How the Cookie Crumbles: How Changes to Tracking Cookies May Affect You


Google recently announced the end of third-party tracking cookies with a new Chrome browser that will be in effect in a few years. As this new trend of avoiding third-party cookies gains traction, there has been an awakening of a new attitude and way to look at things in the industry. In our role as an affiliate software provider, we at Income Access know the importance and effect of these tracking developments. It is highly relevant for both affiliates and operators. In this first blog of a series, we will delve into more specifics about cookie-based tracking. To begin with, let’s take a quick look at cookies and what they are.

What are cookies?

Cookies are a lot simpler than they first seem. The basic idea is that all websites can write a bit of text in a specific browser folder that lets them respond better and more personally to the site visitor, next time they visit the site. Cookies, just as they sound, are supposed to be goodies, as they are meant to provide a pleasant user experience, just like real cookies! But like in real life though, too many cookies are bad for you. They can bloat the user experience, leading to sluggish response times and privacy concerns.

With that, comes a variety of questions for businesses on how this will affect users like:

  • How do we conduct business while being fair to the end user?
  • How do we control the use of cookies so that they are used in a way that prioritizes end user experience and end user privacy?
  • More importantly, how do we re-instill trust in that user so that we get meaningful engagement from that user and hopefully even more referral business?

Now, while it is impossible to say where cookies are heading for certain, we have a good sense of where the market is heading. Below are some important concepts we believe are prevalent to this emerging issue.

Third-party cookies are becoming less and less desirable, as browsers are adding functionality to control them with more granularity. On top of that, companies using them to track on behalf of other companies are being given stricter guidelines to adhere to.

First-party cookies are still fine to use, however, what is written inside them needs to be minimally sufficient, as you cannot write too many cookies that are bloated with information that triggers more services that could eventually jeopardize the end user's privacy and user experience.

  • Any tracking service operating as a third party must track securely using HTTPS.
  • Any tracking service operating as a third party must also declare the SameSite directive before attempting to write any cookie.
  • What content is written in the cookies and their purpose must follow guidelines and adhere to privacy laws.

There are still many companies that rely on third-party cookies (with good intent) because they offer third party services to parent companies, and this is how they make their living.

Rest assured, cookies are just one way of tracking referrals for Income Access. There is also a fingerprinting solution, which is becoming more and more prevalent these days. However, this is an option that smaller companies cannot simply implement without substantial expertise and investment. Before we spend too much time on alternatives, let’s take a deeper look at what kind of trajectory cookies might be taking. 

Where are cookies going?

So, now having learnt a little more about cookies, what should we do? Should we only consume good wholesome cookies straight from the trusted source? As it turns out, the general trend is that browsers are trying to do just that. They’re trying to control your user experience by limiting what kinds of cookies get written onto your machines. If you visit a site, it is assumed that you trust it and if its domain writes a cookie on your machine, it is considered a first-party cookie, which is a good wholesome cookie!

Conversely, if you visit a site and that site, behind the scenes calls other third-party sites or services, which in turn write their own cookies on your machine, those cookies coming from different domains are considered third-party cookies, which are not guaranteed to be safe. Third-party cookies warrant more scrutiny, but most browsers are implementing better mechanisms to regulate and restrict third party cookies under the privacy section within the settings. As a user, you can even choose not to be tracked by third parties.

All of these methods will definitely affect the way Income Access is able to track user activity. Rest assured, tracking, even with the use of third-party cookies, is still working and we have made sure that we are strictly conforming to the needs of today.

How we plan to adapt

  • The first change we expect, and are now fully compatible with, is the SameSite Cookie restriction change. We expect that all browsers will follow suit with this and adopt the same cookie restriction policy that was set up for Google Chrome. It dictates that all tracking sites will explicitly mark the tracking cookies with the SameSite=none directive, otherwise the browser by default will block third-party cookies.
  • The second change we are now enforcing is that any domain, subdomain used by the affiliate program, tracking or otherwise must be secure. (HTTPS)
  • We also ensure that the registration pixel is in place and tested for all onboarding brands using the brand's own tracking domain.

At the moment, we are in the process of futureproofing. We want to be sure that whatever direction tracking takes, we will be entirely prepared and we have the luxury to do so. The fact of the matter is that cookie tracking is still the most accurate method of tracking (it provides 100% accuracy). After all, you are reading the tracking information directly from the cookie you wrote on.

In a nutshell, Income Access will continue with cookies while continuously improving its different tracking methods.

If you found this article helpful, then stay tuned for the next one where we cover cookie-less approaches to tracking.