Magnite Team
5 min read

The Ascension of Universal IDs in the Wake of Third-Party Cookies

Note: This post originally appeared on the SpotX website.

On March 18, 2021 we provided an overview of Google’s Privacy Sandbox, a forum for Google and other players in the ad tech industry to propose privacy-centric tracking alternatives to the soon-to-be deceased third-party cookie.

As a reminder, cookies are text files stored on a user’s web browser that collect user data and track activity. These cookies enable site owners and ad tech vendors to serve ads that are relevant to the users’ interests and online behavior. They are also the basis for several essential operational functions such as frequency capping and purchase attribution on the web.

While Google and other Sandbox contributors are slowly progressing toward a viable replacement for the third-party cookie, a different approach is picking up steam in the form of the universal identifier. Universal IDs have been available for several years with varying degrees of industry support, but they are now gaining significantly more traction as a natural successor to the cookie. Familiar universal IDs include The Trade Desk’s Unified ID 1.0, LiveRamp’s IdentityLink, and the IAB Tech Lab’s recently defunct DigiTrust ID.

What purpose do universal IDs serve?

First positioned as simpler and more reliable alternatives to the third-party cookie, universal IDs have seen a rather slow rate of adoption. Now that the death of the third-party cookie is imminent, these IDs are rising in prominence and are beginning to be considered a necessity.

Desktop browsers do not have clear and consistent means for tracking users across the web in the same way that mobile and CTV devices do via device identifiers. Instead, site owners and ad tech vendors rely on a complex process known as cookie syncing to read and interpret the multitude of uncorrelated third-party cookies placed throughout the web. Universal IDs intend to eliminate the complex cookie syncing process while upholding the same level of quality data.

Furthermore, universal IDs were introduced as a way to level the playing field with walled gardens like Facebook and Google. The ubiquitous nature of Facebook and Google’s non-ad-tech offerings gives huge advantages for identifying users and targeting them accordingly. Universal IDs theoretically allow non-walled garden participants to utilize a similar level of quality data.

Which universal IDs should you pay attention to?

There are a handful of universal IDs in the market today, and each one is attempting to position itself as the hero that will save the internet after the third-party cookie runs its course. It is not feasible for every publisher, advertiser, and ad tech vendor to build support for each ID, so it is important that the industry rallies around a select few. As of today, SpotX intends to support The Trade Desk’s Unified ID 2.0 and LiveRamp’s IdentityLink. These two IDs have substantial industry backing and we feel confident that they will continue to gain momentum over the next year. We are evaluating additional IDs and will build support for them if we determine it is necessary.

The Trade Desk Unified ID 2.0

Unified ID 2.0 is the identifier that most of the ad tech industry is rallying behind. Although the initiative was spearheaded by The Trade Desk and LiveRamp, the ID is open source and is available for use across platforms and vendors.

How does it work?

When a user logs into a Unified ID 2.0-integrated website with their email address, the email address is hashed and salted to create an encrypted ID token. The ID is then passed in the ad request and subsequent bid request, where it can be used by advertisers and ad tech vendors to glean valuable information for the purposes of targeting, frequency capping, and attribution.

How does it protect a user’s privacy?

By encrypting and routinely refreshing the ID generated from the email address, advertisers and ad tech vendors are unable to trace the ID back to an individual user. Users will have the opportunity to set preferences for how their data is used, and individuals must provide consent prior to an ID being created.

LiveRamp’s IdentityLink sets out to achieve a similar goal to Unified ID 2.0, but with a slightly different approach.

How does it work?

IdentityLink is powered by an identity graph which ingests and consolidates data from a variety of sources including cookies and mobile/CTV device IDs. The identity graph distills hundreds of different identifiers into a single anonymous profile, referred to as an IDL. This IDL can then be used to develop a hyper-targeted marketing strategy, in a similar manner to the Unified ID 2.0.

How does it protect a user’s privacy?

Similar to Unified ID 2.0, an IDL obscures a user’s identity so that recipients are incapable of identifying a specific user. LiveRamp also has a universal opt-out feature, which “ensures that privacy preferences are respected across every addressable touchpoint with a single opt-out.”

Google’s reaction to universal IDs

In early March, Google briefly shocked the industry with a blog post attempting to discredit universal ID solutions, stating that they “don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long term investment.”

Google’s position on the matter shouldn’t come as a surprise. There has been no mention of universal IDs in any of their Privacy Sandbox proposals, and the company has nothing to gain by willingly relinquishing power to other organizations. Universal IDs will still progress and will be available for use on the Chrome browser, even if Google does not advocate for the product.

The reality is that the industry will be best positioned for life after the third-party cookie if we continue to pursue both the Privacy Sandbox proposals and universal ID solutions. Magnite CTO Tom Kershaw, states in an AdExchanger article that “User log-ins are just one part of the solution that the industry is putting forward to allow for relevant, effective advertising without third-party cookies. It’s always been the case that logins would only cover a small percentage of the overall Internet community. In fact, most analysts feel that 20% is the upper bound of how many users we can expect to opt-in to a targeted ad experience.” Therefore, it is important to have alternative interest-based solutions like FLoC to assist marketers when universal IDs are unavailable.

The industry is continuing to propose and evaluate impactful solutions and we feel optimistic about the progress. SpotX will provide updates as we build out support for universal IDs, and we will continue to closely monitor the Privacy Sandbox and the IAB Tech Lab’s newly proposed Project Rearc privacy standards.