With third-party cookies on the way out, shared IDs face an existential crisis

Ad tech vendors like ID5 and The Trade Desk as well as the Advertising ID Consortium and DigiTrust have created anonymous unified IDs for an individual user that publishers and their programmatic ad partners can tap to identify people online.

But many ad tech executives have said that shared IDs will not pass muster with browser gatekeepers since they require third-party cookies to ensure they can be used by publishers, advertisers and ad tech vendors across many sites. Mozilla, Apple and now Google are unanimous in their opposition to third-party tracking in its current forms.

Senior executives involved with the creation of DigiTrust’s shared ID are exploring other opportunities in the wake of Google’s plan to block third-party cookies from its Chrome browser in two years’ time. DigiTrust’s ID has been blocked from Mozilla’s Firefox browser. And senior executives at the nonprofit DigiTrust that created and owns the DigiTrust shared ID believe it’s just a matter of time before other browser companies do the same. The DigiTrust shared ID will cease to exist in its current guise once Google blocks third-party cookies from its browser in two years’ time.

“Without third-party cookies, we are only left with per-domain identifiers using first-party cookies, and it becomes impossible for third parties to set or recognize any form of shared or universal ID across domains — for any purpose, said Jordan Mitchell, the IAB Tech Lab’s svp. Google’s decision to remove third-party cookies from Chrome “causes us to rethink where the DigiTrust initiative adds value going forward,” he added.

The DigiTrust team launched its shared ID to eliminate or greatly reduce the need for cookie syncing between various ad tech vendors that need a more accurate form of user identification across browsers, Mitchell said. If third-party cookies are no longer in use, then all the different cookies working in the background to identify a user cannot be synchronized by DigiTrust’s shared ID, he added. Shared IDs were not originally designed as a replacement for cookies, he noted. They were instead intended as a way to give ad tech vendors a shared identifier to track people across sites so that they wouldn’t have to spend time matching their cookies to one another, Mitchell explained.

Now the DigiTrust team will turn its attention to two tasks: creating a standardized way for companies to gain users’ consent to access their data and arriving at a better understanding how Google’s Privacy Sandbox will affect the digital ad economy.

Ad tech vendors will continue, however, to use DigiTrust’s shared ID until the “very last” third-party cookie is served, Mitchell said. Axing the shared ID before then would leave advertisers running campaigns without a way to identify a user across different platforms and sites and lead to missed commercial opportunities for both advertisers and publishers, Mitchell added.

The winding down of DigiTrust’sshared ID raises doubts among industry observers about the fate of other alternatives, like those developed by The Trade Desk and the Advertising ID Consortium. While these two shared IDs are different, both rely on identifiers in a third-party cookie that are made available to the ad tech vendors selling a publisher’s ads. Through its collaboration with ad tech firm Liveramp, the Advertising ID Consortium could potentially develop a better shared ID solution by accessing different data sets to arrive at an anonymized profile of a user.

“There’s likely to be a surge in interest in the current crop of shared IDs over the next 12 months while third-party cookies are still being used,” said James Coulson, Infectious Media’s managing partner for strategy. “But once cookies are cut off from Chrome, those solutions will start to dwindle.”

Despite the cynicism in some quarters of the advertising industry about the effectiveness of shared IDs, other identity solutions firms like ID5 are more optimistic about their prospects.

ID5’s shared ID is used by publishers that store it on a first-party cookie and then pass it on to the ad tech vendors they work with — all by using ID5’s cookie-matching table. Effectively, a publisher accesses ID5’s shared ID, stores it on a first-party cookie and then shares it with other partners like the demand-side platform providers that buy impressions on the publisher’s site

“We have a publisher user ID that we standardize across the ecosystem,” said Mathieu Roche, CEO of ID5. “This ID lets ad tech vendors and advertisers identify individual users but under the control of the publisher.”

ID5’s shared ID is tapped by 2.5 billion users each month, including 1 billion in Europe and 650 million in North America, Roche said. About 60 ad tech vendors have access to ID5’s shared ID, although most of them are testing it or just planning to use it over the coming months, he said.

But for ID5’s shared ID to be jointly used by the publishers, ad tech vendors and advertisers, it has to be stored within a centralized repository. The unified understanding of a user is tied back to a central environment like the ID5 cookie-matching table, where other ad tech vendors can access it. This could be done via a third-party cookie or by combining certain attributes of a device (its operating system, the type and version of web browser being used).

All alternative approaches like ID5’s fall within the purview of browser manufacturers that are now focused on blocking third-party tracking; thus these solutions have a limited shelf life. Previously, the developers of shared IDs found workarounds to keep ahead of the anti-tracking methods of browser companies. One such workaround was to store third-party cookies as first-party cookies.

“If you have built an identity solution only on the back of cookies, then they’re not going to be worth very much,” said Isabelle Baas, Starcom London’s managing partner for digital, data and technology strategy.

Roche, however, believes ID5’s shared ID will live on long after the death of the third-party cookie, given the fact that it uses first-party cookies from publishers.

“The need to use third-party cookies is only related to the fact that these IDs are platform specific and are always third parties on a page,” Roche said. “So once you’ve created a common identifier, then [the] storage of it is less of an issue,”  He added, “If [the cookie] is provided by the publisher, then storage of it isn’t a problem anymore. The publisher can store [that] ID anywhere.”

Other alternatives to shared IDs do not rely on cookies. Companies like BritePool and Net ID are developing solutions that use encrypted email addresses from a publisher instead of a cookie to identify users; the encrypted email is then used by ad tech vendors to identify users across sites.

“As challenging as it is to accept, the [advertising] industry needs to recognize that we have to fundamentally change,” said Stuart Colman, vp of sales at ad tech vendor Infosum. “As an industry, we should embrace this change and rebuild around the move from unknown to known audiences and a decentralized approach to user identity resolution.”

Eventually, advertisers will probably coalesce around a handful of shared IDs that do not require the use of cookies. Companies like American Express are already weighing various ID options for the future. Decision-makers will factor in a solution’s costs, consumer friendliness, the geographic constraints it works within, as well as the platforms it covers.