Como preparar o vosso site para um futuro mais privado (e cookieless)

Como preparar o vosso site para um futuro mais privado (e cookieless)

Criar uma estratégia 1st Party data

  1. Pensar na permissão – Sempre que possível pedir a permissão ao utilizador comunicarem com ele/ela. O RGPD e o ePrivacy está aí.
  2. Apostar no login/sign-up – oferecer valor pelo sign-up e login: descontos, produtos exclusivos a utilizadores registados, givaways por se inscreverem, programas de fidelidade, ofertas exclusivas e coupons
  3. Apostar na comunicação com os vossos utilizadores (CRM) – Apostar numa comunicação eficiente vs. Em massa.
  4. Manter os dados limpos e atualizados – Pedir atualizações de X em X tempo aos vossos utilizadores, oferecendo sempre um valor por isso.
  5. Comunicar a privacidade da relação – fazer com que o utilizador se sinta à confortável, comunicar transparência para trabalhar a confiança na marca ( World Federation of Advertisers (WFA) tem um estudo ao aumentar a confiança do utilizador em 1% conseguiram aumentar o valor por utilizador em 3%)
  6. Aprender a trabalhar os dados de CRM – Apostar na exploração do vosso sistema de CRM. Saber responder a idade média exata dos vossos utilizadores, localização usual, etc. E acompanhar estas mudanças.

Comunicação

  1. Começar a explorar campanhas baseadas em contexto – campanhas baseadas no site ou aplicação vs campanhas baseadas em interesses ou utilizadores
  2. Aproveitar as Data Clean Rooms – Data clean rooms are places where walled gardens like Google, Facebook and Amazon share aggregated rather than customer-level data with advertisers, while still exerting strict controls. – Exemplo Custom Audiences do FB ou Google. Um match entre o email que vocês têm e um perfil do outro lado.

Web Analytics

  1. Utilizar um sistema de Analytics cookieless e 1st party – Matomo Web Analytics, Matomo Tag Manager
  2. Criar um identificador único igual em todos os sistemas – A ideia é por todos os sistemas de CRM, Web Analytics, etc. Ter um identificador único do utilizador para conseguir cruzar toda a informação

Contexto

iOS 14.5 privacidade ( Safari, etc)

Chrome, Opera

Chrome 

O Google disse que pretende atrasar em mais de um ano o seu plano de eliminar cookies de terceiros em seu navegador Chrome, uma medida que provavelmente foi bem recebida pela indústria de anúncios online, que está lutando para mudar para tecnologias alternativas.

 

FONTE: cookiestatus.com

Brave Chrome Edge Firefox Safari Cliqz
Mechanism Shields n/a Tracking prevention Enhanced Tracking Protection (ETP) Intelligent Tracking Prevention (ITP) Anti-Tracking
Deployed in 0.55.18 n/a 78.0.276.8 69.0 Safari 11 1.30.0
Latest release Link Link Link Link Link Link
Default protection mode Default Shield settings n/a Balanced Standard ITP enabled Default Anti-Tracking settings
Classification of “known trackers” Multiple filter lists n/a Trust Protection Lists (with engagement and organization mitigation) Disconnect.me Algorithmic Algorithmic
Cookies in 3rd party context Restrict access in subresource requests.

Partitioned access in frame.

Partitioned storage is cleared when no more first-party documents that use the partition are open, or when the browser is closed.

No restrictions. Access restricted for known trackers. Access restricted for known trackers. All access restricted, except with Storage Access API. Access restricted for known trackers, with mitigations for user interaction and critical flows (e.g. some oAuth implementations).

Cookies set on tracker origins without first-party interaction expire in 1 hour.

Cookies in 1st party context For cookies set with document.cookie, expiration set to 7 days.

Otherwise maximum expiry set to 6 months.

No restrictions. No restrictions. All storage is purged from known trackers daily, unless the user has interacted with the site in first-party context within the last 45 days. For cookies set with document.cookie, expiration set to 7 days.

For cookies set with document.cookie, expiration set to 24 hours on pages with URL decoration (query parameters or fragments) when referring domain is a known tracker.

Cookies set on tracker domains with infrequent first-party interaction expire in 7 days. Otherwise expiration set to 30 days after last visit to site.

Cookies set with document.cookie have a maximum expiration of 7 days.

Other browser storage in 3rd party context Partitioned access in frame.

Partitioned storage is cleared when no more first-party documents that use the partition are open, or when the browser is closed.

No restrictions. Access restricted for known trackers.

No restrictions for other domains.

localStorage and IndexedDB restricted for known trackers.

sessionStorage is not restricted.

No restrictions for other domains.

localStorage is partitioned and reset between application launches.

IndexedDB is restricted.

sessionStorage is not restricted.

No restrictions.
Other browser storage in 1st party context No restrictions. No restrictions. No restrictions. All storage is purged from known trackers daily, unless the user has interacted with the site in first-party context within the last 45 days. Restricted to 7 days since last interaction (click, tap, text input) with the site. No restrictions.
CNAME cloaking Brave blocks any network requests where either the requested URL or that URL’s CNAME record matches any rules in Brave’s blocklists. No restrictions. No restrictions. No restrictions. On Safari 14 (requires Big Sur) and on all major iOS and iPadOS 14.2+ browser apps, expiration of cookies set with Set-Cookie HTTP response headers is 7 days at most, if the response originates from a subdomain that has a CNAME alias to a cross-site origin. No restrictions.
Referrer Cross-site referrers are spoofed (set to the referred-to rather than the referred-from origin) in non-navigational HTTP requests.

strict-origin-when-cross-origin or stricter referrer policy in cross-site navigational requests.

Same-site navigation preserves the referrer.

Default browser policy (strict-origin-when-cross-origin) Default browser policy (strict-origin-when-cross-origin) Default browser policy (strict-origin-when-cross-origin) Downgrade cross-site document.referrer to origin.

Downgrade all cross-site request headers to origin.

For referrers that are known trackers, where the referring page also has URL decoration (query parameters or fragments), document.referrer is downgraded to eTLD+1.

Strip all cross-origin referrers to origin.
Other Remove known tracking parameters (fbclid, gclid, msclkid, mc_eid, and others) from URL query strings.

Randomize HTML canvas fingerprints by first-party domain.

Freeze Mac OS X version to 10_15_7 in the User Agent string.

Freeze Mac OS X version to 10_15_7 in the User Agent string. Freeze Mac OS X version to 10_15_7 in the User Agent string. Automatically block requests to tracking domains that are also listed in the Fingerprinting category of the Disconnect.me list.

Freeze Mac OS X version to 10_15 in the User Agent string.

Detect delays in bounce trackers and treat them as regular bounces.

Extend WebKit’s tracking protections to all browsers running on iOS 14 and newer. These protections can only be disabled by the user.

Purge all site data from classified domains if no user interaction (or Storage Access API grant) in first-party context has been recorded in the last 30 days.

Freeze Mac OS X version to 10_15_7 in the User Agent string.

Algorithmically identify and purge unique user identifiers from requests to third-party domains.

The Cliqz project has been shut down.

Deixe um comentário

This website is hosted Green - checked by thegreenwebfoundation.org