My talk from Digital Elite Day 2020 (Conversion Elite track).
I go over the main changes in browser tracking protections since as early as 2003 (Safari version 1). Then I discuss the impact these tracking protections have on digital analytics, advertising, and experimentation.
11. Default browser settings
designed to protect the user
from tracking vectors that
can be harmful
which the user has traditionally
only been able to opt out of.
12. Graphic adapted from https://web.dev/samesite-cookies-explained/
https://www.simoahava.com/
13. Graphic adapted from https://web.dev/samesite-cookies-explained/
Same-site === First-party context
https://www.simoahava.com/
14. Graphic adapted from https://web.dev/samesite-cookies-explained/
https://image.cdn.com/image.gif
https://www.simoahava.com/
16. Graphic adapted from https://web.dev/samesite-cookies-explained/
https://page.somedomain.com/
https://page.otherdomain.com/
https://page.thirddomain.com/
https://image.cdn.com/image.gif
All pages include a request to the third-party resource, thus including
all cookies written on the third-party domain, enabling cross-site tracking.
27. Manage ad frequency
Build graphs and comprehensive audience profiles
Cookie matching/syncing
View-through attribution
Target ads
28. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
29. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
30. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
31. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
32. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
33. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
1st party data collection
34. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
1st party data collection
Tag management
35. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
1st party data collection
Tag management
Client-side state
36. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
1st party data collection
Tag management
Client-side state
Data quality
37. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
1st party data collection
Tag management
Client-side state
Data quality
38. Manage ad frequency
Build graphs and comprehensive audience profiles
Cross-site tracking
Cookie matching/syncing
View-through attribution
Target ads
Analytics integrations
SSO / login flows
State in embedded services
Multi-purpose scripts
1st party data collection
Tag management
Client-side state
Data quality
43. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
44. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018 Storage Access API
45. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018 Storage Access API
ETP
3P storage access on known
tracking domains blocked
46. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018 Storage Access API
ETP
3P storage access on known
tracking domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
47. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
ETP
3P storage access on known
tracking domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
48. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
49. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
50. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Tracking protection
in Edge beta
51. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
2020
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
All 3P cookies blocked
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Tracking protection
in Edge beta
52. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
2020
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
All 3P cookies blocked
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Daily purge of storage from
known tracker domains
Requests to fingerprinting
domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Tracking protection
in Edge beta
53. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
2020
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
All 3P cookies blocked
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Daily purge of storage from
known tracker domains
Requests to fingerprinting
domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Pioneering work on reducing
fingerprinting surfaces
continues
Tracking protection
in Edge beta
54. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
2020
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
All 3P cookies blocked
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Daily purge of storage from
known tracker domains
Requests to fingerprinting
domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Pioneering work on reducing
fingerprinting surfaces
continues
Tracking protection
in Edge beta
Chromium Edge released
Block 3P storage access from
known trackers
55. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
2020
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
All 3P cookies blocked
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Daily purge of storage from
known tracker domains
Requests to fingerprinting
domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Pioneering work on reducing
fingerprinting surfaces
continues
Tracking protection
in Edge beta
Chromium Edge released
Block 3P storage access from
known trackers
Referrer truncation
56. 2003
3P cookies blocked
by default without prior
"seeding"
…
2017
ITP 1.0
Algorithmic classification
of tracking-capable sites
2018
2019
2020
…
Storage Access API
ITP 2.1 - 2.3
Restrictions on 1P storage
Referrer truncation
All 3P cookies blocked
ETP
3P storage access on known
tracking domains blocked
ETP set on by default
for all Firefox installs
Daily purge of storage from
known tracker domains
Requests to fingerprinting
domains blocked
Brave Shields
3P storage access blocked
1P cookies restricted
Referrer truncation
Tracking parameters removed
from URLs
Pioneering work on reducing
fingerprinting surfaces
continues
Tracking protection
in Edge beta
Chromium Edge released
Block 3P storage access from
known trackers
Referrer truncation
All 3P cookies blocked?
80. DO
-Periodically audit the use of client-side state in your sites, services, and applications. Avoid
over-reliance; use HttpOnly where possible, then HTTP headers, then JS.
-Figure out how to incentivize logging in.
-Set cookies you need in third-party context to SameSite=None;Secure, with fallbacks
for unsupported browsers.
- Utilize Storage Access API for access to third-party storage.
-Consider the browser as a manifestation of the user’s desire and intent with regard to
tracking. Err on the side of as much privacy as possible.
81. DO NOT
-Look at "server-side analytics" as a silver bullet.
-Ignore small market share web browsers.
-Expect tracking prevention development to settle / slow down.
-Spread FUD about the impact of these measures without empirical data to back it up with.
-Expect that browsers will handle the ethical / legal side of data collection for you.
-Think that browsers have got tracking prevention "right"