Picture this, you use a web browser to visit two different websites:
Each website is able to record a cookie in your browser in order to store information about your browsing session. Examples:
Let’s visualize how the cookies are stored in the browser:
Because of browser security, mywebsite1.com can only read cookies created by mywebsite1.com (first party). Likewise, mywebsite2.com can only read cookies created by mywebsite2.com (first party).
As it is, there is no way for the two websites to share cookie information.
Unless…
Unless the two website owners agree to work together and put some codes into both (or one of ) their websites.
Let’s look at some examples and their limitations.
1. You use a web browser to visit myshopping.com, a shopping website. The website assigns you a Client ID in the cookie, and it knows that you have viewed, say, a Lego Star Wars set.
2. You leave myshopping.com, and go to another unrelated website, myblog.com, to read some articles.
On its own, when your browser is on myblog.com, there is no way for it to read the cookie set by myshopping.com.
Unless there is a prior agreement that goes something like (greatly simplified):
So codes can be implemented on myblog.com website, these are often image tag (aka pixel) or iframe tag. Examples:
<img src="https://myshopping.com/a36fbsdrsd/track.gif"><iframe src="https://myshopping.com/s4fgdl324sdf/track.html"></iframe>
Now, even through your browser is on myblog.com:
myshopping.com (whose web assets are now embedded in myblog.com) can now access cookies created by myshopping.com.
In this context, the myshopping.com cookies are known as third-party cookies.
In essence, myshopping.com will be able to:
The limitations
In recent times, pretty much all browsers except Google Chrome have disabled the ability to access third-party cookies. So this method is no longer as effective as before.
Update: Google has previously mentioned that they would kill third-party cookies but they seemed to have reversed course. We are still monitoring this for more concrete details.
For the latest browser cookie security info, you may refer to cookiestatus.com
A simplified example:
1. You use your web browser and search for “Lego Star Wars” on google.com.
2. You click on a paid link, Google knows the keywords that you searched for and that you have clicked on a result link, Google can store this info into a cookie:
3. At the same time, Google can add this info onto the link that you click on, to be passed over to the target website. For example:
4. When your browser comes to myshopping.com page, an embedded Google code (Conversion Linker) can read the URL parameter and record it to a first-party cookie so that the value can persist throughout your browsing session.
Notice the cookie domain is myshopping.com, which is in first-party context.
5. When you subsequently make a purchase on myshopping.com, the embedded Google conversion tag can use this cookie info and attribute the sales back to the paid link that you originally clicked on.
Limitations
As browser makers continue to fight cross-site tracking, this URL-passing method is also targeted.
For example, Apple’s Intelligent Tracking Prevention (ITP) can intelligently detect that gclid is a tracking URL parameter and does not impact the core website functionality, it can then limit any cookies created by JavaScript on the landing webpage to only 24 hours lifespan, thus greatly limiting the long-term tracking ability.
As you hopefully understand now, cross-site tracking using pseudo-random user IDs stored in cookies is becoming less effective.
However, we also recognize how valuable it is for companies to be able to measure their marketing spend. We all have heard of this phrase coined by John Wanamaker:
Half the money I spend on advertising is wasted; the trouble is I don’t know which half.
That is why some tech giants have come up with or are working on new technologies to measure marketing attributions without using cookies. Let’s look at some solutions/proposals and their limitations.
If we can no longer rely on pseudo-random IDs, it stands to reason that the most reliable way is to use user-provided info such as:
It basically goes something like this:
This is precisely what Google Ads Enhanced Conversions and GA4 Enhanced Conversions do.
Limitations
User-provided info often comes from:
Which means this technology may only be used on a small percentage of your traffic.
Also, sending user info (though it is hashed) presents a privacy concern for most companies and will need some convincing in order for them to adopt this technology.
As mentioned, it’s very valuable for companies to be able to understand and optimize their marketing spend. But how do we do this while maintaining a level of user privacy?
One idea is that, instead of having practically unlimited tracking values:
eg. track_id=<xxxxxxxxxxxxxxxxxxxxxxxxx>
(you can track anything, down to the individual users and their activities, eg. viewed a particular product)
We limit the number of tracking values:
eg. track_id=<can only be value 0 to 255>
That means, you would have to carefully plan out the tracking values. For example:
And so on.
The point is that, by doing so, it greatly reduces the ability to track individual users. Rather, the tracking and attribution is based on aggregated values that can represent user interests or intentions.
This is the general idea behind technology proposals such as:
Limitations
These are the big reasons why we haven’t seen a massive adoption by the whole industry yet.
Although, in the iOS ecosystem, SKAdNetwork has seen a steady growth of adoption. This is mainly because Apple has full control over iOS.
We were heading towards a (third-party) cookieless world until Google decided that they weren’t going to kill third-party cookies after all. From the blog post, it seems like Google will:
That means an “industry standard” tracking mechanism now seems even more far-fetched than before.
Currently, there is no concrete answer to what long-term strategy companies should adopt in terms of attribution technologies. We can only advise that we “get our feet wet” by trying out technologies that do not take up a lot of resources such as Google Enhanced Conversions, and then monitor the conversion data recovery rate.
...
Sparkline aims to provide data accuracy, comprehension and consolidation, and most importantly, tangible insights for businesses. Get in touch if you’d like to find out more about GA4.
