Intelligent Tracking Protection 2.1 and Convert

Intelligent Tracking Protection 2.1 and Convert

Most of the digital world isn’t designed (at least not by default) to protect privacy. And­ so as optimizers, we’ve to be diligent and tiptoe our way into offering meaningful web experiences while respecting our users’ privacy and complying with laws like the GDPR and privacy Regulation.

We also have to keep up with the changes to the data policies and practices of tech companies as newer boundaries of digital privacy emerge. Apple’s recent update to its cookie data retention practice is a big one at that.

A lot of our Convert users expressed concern about it and found it to be one of those “curve balls” that hit you right in the face. We couldn’t agree more… having the cookie data of your Mac and iPhone users purged every 7 days (for users with no site activity), especially when most CRO experiments run for at least 14 days is no less than a nightmare.

But we’ve shipped a solution. We’ll cover it in a second. However, first, here’s a quick look at Apple’s Intelligent Tracking Protection 2.1.

Apple’s Intelligent Tracking Protection 2.1

In its efforts to offer users a more privacy-focused and secure browsing experience, Apple’s ITP 2.1 has introduced a seven-day expiry period for all browser-issued cookies created through the document.cookie API.

Which means if you use browser-created cookies for your Safari browser users, your cookies will get deleted in 7 days.

While this change only impacts iOS 12.2 and Safari 12.1 as of now, we expect it’ll be extended to more versions and even more browsers in the future. Here’s what it means for you as a Convert user.

What the New Seven-Day Limit Means For Your Convert Experiments

If you run a 15-day experiment, and a user visits your site on day 1 and then on day 11 (after a gap of 10 days), then Convert won’t be able to recognize this person as a repeat visitor (because Convert’s browser-created cookie would be deleted following the new restrictions!).

And this visitor will be treated as a new one.

You can understand how this can skew your experiment’s results, especially if you’ve a large audience share using the Safari browser.

Here’s Convert’s Workaround

We considered quite a few ways to resolve this and finally settled on moving the cookie creation process away from the browser and into the server.

Since the new cookie duration restrictions apply only to browser-created cookies, we’re moving the cookie issuance part to your web server, which means your server will create the cookies and not the users’ browsers.

You can find the steps to facilitate such server-side cookie creation here. If you need any help with making the needed changes to your web server infrastructure, please feel free to contact us.

We have a segment of users who’ve been impacted by this and have already implemented the solution. We’re monitoring how things are going for them, and we’ll let you know if we’ve any updates.

At Convert, we’re committed to user privacy and do believe that persistent tracking can be intrusive, when not done right. And that’s why our cookies — by design and default — use only the most privacy-friendly practices.

What the Future Holds

Apple is certainly not the only brand looking to put its browser on a cookie diet.

Word is out that Google is all set to follow suit with its Chrome 76 variant which will block or clear third party cookies used for tracking, and aggressively handle fingerprinting to further reduce the chances of tracking, post third party cookie opt-outs.

Convert Experiences is happy to say that users can rest easy with their A/B testing drives in this regard because there are no third party cookies used by our tool.

We will definitely continue to monitor this situation as it builds and stay on top of solutions that respect privacy, but do not unnecessarily complicate the ease of testing for customers.

Have questions? Let us know in the comments!

Originally published May 17, 2019 - Updated May 28, 2019
Dionysia Kontotasiou
Dionysia is Convert's Head of Integration and Privacy. Fresh off the GDPR compliance stretch you can find Dionysia helping customers with their technical queries and making homemade pizza in her spare time.
Guest Post Form

We have brought thought leaders, influencers, visionaries and veterans to our tribe. Now it’s your turn. If you have something worthwhile to share with a large community of savvy testers, go ahead and pitch your post idea. We’re listening.

Fill out our guest post form

CATEGORIES Blog

COMMENTS

Leave a Reply

Your email address will not be published. Required fields are marked *

[hclightbox id='5' text='Anchor text']