Skip to content

Stale Cookies: iOS14, ITP, ETP and the changing world of tracking.


The ubiquitous cookie. Whether you understand it or not, you’ve definitely heard a lot about them in the news. I mean, it’s hard to ignore the eye watering numbers in the headlines when you see that a French privacy watchdog ordered Google to pay 100 million euros and Amazon to pay 35 million euros over breaching tracking cookie laws. 

Beyond that, there’s also a whole lot of different terms flying around: ETP, ITP, iOS14, First Party and Third Party cookies. It’s a lot to get your head around, but today this article will give you a quick overview of the major points so you can keep up with everything that’s going on.

What’s a cookie? 

In 1994, Lou Montulli developed cookies for the first time. Working at Netsape, Montulli worked alongside John Giannandrea to develop cookies into a unique solution that would help make shopping carts for e-commerce stores possible. Despite their major impacts and all this fuss, cookies are simply little text files that are stored in your computer storage to help make your internet browsing experience more consistent and convenient. Cookies drive everything from website login systems through to remembering that you want your currency in USD and the site in dark mode on your next visit.

That doesn’t sound so bad? It really doesn’t. BUT unfortunately people immediately found ways to abuse this system. And this is where we should discuss first vs third party cookies.

Coming In First

First party cookies are ones set by the domain you’re visiting. They allow website owners to collect analytics data, remember language settings, and perform other useful functions that help provide a good user experience. Their original intention was to give the internet memory and we rely on them heavily for a good customer experience. For example, you’ve come through to a shop’s website and they put a cookie in your browser so it can remember what’s in your shopping cart in between pages.

Pulling in The Bronze

So first party cookies are set by the site you’re visiting, then third party ones are set by people OTHER than the site you’re visiting. An advertising platform could provide a code for you to put on your website which sets a cookie and tracks behaviour and then anyone ELSE using that same code on their website can access your cookie as wellThis is where things become valuable for advertisers. One website of information is great, but two or more is where a picture starts to come together about you as an individual.

Maybe we need to go on a diet?

People definitely seem to think so. With the progressive passing of additional privacy laws like the GDPR or the 2020 California Consumer Privacy Act, the world is becoming increasingly concerned with the behaviour of tech companies and their ability to know a hell of a lot about us.

A Flurry Of Acronyms 

As the world moves to become slowly more privacy conscious, web browsers and mobile companies have risen to the occasion:

Safari ITP: Intelligent Tracking Protection. Blocks ALL tracking cookies and reduces the effectiveness of cross site tracking even on your own domains.

Firefox ETP: Enhanced Tracking Protection. A bit more flexible, but blocks known tracking cookies.

Chrome: (No Acronym yet) Due to being created by Google – one of the largest accumulators of 3rd party information – Chrome is a few steps behind and is aiming to block third party cookies by 2022. Chrome is also working to implement new technology to provide attribution without compromising privacy.

Apple Comes In Swinging With iOS

The biggest development in the tracking space is the announcement that Apple will force app developers to specifically ask users to opt in to cross platform tracking, as opposed to the current opt out model. Considering that the number of people who opted to share location data with apps dropped from nearly 100% to around 50% when Apple started an opt in model, this has a multiple platforms worried and has made major impacts in how platforms like Facebook will be able to run their advertising effectively. Although looking at a few court cases, this may be continue to be in question for quite some time.

Final Considerations

The blocking of third party cookies is not a permanent solution, companies will simply move onto more first party cookies and other tracking solutions, eg: IP Addresses, Mobile Device Id, Fingerprinting.

Safari’s ITP has already gone through multiple changes as people have come up with various ways to skirt the rules. For example, Facebook switching to a quasi-first party cookie but still passing information back. In response, Safari now restricts how long first party cookies can exist when they contain referral info from Facebook. This is not a solution that has come about out of the goodness of a company’s heart. Data will become more and more important, and the major players already have a huge volume of it.

Smaller companies are going to join more and more data consolidation services to drive the thirst for programmatic third party targeting data. Consider that in 2018, American companies spent roughly $19.2 billion on third-party data, which will only be driven to  higher extremes with restrictions on availability of third party tracking information and impaired attribution information.

The original creator of cookies, Lou Montulli, spoke of his concerns around the banning of third party cookies in a prophetic post back in 2013 on his blog and I quote:

  • The evil you know is better than the one you don’t.
  • This is probably a race we can’t win.

Learn more about our digital marketing automation services.


Jakob Naumann

Jakob is an experienced and analytical digital marketer with a deep understanding of Marketing Automation, MarTech, Integrations, E-Commerce and Omnichannel Digital Experiences in B2B and B2C environments. At Green Hat, he works with clients to accelerate digital marketing and marketing automation strategies, with a clear focus on digital experience.