Lead Gen Blog

Data Resiliency – Cookies and Browser-Based Tracking is Dying

By Sam Bocetta | 3 Comments | 1st October 2020

Tracking cookies and browser-based tracking are about to die, and that’s going to cause a huge headache for advertisers. Apple’s Intelligent Tracking Prevention (ITP) and Firefox’s Enhanced Tracking Protection (ETP) have been blocking third-party cookies for years now, and Google’s Chrome browser – by far the most popular among users – is about to do the same.

Third-party cookies and other forms of browser-based tracking are used by almost all adtech and marketing platforms to target their advertising. Their demise is going to have huge impacts on almost every aspect of online advertising: from how advertisers use Facebook Lead Ads and the Facebook Conversion API to remarketing techniques to how online businesses track conversions.

So what can be done to mitigate the impact of this shift? 

In this article, we’ll look at how and why browser-based tracking is dying, and what advertisers can do about it.

What Are Tracking Cookies?

To understand why and how browser-based tracking is about to die, it helps to first understand how these systems work. The primary way in which advertisers have tracked customer activity until now has been via the use of “tracking cookies”, also known as “browser cookies” or simply just “cookies”. 

There are two types of cookies. “First-party cookies” – are set by websites that a user is browsing, and are used to improve functionality. These cookies hold login and session details, record what is in customers’ shopping carts, and their preferences. This type of cookie offers a tangible benefit to users because without them customers would have to log into every page on a website separately. For that reason, first-party cookies are not going anywhere.

It is the second type of cookie – “third-party cookies” – that is about to disappear. These are placed on a users’ browser via tracking pixels or in JS code, and follow them from site to site. Sometimes these are set by websites and online systems that a user has directly interacted with, but sometimes they are not. 

Advertising networks like Google Ads, Facebook Ads, Propeller, and others use third-party cookies to track users across multiple websites and use that information to more precisely target them with ads. Since there is no implicit or explicit permission to do this, it is seen as an invasion of privacy by both users and regulators. 

The Timeline

Over the past decade, many tech companies have responded to user’s demands for more privacy by gradually blocking tracking on their browsers. The earliest major development in this regard came from Mozilla, who have long built tracking protection into their Firefox browser. Apple followed suit, building Intelligent Tracking Protection 2.2 into its Safari browser two years ago. Up until now, advertisers have found ways around these protections, but both companies are now closing these loopholes: Apple has even cut the lifespan of first-party cookies in Safari from seven days to one day.

Neither Mozilla nor Apple have a monetary interest in digital advertising, and so these shifts can be seen as a way of differentiating their offer from their major competitor: Google’s Chrome browser. Google’s business model relies on collecting data on users, and Chrome has always been a major tool in doing just that. 

In some ways, it’s therefore surprising that they are now rolling out the same protections to Chrome. Not only will this – presumably – mean that Google will find it harder to track users; since Chrome represents nearly 70% of the browser market share, it’s going to hit other advertisers as well.

Recently, Apple released a major update on its Safari Intelligent Tracking Prevention (ITP) system. This is the privacy feature that allows the Safari browser to block all third-party cookies and thus disallows advertisers from prying on people’s web habits. This implies that third-party cookies are no longer allowed on the Safari browser. The feature is turned on automatically for everyone using the Safari browser.

Safari third-party cookies blocking has some advantages. It helps to enhance security by removing completely the possibility of cross-site request forgery. However, you still need a level of protection against forged requests coming from top frame navigations.

Second, it makes things simple for developers. If a developer needs access to a cookie, all they need do is to use the Storage Access API.

It also removes login fingerprinting. This means that websites and trackers will not be able to use login IDs to fingerprint users who are using privacy tools digitally.

Apart from Safari, Google is also planning to release the same feature on Chrome in 2022.

This development will affect advertisers, developers, and Publishers that use ad technology to pry on what users do on their website and across the internet.

The Consequences

There are some short-term, and some long-term, consequences of these shifts. For advertisers, there will likely be two immediate impacts. One is that many will find it impossible to target ads as precisely as they did before. With digital ad spending in the U.S. alone expected to exceed $129.34 billion this year, this is also going to have a huge economic impact on an already struggling media industry.

