Some Cookieless Alternatives ... Still Use Cookies

Brands are facing some pressure to test alternatives for targeting and measuring audiences once third-party cookies on Chrome disappear, scheduled for the end of this year. However, some solutions on the market that purport to prepare buyers and publishers for a future without cookies still use—and are greatly improved by—third-party cookies for targeting. The use of third-party cookies while they are still working is not an issue, but some practices lurch toward misleading. Within the alternative ID space, which includes dozens and dozens of solutions, some use a technique called ID bridging. Essentially, a buyer might use the tech to target users in cookieless environments—today iPhones and Safari, but next year the entire internet once Chrome depracates. But these solutions use third-party cookies from Chrome to identify users and then use certain signals (like an IP address) as a bridge to find these same users on Safari. These solutions have the potential to mislead buyers who might not be fully aware of how their alternative IDs are achieving such effective results but are unlikely to be viable alternatives next year. “It’s stuffing a cookie ID in a cookieless bid request,” said Mathieu Roche, CEO of alternative ID solution ID5. Why Testing Google's Cookie-Alternative Privacy Sandbox Is Still Minimal ID bridging is emblematic of the long, messy road ahead of the programmatic advertising industry for testing, and ultimately embracing, alternatives to third-party cookies. One of the leading alternatives, Google Chrome’s Privacy Sandbox, has drawn criticism from the industry for being too unlike the current ad-tech system. But deterministic alternatives that more fully match the functionality of third-party cookies are hard to test in isolation today, when cookies are still flying around the bidstream. Amid this confusion, deceptive techniques may gain a foothold. Roche said he became aware of ID bridging in the past 18 months when clients asked if ID5 would perform the ID bridging technique (Roche said ID5 does not engage in this practice). Michael O’Sullivan, co-founder of Sincera, said he first observed the practice in previous ad-tech roles, but he's noticed it emerge as a technique since he founded the data firm. A supply-side-platform executive, who requested anonymity to discuss sensitive industry relations, became aware of ID bridging six months ago when he observed some alternative identifiers generating a 50% match rate to third-party cookies on Safari. How to bridge IDs In theory, ID bridging gets buyers all the information they’d have about audiences on Chrome, like their browsing history, even though these users are on the web in other browsers and environments. A solution using ID bridging does this by trying to find an IP address, email address or other signal to match the Safari user, for example, with the cookie associated with their identity, O’Sullivan said. But the signal or mechanism by which this bridging is happening is not always clear to the buyer, he added. “How did you determine that there is an association between this Safari request and this Chrome-based ID?” O’Sullivan said. “A lot of time they’re relying on IP address and traditional fingerprinting signals.” Counterproductive While this technique will no longer be viable once cookies are deprecated, even today, it is of limited use for important use cases of advertising outside of targeting, like measurement, Roche said. If a Safari user—identified by ID bridging—is targeted by an ad, it’s hard for the advertiser to know if that person purchased through the brand’s website, because there would be no cookie in this environment to identify them. The behavior itself isn't bad or good, it should just be disclosed. Michael O’Sullivan, co-founder of Sincera “It helps monetize impressions, but you can’t track campaign performance,” Roche said. ‘It’s counterproductive from a campaign optimization standpoint.” For now, these solutions can be useful for monetizing audiences on Safari, Firefox and iPhone, and the technique is used by demand-side platforms today for targeting users in these environments, said a programmatic buyer. The trouble comes when buyers and publishers are not fully aware that their cookieless solution is using this tactic, and don’t know the solution will fall apart when cookies go away. "The behavior itself isn't bad or good, it should just be disclosed," O'Sullivan said. "There are a bunch of companies that use this, but they have agreements and arrangements with buyers and publishers. It's bad when it's bridged and no knows about it."