Real ID works in the real world; why are we playing games with anything other than the truth at this critical moment in our transition to using first-party data?
Over the last few weeks, several articles have called out ID bridging, but with too timid a voice. Let's call ID Bridging what it truly is: a deceptive practice that hurts the industry while rewarding individual players with short-term gain.
First, what is ID Bridging, and what is its original intent?
ID Bridging is a term coined as a technique used in advertising to address users in a cookieless environment. Here's a breakdown of what it is supposed to do:
- Purpose: Target and personalize advertising for users even when traditional third-party tracking cookies aren't available. This is particularly important for publishers who want to monetize their audience in browsers like Safari or on devices like iPhones, where cookies are restricted.
- How it works: ID bridging leverages a publisher's first-party data, such as email addresses (with user consent, IP addresses, or login information). Initially, the publisher used probabilistic matching algorithms to link this data with a user across different devices or browsers using an educated guess based on patterns and non-perfect identification.
- Privacy Considerations: ID bridging prioritizes using publisher-owned data, making the user relationship more upfront than third-party data collection. Additionally, hashed or anonymized identifiers might be used, reducing the risk of exposing personal information.
- Industry Debate: There's debate around ID bridging. Sell-side platforms (publishers) argue it increases revenue by making more inventory accessible to advertisers. Buy-side platforms (advertisers) express concern that it can lead to inaccurate targeting or fraud, as user identification isn't guaranteed. The IAB Tech Lab is working on establishing transparency standards to address these concerns.
However, like all innovative solutions, ID Bridging has been bastardized from its original intent, even using this anodyne definition. As more universal IDs have emerged, nefarious industry players have realized they can identify the “most valuable” ID. Thus, ID Bridging has quickly become ID Stuffing.
ID Bridging and ID Stuffing are related concepts but cross the line differently.
Here's how to distinguish them:
ID Bridging:
- Goal: Legitimate attempt to connect users across devices or browsers using probabilistic matching based on the publisher's first-party data.
- Focus: deliver a privacy-compliant way for publishers and advertisers to maintain addressability
- Outcome (intended): More accurate ad targeting and better user experience with relevant ads without the use of the third-party cookie
ID Stuffing:
- Goal: This is a malicious attempt to inflate the perceived value of ad inventory by injecting the bid request with IDs that don’t represent the user on the page.
- Focus: Deceiving the buyer to get higher ad rates.
- Outcome: Wasted ad spending for advertisers, inaccurate campaign data, and erosion of trust in publisher inventory and the entire advertising ecosystem.
However, this distinction is no longer necessary. There are dozens of accepted Universal IDs (UIDs) (also known as Extended IDs, EIDs), and the third-party cookie is soon disappearing. We have rules that must be followed by the ID companies, Prebid, SSP, and DSP terms of service.
(FYI: For the remainder of this article, I will refer to this practice as ID-Bridging as the distinction between the two concepts is inconsequential to the future of the industry
The Deceptive Dance and its Impact
As with all innovations, some companies saw ID Bridging as an opportunity to exploit a weakness in the system and take money from publishers and their advertiser customers. These operators exploit ID Bridging’s use of probabilistic models to hack the ID sent to the bidder with a higher-value ID (based on the vendor's understanding of analyzing all of the auctions they execute in their SSP). This is fraud.
So, Instead of ensuring the ID accurately reflects a specific user, nefarious actors are substituting IDs they believe are more valuable to advertisers, regardless of accuracy. This can involve stuffing third-party cookie IDs from Chrome into Safari sessions based on flimsy connections like IP addresses (trust me, my daughter's interests, intent, and spending are different than my own). This creates a system built on highly unstable foundations, especially in today's privacy-conscious environment with regulations like GDPR and CCPA.
It also further destroys the already eroded trust between the buyer and the seller– most times, often the seller isn’t even aware they are doing something nefarious - it's something the vendor is doing to capture more dollars to share with the publisher fraudulently. The short-sighted practice will force advertisers away from the open web into the Walled Gardens – just at a time when advertisers and agencies are looking to reduce the concentration of media spend away from the Walled Gardens. This practice does a massive disservice to the open web, journalism, and all those who make a living in adtech and digital media. Those who knowingly work with these offending vendors carry this burden.
What to do about it:
- Publishers: Ask your vendors how they recover Safari and Firefox inventory. If you don't understand the answer or it doesn't make sense. Stay away.
- Advertisers: Ask your publishers how they determine which UIDs dress the bid request and if they will warrant their truth.
- SSP and DSP: Ask your partners how they obtain and pass the UID and map it to the user (particularly with Safari and Firefox inventory). If you don't understand the answer or they don’t have a concrete response, you will end up with substantial reputational damage.
In part two, we will discuss the impact of the industry and what you can do to remove this risk from your business.