Another consequence for advertisers is that the death of browser-based tracking will have huge consequences on benchmarking. At a stroke, it renders many web analytics systems almost entirely useless. Previously, a Google analytics cookie could live on a user’s browser for up to two years, allowing a deep level of insight into their behavior. Even worse, with the lifespan of first-party cookies limited to one day, website owners and advertisers alike are going to see a huge spike in undifferentiated, untrackable, supposedly “unique” visitors.

Beyond the consequences for advertisers, the death of browser-based tracking is also going to have a major impact on users. Whilst in some cases the privacy concerns associated with third-party cookies are justified, in others they are not. Cookies are used by almost every web application, and users may well find that their tracking “protection” will make such systems a lot less convenient to use. 

How To Respond

Because of all of these factors, advertisers will soon find themselves in a strange new land, in which their ability to track customers and target them with ads is significantly reduced.

Or will they?

The truth is that the death of browser-based tracking may well return advertisers to a situation that will be familiar to those who have been in the business since before the user-tracking revolution. 

As Jon Kagan, VP of search at Cogniscient Media, stated recently, “we don’t expect a decline in ad dollars or a decline in ad traffic, we expect a reallocation and shift of budgets … the next best option to cookies based behavioral targeting is anything keyword or keyword contextual-based advertising. Years ago everyone discounted it and we moved further and further away from keyword targeting, but now we’re going to have to go straight back to it.”

In other words, the loss of the ability to precisely target advertising might well lead to a resurgence of earlier forms of contextual marketing. Instead of profiling customers in order to ascertain that they are interested in buying a new laptop, for instance, brands will have to research what kinds of sites these customers visit.

In turn, this shift might well lead to a parallel resurgence in other, “traditional” forms of marketing practice: A-B testing content, deep research into aggregate consumer behavior, and proactive (rather than reactive) user leadership strategies. 

The Future

Despite these consequences, it’s likely that privacy protections and anti-tracking systems will continue to grow in popularity. There are two main reasons for this. The first factor driving the death of browser-based tracking is regulatory. Both the European Union’s GDPR and the California Consumer Privacy Act (CCPA) contain provisions that limit the use of third-party cookies. Achieving GDPR compliance means that companies must seek explicit permission from users before placing any cookies on their devices. 

The second major factor is that all three major browser publishers – Google, Mozilla, and Apple – are facing increased competition from companies offering greater user privacy via secure browsers, encrypted email systems, and private messaging apps. The huge spike in the use of VPNs over the past five years indicates that there is real appetite, among users, for enhanced privacy.

The situation with the CCPA is a little murkier because the act does not explicitly rule out the use of tracking cookies. It does appear, however, to define these cookies as “personal information”, as so companies may be forced to display a notice that informs visitors about the way they use cookies. 

The Bottom Line

Despite everything, if we consider that 161% Conversion Rate Rise From Google Remarketing Campaigns – and similar numbers can also be found on Facebook and LinkedIn – it is difficult to believe that advertisers will decide to give up with this effective marketing technique.

Many companies have already started looking at their 1st party data contained in their CRMs, email software, and other corporate assets, to create more effective campaigns that go beyond the cookie limits.

By doing so, they can reach those who already know the brands: the contacts contained into the company’s lists, leads and customers, etc.

However, the inability of advertisers to use cookies is not only a problem for retargeting, but it also involves conversion tracking, business intelligence systems, and more.

These problems can be solved by connecting 1st party data to the advertising platforms, because it allows companies to push information back to Facebook, Google, and Linkedin.

Download Now The Black Book of Lead Generation

Sam Bocetta

Sam Bocetta, former defense contractor for the Navy, is a security analyts and freelance journalist specializing in U.S. diplomacy and national security, with emphases on technology trends in cyber warfare, cyber defense, and cryptography.

  • Putting my swami hat on, I see W3C doing this in order to close the marketing loop. They will require you are logged in to use the browser and then communicate with all the 1st party cookies. This also allows google and company into the dark web, providing even more information for their AI platform. I don’t think the trend will be back to keywords, I think keywords will become obsolete along with URL’s and advertisers will rely solely on Google’s AI to link buyers and sellers. Search results in the future will contain relevant parts of each website and users will not even go to a company’s website in most cases. Just my opinion… we’ll see if I am right!

    • Stefan Des – LeadsBridge

      Thanks for sharing your point of view, Will.

  • Great article Sam. There’s some irony in this Disqus comments section appearing under this article. I can’t remember the last time I logged in to Disqus, but here I am, already logged in.

Automation Tools for Facebook Advertisers

Better tracking, better conversions, better audiences, better results.