresses the limitations of Intelligent Tracking Prevention (ITP) in Safari by moving beyond traditional cookie-based methods. It analyzes various data points such as clicks, impressions, and user behaviour to gain deeper insights into the effectiveness of marketing channels and campaigns.

The platform’s ability to correlate ad spend with website visits and total sales data in specific regions allows for accurate assessment of a campaign’s contribution to revenue, even without traditional cookies. SegmentStream also includes view-through attribution, essential for evaluating conversions from initial engagement channels like video and social media ads.

Furthermore, SegmentStream leverages AI to provide targeted recommendations for budget allocation, aiding in the optimisation of digital marketing investments. This positions SegmentStream as a practical tool for marketers dealing with the evolving challenges of digital marketing privacy and tracking.

Book demo to learn more!