ITP 2.1 explained
On 21st of February 2019 it was announced that Apple was rolling out a beta version of their Intelligent Tracking Prevention (ITP) version 2.1. The main focus is to prevent tracking across domains. Previously ITP had only focussed on 3rd party cookies (such as Google Analytics), but as Google and others found workarounds to set their cookies as 1st party cookies, ITP 2.1 now set the aim at 1st party cookies. More specifically 1st party cookies created through document.cookie will be capped to 7 days (instead of the default 2 years). This affects the Marketo Munchkin tracking cookie as well.
Why it hurts
In Safari the Marketo tracking cookie will expire after 7 days (the lead data is of course still available in Marketo). However, if the lead waits more than 7 days before revisiting our website, the lead in Marketo will no longer be associated with the activities in that Safari browser. Thus the association has to happen all over again (via click in Marketo email, fill out a form or an association call to the API).
And backwards stitching suffers, because when the known lead is associated with the new anonymous lead, this lead will potentially only be 7 days old and there will likely be other anonymous leads (created by the same person using the same Safari browser), which will never be associated with the known lead. This means that these activities are basically lost forever as they will never be linked to a known lead in Marketo.
In systems like Google Analytics you will se more unique visitors, but you can still se everything that has happened as this is cookie based. In Marketo we simply lose information about leads’ behaviour if we don’t identify them every week.
Day 13: I visit example.com directly. Marketo’s tracking script looks for a tracking cookie, but as it has now been deleted by ITP it creates a new tracking cookie in my browser. Backend in Marketo I am now treated as an anonymous lead (ID: 1234). My activity on example.com is not linked to firstname.lastname@example.org in Marketo.
Day 23: I visit example.com directly. Marketo’s tracking script looks for a tracking cookie, but as it has now been deleted by ITP it creates a new tracking cookie in my browser. Backend in Marketo I am now treated as an anonymous lead (ID: 5678). My activity on example.com is not linked to email@example.com in Marketo.
Day 26: I fill out a Marketo form on example.com with the email firstname.lastname@example.org. Marketo associates the anonymous lead (ID 5678) with the known lead email@example.com in Marketo, and all behaviour tracked on the anonymous lead (on days 23 and 24) is attributed to the known lead firstname.lastname@example.org.
In this example, the behaviour I had on day 13 (anonymous lead ID: 1234) will never be associated with any known lead in Marketo. And there could potentially be many of these “dead” anonymous leads over time whose activity belongs to the same person.
As we cannot work with anonymous leads in Marketo we have to keep identifying leads before their cookie expires in order to obtain website related behaviour data. Identifying leads is already a big (and often underestimated) task, but going from 2 years to 7 days makes the challenge so much more difficult - if not impossible. In the end I think it will mean that we will lose a huge amount of lead behaviour happening on our websites, which in the end makes it difficult to work with personalization.
I look forward to see what the response to ITP 2.1 of Marketo, Google, Adobe and others will be.
What do you think? Please leave a comment.
A bit of fearmongering here. ITP 2.1 can be trivially dealt with for a single Munchkin origin using LocalStorage. Across multiple origins (with a shared domain suffix) it's substantially more complex, but if you have central control and/or shared concern about the web properties it's perfectly doable
I see what you're saying about the expectations with GA being lower, so the ITP reporting penalty is also lower (from a certain point of view) than with Marketo, and since anonymous activity requires a separate WPA report it's harder to get at the hidden, now-anonymous activities. But nobody wants a false 100x multiplier in any analytics platform.
I'm guessing with ITP 2.2 and the similar Chrome changes this becomes even more important. Sanford could you elaborate on the local storage option? Is this the same as storing information in the data layer? Or simply taking Munchkin information and storing it on a local database so when an anonymous user visits, you can check against that database instead of simply checking for the cookie?
Forgive my technical lack of expertise here