On September 18, 2023, Apple shipped iOS 17. Tucked inside the release was a feature called Link Tracking Protection — initially enabled only in private browsing, Mail, and Messages. It looked minor. By the following Friday our Meta cost-per-lead across nine PI firms was up 87%, the Advantage+ campaigns had started spending against the wrong audiences, and I was on a call at 11pm trying to explain to a managing partner why his weekly intake report had gone sideways.
This is the timeline of what broke, the diagnostic process that took longer than it should have, and the three changes that got us back to baseline by November. I'm writing it now because I keep seeing firms run into the same problem on every subsequent privacy release — iOS 17.2, iOS 18, Safari 18, the EU DMA changes — and the playbook is the same every time.
§ I · The detectionWhat we saw in the first 72 hours.
Our weekly cadence is a Monday standup with each firm where we walk the previous week's intake against the previous week's spend. The Monday after iOS 17 dropped, four of nine PI firms had identical anomalies:
- Meta lead-event volume was down 18–24% week-over-week.
- CRM-recorded intakes from Meta-sourced leads were flat over the same period.
- Spend pacing was 4–7% over plan; the campaigns were buying impressions but the Lead events weren't firing.
The gap between "Meta says we got fewer leads" and "the CRM says we got the same number of leads" is the entire story. The signal to the platform broke, not the underlying acquisition. Our model was blind, not failing.
§ II · The mechanismWhat Apple actually changed.
Link Tracking Protection in iOS 17 stripped specific query parameters from URLs in private browsing, Mail, and Messages. The parameters Apple targeted included fbclid — Facebook's click ID, the cookie surrogate that Meta uses to attribute a click to a downstream conversion.
When an iOS 17 user clicked our ad from Mail, or from Messages, or in private browsing, by the time they landed on our funnel the fbclid query parameter was gone. The browser pixel still fired on form submit, but the resulting event had no click identifier to match back to the upstream Meta auction. From Meta's perspective: spend, but no conversions.
The compounding factor: in October Apple expanded LTP coverage (iOS 17.2, December 2023, applied LTP to all browsing). At that point the bleed accelerated. By the December check-in our event match quality had dropped from 8.4 to 5.6 on Lead events — a meaningful drop, because Meta uses event match quality as a tie-breaker in its delivery model.
§ III · The rebuildThree changes, in the order we made them.
1. Conversions API as the source of truth, not the backup (week 4)
We had Meta Conversions API on three of the nine firms before this happened, configured as a fallback to the browser pixel. That configuration is backwards once you can't trust the browser pixel. We flipped CAPI to be the primary event source on all nine firms in week four, with the browser pixel as the deduplication backup. The implementation that mattered:
- Server fires the Lead event with a deterministic
event_id(UUID generated on the form submit endpoint). - Browser pixel uses the same
event_idso Meta dedupes the two signals. - CAPI payload includes hashed email, hashed phone, IP, user-agent,
_fbp,_fbc. The match quality recovery comes from feeding Meta every match key you have server-side.
We have the same CAPI pipe wired into MVA Leads today. Every form submission fires server-side to Meta with the same UUID the browser pixel uses — match rate sits north of 90% on the Lead event.
2. First-party data collection inside the funnel (week 5)
The richer the user_data we hand to CAPI, the better the match. The intake forms had been collecting email and phone in step 3 of a 4-step flow. We rebuilt them so step 1 captured first name + email, with a clear progressive-disclosure pattern. The result was a modest 3.2% reduction in completion rate but a much larger lift in match quality because we were feeding Meta a contact identifier on every drop-off, not just on completers.
3. Signed-case CPA as the optimization event (week 6)
Even with CAPI wired up properly, optimizing for Lead events is structurally noisy when 30% of your "leads" are people who submitted on autofill and never picked up the phone. We pushed our signed-case events back to Meta as a custom server event and switched the bid objective. Volume dropped 22% the first week. Cost per signed case dropped 41% by week twelve.
§ IV · The follow-throughSix-week recovery curve.
Here's the simplified weekly trajectory across the nine firms:
| Week | Action shipped | Meta CPL vs baseline |
|---|---|---|
| 1 | iOS 17 ships. No action yet — diagnostic. | +87% |
| 2 | Audit each firm's CAPI status. | +91% |
| 3 | Rebuild dedup with shared event_id. | +74% |
| 4 | Flip CAPI to primary across all firms. | +52% |
| 5 | Front-load email capture in intake. | +24% |
| 6 | Server-side signed-case events to Meta. | +8% |
| 10 | No new shipments — model retraining. | −3% (baseline) |
§ V · The lessonIf you're running paid social today, this is the operating posture.
- Treat the browser pixel as untrusted. It will quietly degrade every release cycle. CAPI is the primary channel; the pixel is the deduplication signal.
- Generate the
event_idserver-side and reuse it in the browser pixel. If both fire, Meta dedupes; if only one fires (browser blocked by privacy), you still get the conversion. This is the single highest-leverage change in the playbook. - Hash and send everything to CAPI's user_data you can defensibly collect: email, phone, IP, user-agent,
_fbp,_fbc, first name, ZIP. Each additional match key recovers a few percentage points of attribution. - Bid on the actual conversion that matters to your business. For PI, that's signed cases, not leads. The platform optimizes for whatever signal you give it. Give it the real one.
Timeline reflects aggregate MassTortAgency.net campaign performance across nine PI firms during the iOS 17 launch window in late 2023. Specific firm names and per-firm CPL detail are redacted under client confidentiality. Read the 2024 annual postmortem for the full year of context.
