HomeTrainingAttribution & Measurement › Post-ATT and Cookieless Attribution
Attribution & Measurement
RGM° · Training

Post-ATT and Cookieless Attribution

The defining measurement challenge of the decade. iOS ATT, cookie deprecation, Privacy Sandbox, CAPI, clean rooms, and the survival strategies that work.

What you will learn

  1. Why post-ATT and cookieless attribution is the defining measurement challenge of the decade
  2. iOS ATT in depth: what changed and what survived
  3. Third-party cookie deprecation: timeline and what we know
  4. Privacy Sandbox: Topics, Protected Audience, Attribution Reporting
  5. Conversion APIs: server-side data as the new foundation
  6. First-party data and identity strategies
  7. Modeled conversions and data clean rooms
  8. Survival strategies: what mature programs are doing
  9. Advanced playbook
  10. Common mistakes
  11. Operating checklist

Why this matters

The measurement substrate of the 2010s — ubiquitous third-party tracking, persistent user identifiers, click-attribution accuracy — is collapsing. Mature programs are adapting through multiple strategies: server-side conversions, first-party identity investments, MMM and incrementality re-emergence, data clean rooms, and Privacy Sandbox APIs.

The teams that move fast are gaining structural advantages. The teams that hope cookies come back are losing ground.

iOS ATT

Apple's App Tracking Transparency (ATT), launched April 2021 with iOS 14.5, requires apps to request user permission before tracking across apps and websites owned by other companies. Opt-in rates run 20–30%; iOS users represent roughly half of US smartphone users and skew higher-income.

What ATT broke

What ATT preserved

SKAdNetwork (SKAN)

Apple's privacy-preserving attribution framework. Provides aggregate conversion data with delays and limits. Used by all major iOS-targeting ad platforms. SKAN 4.0 added more granular conversion windows and post-install lifecycle measurement.

Third-party cookie deprecation

Chrome's plan to deprecate third-party cookies has been repeatedly delayed. As of 2024–2025, the path forward involves consent-mode-based degradation and increasing reliance on Privacy Sandbox APIs.

Browsers that already block

What this means in practice

Privacy Sandbox

Google's set of privacy-preserving web APIs intended to replace third-party cookies. Key components:

The Privacy Sandbox is still maturing. Effectiveness for advertisers vs cookies is debated; some studies show measurable ROAS decline, others show acceptable performance for properly-prepared advertisers.

Conversion APIs (CAPI)

Server-side conversion APIs are now the foundation of post-ATT measurement. Meta CAPI, TikTok Events API, LinkedIn CAPI, Google Enhanced Conversions, Snap CAPI — each platform's server-side equivalent of its browser pixel.

What CAPI does

Implementation

First-party data and identity

Modeled conversions and data clean rooms

Modeled conversions

When observed conversions are incomplete (consent declined, identifier lost, cross-device), platforms statistically model the missing conversions. Google Consent Mode, Meta's modeling, GA4's behavioral modeling all do this.

Modeled conversions are aggregate estimates, not user-level. They're directionally useful but should not be confused with observed.

Data clean rooms

Privacy-preserving environments where two or more parties can analyze their data together without exposing individual records. Examples: Amazon Marketing Cloud, Google Ads Data Hub, Snowflake Data Clean Rooms, AppsFlyer Privacy Cloud, Habu (acquired by LiveRamp).

Use cases: cross-platform measurement, audience overlap analysis, lookalike modeling with retailer data, cohort analysis with partner data.

Survival strategies

Advanced playbook

Common mistakes

Operating checklist

Sources and further reading


Part of the Attribution & Measurement series.