CAKE Knowledge BaseCAKE For Networks FAQ & GlossaryChrome v80: Cookie Tracking Updates

Chrome v80: Cookie Tracking Updates

Best Practices to ensure precision in Tracking

When it comes to backing out all of your advertising dollars it is very important to understand the difference between accuracy and precision. To track a single user accurately is not the goal. To track most users accurately consistently is the goal, being accurate consistently is precision.

Since we are in the context of digital marketing lets take the web browsing experience and how dynamic it is for each user depending on their web browser, device, and sometimes their geo-location.

In this article, we will outline the best practices to ensure precision in tracking your digital media. Read this article to answer the question, "how do I track as best as precise as possible?".

What is changing why do I care?

Chrome is looking to make a standard change with how it handles cookies, they refer to this change as SameSite https://www.chromium.org/updates/same-site. Cookies allow developers to store info on users' machines which the web sees as a vulnerability. So Chrome is updating the spec required for cookies to ensure cookies are not being abused by bad actors.

You may have heard about this warning in Chrome "A cookie associated with a cross-site resource at #site# was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Changes

According to the links above, Chrome V80 will treat cookies as SameSite=Lax by default if no SameSite attribute is specified. Developers are still able to opt-in to the status quo of unrestricted use by explicitly asserting SameSite=None.

This is important for CAKE users since this browser behavior change is slightly different than the Safari ITP changes. Cookies default to SameSite=Lax will impact how we track conversions passively, due to the browser no longer sending cookies. With Chrome, their changes will impact all cookies, not just third party cookies. Most importantly Active Tracking > Iframe (img, or JS) will not result in a conversion, due to the cookies not being sent to CAKE.

The impact of these changes will be fully live in February of 2020 it is currently being beta tested.

Note: Users who click and convert in under 2 mins will not be impacted by the change. We expect this change to hit more users since the typical time to conversion is longer than 2 mins.

What is the new best practice?

Our best practices have not changed. Since the web is moving toward privacy and user protection reliance on cookies should be abandoned ASAP. How do I track without cookies? Server to server tracking is by far the best way to ensure precision as you are passing around session IDs to allow conversions to be tracked.

Don't Fret CAKE is here

Since we know that not all users have the ability to follow our best practices we have a new feature in Beta that would allow users to specify they want that domain to follow the new spec. To enable the SameSite feature to navigate to Setup > Other Lists > Domains level. When enabled CAKE will set these properties when setting cookies 'SameSite=None` and `Secure`. When CAKE tracking sets this property the Chrome browser Version 80 will send through cookies.

This feature is designed to be enabled to ensure that the control of when domains are tagged as thrid party trackers is in the hand of the user. CAKE is not sure what chrome will do with this information in future releases, but it is evident that this release is designed to allow developers to OPT-IN to Third-Party tracking capabilities.

Because privacy is a concern and all modern browsers are moving towards protecting PII. CAKE anticipates this is the first of many changes which will be putting cookie-based tracking under even more scrutiny. This is why we have ordered the preferred tracking methods by precision.

Preferred Tracking Methods based on Precision (how often can we be accurate)

Active Tracking > DCP > JS SDK

This approach ensures that the Session ID generated at the time of the Active Tracking click will be passed to the DCP to allow the session ID to be stored in the site's First Party Cookie. When the consumer reaches the JS SDK the session ID will be read from the cookie ensuring that the p.ashx call will have a Session ID. This is using server side tracking client-side since we are using the site's cookies to store CAKE Session IDs.

Note: The first-party cookie is a session cookie. So the cookie will be lost if the users close their browser.

Active Tracking > Server to Server

This approach requires the CAKE users to pass the #reqid# to the Advertiser via the landing page URL in CAKE. This method is also referred to as Postback URLs. Your advertiser will need the capabilities of identifying users at time of conversion.

DCP > JS SDK

This approach leverages the same premise as the first example. The difference here is that the Session ID is generated on-page instead of part of the 302 to the landing page.

Active Tracking > Iframe

This is the most simple way to track in CAKE and therefore it is the most unreliable. It is becoming less reliable as web browsers move toward protection users' privacy. It is best to avoid this type of tracking whenever possible.

Summary

You may have been bitten by Safari earlier in the year with Safari ITP 2.2. If you followed the best practice in all of your use cases you are not impacted by this change. Since you have removed your reliance from cookies.

Active Tracking > Iframe is our easiest way to integrate CAKE tracking is no longer going to work in Chrome v80.

CAKE has a new feature in Beta that would allow CAKE users to self identify their domains as Third-Party Trackers. The only trade-off that CAKE sees is, this setting is telling, as it would enable Chrome to easily identify these types of domains in the future. This seems to be a statement of direction for all the major web browsers. To ensure precision you should remove your reliance from cookies whenever possible.