With the release of High Sierra and iOS 11 in September, Apple introduced a machine learning-based method to restrict the ability of retargeting scripts to track users across the web. Previously, Safari users could try to prevent this by only allowing cookies from websites the user had explicitly visited — this was the default setting in Safari. Unfortunately, mischievous providers of ad retargeting, like Criteo, figured out a workaround:
Here’s what happens: when visiting a site that includes Criteo’s scripts, a bit of browser sniffing happens. If it’s a Safari variant — and only Safari — Criteo rewrites the internal links on the page to redirect through their domain, […]
The user is then sent to their intended destination page, and Criteo’s cookies are allowed to be set. All that’s needed is that split-second redirect for the first link clicked on the site.
Safari’s new tracking prevention mechanism is supposed to prevent this sort of creepy — and, arguably, unethical — behaviour. So, has it worked? Well, here’s what Criteo said in their most recent earnings report:
We believe our solution for Safari users currently allows us to mitigate about half of the potential impact from ITP. In the third quarter, ITP had a minimal net negative impact on our Revenue ex-TAC of less than $1 million. Given our expectations of the roll out of Apple’s iOS11 and our coverage of Safari users, we expect ITP to have a net negative impact on our Revenue ex-TAC in the fourth quarter of between 8% and 10% relative to our base case projections for the quarter. We will continue to improve and deploy our solution for Safari users over the coming quarters.
It appears that there’s definitely some effect on the ability for Criteo’s shitty script to work, but they’re estimating that it’s still about 50% effective. Perhaps this is just petty of me, but I wish ITP reduced Criteo’s script to 0% efficacy. The lengths to which Criteo has gone to — and will go to, according to the last sentence of that quote — in order for them to track users is an indication that they aren’t following the spirit of users’ wishes.
I’m using Criteo as an example here, but AdRoll employs a similar technique. I think that both of these companies behave disreputably, and I hope Intelligent Tracking Prevention continues to improve so it can better protect Safari users.