Intelligent Tracking Protection 2.1 and Convert
May 17, 2019 –
Most of the digital world isn’t designed (at least not by default) to protect privacy. And so as optimizers, we’ve to be diligent and tiptoe our way into offering meaningful web experiences while respecting our users’ privacy and complying with laws like the GDPR and privacy Regulation.
We also have to keep up with the changes to the data policies and practices of tech companies as newer boundaries of digital privacy emerge. Apple’s recent update to its cookie data retention practice is a big one at that.
A lot of our Convert users expressed concern about it and found it to be one of those “curve balls” that hit you right in the face. We couldn’t agree more… having the cookie data of your Mac and iPhone users purged every 7 days (for users with no site activity), especially when most CRO experiments run for at least 14 days is no less than a nightmare.
But we’ve shipped a solution. We’ll cover it in a second. However, first, here’s a quick look at Apple’s Intelligent Tracking Protection 2.1.
Apple’s Intelligent Tracking Protection 2.1
In its efforts to offer users a more privacy-focused and secure browsing experience, Apple’s ITP 2.1 has introduced a seven-day expiry period for all browser-issued cookies created through the document.cookie API.
Which means if you use browser-created cookies for your Safari browser users, your cookies will get deleted in 7 days.
While this change only impacts iOS 12.2 and Safari 12.1 as of now, we expect it’ll be extended to more versions and even more browsers in the future. Here’s what it means for you as a Convert user.
What the New Seven-Day Limit Means For Your Convert Experiments
If you run a 15-day experiment, and a user visits your site on day 1 and then on day 11 (after a gap of 10 days), then Convert won’t be able to recognize this person as a repeat visitor (because Convert’s browser-created cookie would be deleted following the new restrictions!).
And this visitor will be treated as a new one.
You can understand how this can skew your experiment’s results, especially if you’ve a large audience share using the Safari browser.
Here’s Convert’s Workaround
We considered quite a few ways to resolve this and finally settled on moving the cookie creation process away from the browser and into the server.
Since the new cookie duration restrictions apply only to browser-created cookies, we’re moving the cookie issuance part to your web server, which means your server will create the cookies and not the users’ browsers.
We have a segment of users who’ve been impacted by this and have already implemented the solution. We’re monitoring how things are going for them, and we’ll let you know if we’ve any updates.
At Convert, we’re committed to user privacy and do believe that persistent tracking can be intrusive, when not done right. And that’s why our cookies — by design and default — use only the most privacy-friendly practices.
What the Future Holds
Apple is certainly not the only brand looking to put its browser on a cookie diet.
Word is out that Google is all set to follow suit with its Chrome 76 variant which will block or clear third party cookies used for tracking, and aggressively handle fingerprinting to further reduce the chances of tracking, post third party cookie opt-outs.
We will definitely continue to monitor this situation as it builds and stay on top of solutions that respect privacy, but do not unnecessarily complicate the ease of testing for customers.
Have questions? Let us know in the comments!