This post originally appeared on AdExchanger at https://adexchanger.com/data-driven-thinking/latest-safari-release-apple-fixes-cookie-glitch/
For years, Apple’s Safari browser has endeavored to prevent advertising technology companies from tracking user web browsing behavior via cookies. And for years, ad tech companies have tried to circumvent Safari’s cookie policies.
Back in 2012, The Wall Street Journal wrote an exposé on the techniques used by Google and others to exploit loopholes in Safari’s cookie policies. Five years later, Apple is still trying to close these loopholes.
Safari draws an important distinction between first-party and third-party cookies. A cookie is assigned first-party status if it is set by the website that a user is currently visiting. JounceMedia.com, for example, can set a first-party cookie while you’re reading this article. But content loaded from other domains, like an ad served by doubleclick.net, is given third-party status, and Safari prevents these domains from setting cookies.
The most common technique for circumventing these rules relies on click tracking to create opportunities for setting persistent cookies. Here’s how it works:
When users click on ads, they navigate to the advertiser’s landing page. But in most cases, the user’s browser actually redirects through one or more click-tracking URLs. In the fleeting moment when a browser is connected directly to a click-tracking URL, Safari gives that ad tech domain first-party status, creating the opportunity for the ad tech company to set a persistent cookie. And once that persistent cookie is set, the ad tech company can continue to read for its presence, even when connecting to the browser as a third-party.
While desktop Safari has negligible market share, more than 50% of mobile web browsing happens on Safari browsers. All browsing activity on iOS, even on standalone web browsers like the Chrome app, is powered by Safari’s WebKit and governed by Apple’s third-party cookie policies. Users can change these default cookie settings, but no one does, and so targeting and measurement is more or less broken for the majority of mobile web traffic. While Safari’s cookie policies are an afterthought for desktop advertising, they are the backbone of mobile web advertising, making the first-party cookie loophole essential for many buy-side and sell-side ad tech platforms.
Here’s what this means for ad land:
- Mobile web monetization is going to get even worse for publishers. The absence of audience data on Safari means that advertisers can’t target ads or measure their effectiveness. That depresses demand for both direct-sold and programmatic channels, pulling down publisher yield.
- The consumer experience on the mobile web is also going to get even worse. Apple’s new policy is meant to protect consumer privacy, but it accomplishes this at the expense of ad relevance. Publishers will increase ad load to offset CPM erosion, and consumers will be exposed to a higher volume of untargeted ads.
- Amazon and Facebook win again. Their consumer products give them a massive footprint of first-party cookies, creating an insurmountable advantage in targeting and measuring mobile web ads. (Google might have been a winner here too, but its decision to operate ad tech products on the DoubleClick domain demotes it to the same third-party status as any other ad tech platform.)
This also means that the ad tech world is going back to the drawing board on managing mobile web user identity. The industry made a collective misstep by building on top of a loophole. When a powerful company like Apple controls foundational advertising technology, the rest of the industry is subject to unpredictable shifts. The web turns out to be less open than we’ve been led to believe, and a handful of powerful companies now set the rules for how the rest of the industry operates.