Como preparar o vosso site para um futuro mais privado (e cookieless)
Criar uma estratégia 1st Party data
- Pensar na permissão – Sempre que possível pedir a permissão ao utilizador comunicarem com ele/ela. O RGPD e o ePrivacy está aí.
- Apostar no login/sign-up – oferecer valor pelo sign-up e login: descontos, produtos exclusivos a utilizadores registados, givaways por se inscreverem, programas de fidelidade, ofertas exclusivas e coupons
- Apostar na comunicação com os vossos utilizadores (CRM) – Apostar numa comunicação eficiente vs. Em massa.
- Manter os dados limpos e atualizados – Pedir atualizações de X em X tempo aos vossos utilizadores, oferecendo sempre um valor por isso.
- Comunicar a privacidade da relação – fazer com que o utilizador se sinta à confortável, comunicar transparência para trabalhar a confiança na marca ( World Federation of Advertisers (WFA) tem um estudo ao aumentar a confiança do utilizador em 1% conseguiram aumentar o valor por utilizador em 3%)
- Aprender a trabalhar os dados de CRM – Apostar na exploração do vosso sistema de CRM. Saber responder a idade média exata dos vossos utilizadores, localização usual, etc. E acompanhar estas mudanças.
Comunicação
- Começar a explorar campanhas baseadas em contexto – campanhas baseadas no site ou aplicação vs campanhas baseadas em interesses ou utilizadores
- Aproveitar as Data Clean Rooms – Data clean rooms are places where walled gardens like Google, Facebook and Amazon share aggregated rather than customer-level data with advertisers, while still exerting strict controls. – Exemplo Custom Audiences do FB ou Google. Um match entre o email que vocês têm e um perfil do outro lado.
Web Analytics
- Utilizar um sistema de Analytics cookieless e 1st party – Matomo Web Analytics, Matomo Tag Manager
- Criar um identificador único igual em todos os sistemas – A ideia é por todos os sistemas de CRM, Web Analytics, etc. Ter um identificador único do utilizador para conseguir cruzar toda a informação
Contexto
iOS 14.5 privacidade ( Safari, etc)
Chrome, Opera
Chrome
O Google disse que pretende atrasar em mais de um ano o seu plano de eliminar cookies de terceiros em seu navegador Chrome, uma medida que provavelmente foi bem recebida pela indústria de anúncios online, que está lutando para mudar para tecnologias alternativas.
FONTE: cookiestatus.com
Brave | Chrome | Edge | Firefox | Safari | Cliqz | |
---|---|---|---|---|---|---|
Mechanism | Shields | n/a | Tracking prevention | Enhanced Tracking Protection (ETP) | Intelligent Tracking Prevention (ITP) | Anti-Tracking |
Deployed in | 0.55.18 | n/a | 78.0.276.8 | 69.0 | Safari 11 | 1.30.0 |
Latest release | Link | Link | Link | Link | Link | Link |
Default protection mode | Default Shield settings | n/a | Balanced | Standard | ITP enabled | Default Anti-Tracking settings |
Classification of “known trackers” | Multiple filter lists | n/a | Trust Protection Lists (with engagement and organization mitigation) | Disconnect.me | Algorithmic | Algorithmic |
Cookies in 3rd party context | Restrict access in subresource requests.
Partitioned access in frame. Partitioned storage is cleared when no more first-party documents that use the partition are open, or when the browser is closed. |
No restrictions. | Access restricted for known trackers. | Access restricted for known trackers. | All access restricted, except with Storage Access API. | Access restricted for known trackers, with mitigations for user interaction and critical flows (e.g. some oAuth implementations).
Cookies set on tracker origins without first-party interaction expire in 1 hour. |
Cookies in 1st party context | For cookies set with document.cookie , expiration set to 7 days.
Otherwise maximum expiry set to 6 months. |
No restrictions. | No restrictions. | All storage is purged from known trackers daily, unless the user has interacted with the site in first-party context within the last 45 days. | For cookies set with document.cookie , expiration set to 7 days.
For cookies set with |
Cookies set on tracker domains with infrequent first-party interaction expire in 7 days. Otherwise expiration set to 30 days after last visit to site.
Cookies set with |
Other browser storage in 3rd party context | Partitioned access in frame.
Partitioned storage is cleared when no more first-party documents that use the partition are open, or when the browser is closed. |
No restrictions. | Access restricted for known trackers.
No restrictions for other domains. |
localStorage and IndexedDB restricted for known trackers.
No restrictions for other domains. |
localStorage is partitioned and reset between application launches.
|
No restrictions. |
Other browser storage in 1st party context | No restrictions. | No restrictions. | No restrictions. | All storage is purged from known trackers daily, unless the user has interacted with the site in first-party context within the last 45 days. | Restricted to 7 days since last interaction (click, tap, text input) with the site. | No restrictions. |
CNAME cloaking | Brave blocks any network requests where either the requested URL or that URL’s CNAME record matches any rules in Brave’s blocklists. | No restrictions. | No restrictions. | No restrictions. | On Safari 14 (requires Big Sur) and on all major iOS and iPadOS 14.2+ browser apps, expiration of cookies set with Set-Cookie HTTP response headers is 7 days at most, if the response originates from a subdomain that has a CNAME alias to a cross-site origin. |
No restrictions. |
Referrer | Cross-site referrers are spoofed (set to the referred-to rather than the referred-from origin) in non-navigational HTTP requests.
Same-site navigation preserves the referrer. |
Default browser policy (strict-origin-when-cross-origin ) |
Default browser policy (strict-origin-when-cross-origin ) |
Default browser policy (strict-origin-when-cross-origin ) |
Downgrade cross-site document.referrer to origin.
Downgrade all cross-site request headers to origin. For referrers that are known trackers, where the referring page also has URL decoration (query parameters or fragments), |
Strip all cross-origin referrers to origin. |
Other | Remove known tracking parameters (fbclid , gclid , msclkid , mc_eid , and others) from URL query strings.
Randomize HTML canvas fingerprints by first-party domain. Freeze Mac OS X version to 10_15_7 in the User Agent string. |
Freeze Mac OS X version to 10_15_7 in the User Agent string. | Freeze Mac OS X version to 10_15_7 in the User Agent string. | Automatically block requests to tracking domains that are also listed in the Fingerprinting category of the Disconnect.me list.
Freeze Mac OS X version to 10_15 in the User Agent string. |
Detect delays in bounce trackers and treat them as regular bounces.
Extend WebKit’s tracking protections to all browsers running on iOS 14 and newer. These protections can only be disabled by the user. Purge all site data from classified domains if no user interaction (or Storage Access API grant) in first-party context has been recorded in the last 30 days. Freeze Mac OS X version to 10_15_7 in the User Agent string. |
Algorithmically identify and purge unique user identifiers from requests to third-party domains.
The Cliqz project has been shut down. |