But in its current state, I have some concerns about how reliable it is, how it will stand up to tighter privacy regulations and what the return on investment for advertisers will be.  

Firstly, let’s distinguish the difference between cross-device tracking and what I think it’s often confused with, device tracking. 

So, if a customer makes a purchase on a device – desktop, mobile, tablet – it will be tracked to the affiliate as long as the advertiser has implemented the tracking correctly and this was the last touch point before the sale (assuming the attribution model is last click wins).

This is not cross-device tracking, this is simply mobile-enabled tracking which will be common across most advertisers within the affiliate marketing channel.

However, if a customer was referred by an affiliate on a desktop, and that customer later buys on their mobile, this would not be attributed back to that affiliate as with standard tracking it is not possible to match the customer on both the desktop and mobile journey. 

So in this example, the affiliate loses the sale. This is why there is potentially a greater need for cross-device tracking in the affiliate channel.

Tracking a user’s behaviour across desktop is easy because it uses cookies and the cookie is essentially a person’s unique identifier so as they happily hop from website to website on their desktop computer they leave a trail which we are able to identify and gain insight from. 

The challenge occurs however when that user also uses their tablet or mobile – cookies don’t get on well in the mobile space, they do exist but they are unreliable and they reset each time a user closes their browser. 

In the app world they can’t be shared between apps, so are rendered useless in tracking customer behaviour between apps and webpages.

So how do companies track cross device user behaviour if cookies don’t work?

There are a number of third party companies that do this, the two most well-known are Drawbridge and Tapad.

They can track users across devices by three methods:

  1. Deterministic
  2. Probabilistic
  3. Combined – which is a combination of the two above methods


This method relies on personally identifiable information (PII). Yes those three letters that strike fear into any advertiser – for example this might be a universal log-in that a person uses, such as an email address. 

It would of course be encrypted so it is not visible to anyone. 

It works well for the giants of the media space including Google, Apple , Facebook and Twitter and any other companies that require a user to login, but is not 100% accurate due to limited log-ins on mobile devices, logging in on other people’s devices etc.

But then it’s important to note here that none of these methods are 100% accurate, anywhere between 70%-90% seems to be the ball park.   

For an industry that predominantly focuses on new customer acquisition, I find it difficult to see how deterministic cross-device tracking will be possible over more than a limited set of advertisers. 


Probabilistic does not use PII data, it utilises data points to make a statistical analyses on a “likely” match between devices, not an exact science by any means. 

For example, if a laptop, iPad and mobile device were all logging into one Wi-Fi signal at the same time, every day, you could make a reasonable assumption that they are the same person.

This method uses billions of data points such as device type, operating system, location, date and time etc. to spot trends and make what can best be described as an educated guess. 

This method is quite clearly less accurate than Deterministic but does avoid the PII issue, however, the user should still be made aware of how their data is being used so this needs to be considered.

Both methods raise implications regarding use of personal data and opt-out. 

At the moment the directive is an opt-out for all users but there is discussion in Europe regarding opt-in which would potentially render this technology fairly useless unless marketers can do a good job in convincing consumers why it is good to have their every move monitored. 

I’m a marketer and I think it’s great, I want to see relevant advertising but it still shocks me how wrong marketers are getting it now.

There is still a lot of work to be done in order to prove to consumers why they should give up some of their privacy to get targeted with better marketing.

However despite some of the ineptness in this space currently an opt-in only solution does seem highly unlikely as it would affect far more digital activity than this (let’s hope that comment doesn’t come back to bite me at a later date). 

So where does this leave us when it comes to affiliate marketing? 

The Deterministic model for me is clearly the most reliable, but also the most intrusive, plus in reality it’s not going to be available to a lot of advertisers.

The Probabilistic method offers a solution if an advertiser is comfortable with the way the data is interpreted. 

When this is purely based on data and insight, it’s not a problem, but when it is based on paying a commission on sales which directly affects budgets and CPAs then I can see that this is a more difficult decision to make. 

Ultimately it comes down to two things:

  • Is it fairer for affiliates, even if it isn’t 100% perfect, we know that currently they are losing out.
  • Will it drive better ROI in the long-term for advertisers through better understanding of the data and hopefully better performing affiliates. 

All in all it feels like, yes, more data is good, but I do think there are a lot of grey areas around privacy, how accurate it is and in reality what return it gives.  

It’s an issue we will continue to monitor and explore the most reliable and ethical way to support our advertisers that may want to have this visibility now and in the future.

For more on this topic, read: