iOS and Android Privacy Changes Are Quietly Breaking Click Attribution — Here's What Still Works
App Tracking Transparency, Enhanced Tracking Protection, and third-party cookie restrictions have each removed a layer of click tracking. Server-side, first-party redirect logging is one of the few methods still fully intact.
A Timeline of What Changed
Apple's App Tracking Transparency (ATT), introduced in iOS 14.5, requires apps to explicitly ask permission before tracking a user across other apps and websites — most users decline. Safari's Intelligent Tracking Prevention (ITP) restricts third-party cookies and caps the lifetime of client-side tracking scripts. Chrome has phased in its own third-party cookie restrictions through the Privacy Sandbox initiative. Each of these changes independently removed a piece of the click-tracking stack that marketing tools relied on for a decade.
Why Pixel-Based Tracking Is the Most Affected
Tracking pixels and third-party cookies work by having a user's browser make a request to a tracking domain that isn't the site they're visiting, then reading or writing an identifier tied to that domain. Every privacy change listed above targets exactly this pattern: cross-site identifiers set by a party other than the site the user is actually on. As these are restricted, attribution methods that depend on them degrade — sometimes silently, with dashboards continuing to show numbers that are quietly less accurate than they used to be.
Why Server-Side Redirect Logging Isn't Affected
A short link redirect works differently. When someone visits pocolink.com/your-slug, the click is recorded at the moment the server looks up the destination and issues the redirect — first-party, no cookie required, no cross-site identifier involved. The click either happened or it didn't; there's no permission dialog to decline because no cross-site tracking identifier is being set in the first place. This is the same reason server logs have always been a reliable baseline metric, even before privacy regulation targeted client-side tracking.
What You Lose With This Approach
Being clear about the trade-off matters. Server-side redirect logging tells you a click happened, from what approximate device, browser, and location, and via what short link — but it doesn't build a cross-session profile of the same person's behavior across unrelated sites, because it was never designed to. If your attribution needs specifically require stitching together a single user's behavior across multiple, unrelated properties over time, this approach won't do that — and increasingly, neither will most other methods without running into the same privacy restrictions.
The Practical Takeaway
For campaign-level and channel-level attribution — which link drove how many clicks, from where, on what device — first-party server-side logging via distinct short links per channel has become more reliable relative to pixel-based methods, not less, precisely because it was never dependent on the mechanisms privacy updates are removing. As pixel-based attribution keeps eroding, this is one of the few measurement approaches that doesn't need a workaround.