By Mike Woosley
As reported in The Wall Street Journal recently, Google and Apple have engaged in a rare collaboration in building location-tracking technology to track and curb the spread of Coronavirus. Each company controls a vast and meaningful walled garden with its own economy and a unitary sense of consumer identity. What Google and Apple are showing us is that those economies can interoperate when there is a compelling monetary or social interest.
At almost the same time, Google announced plans to eliminate cookies, a 25-year-old technology that became a workhorse of persisting identity for the modern Internet and digital media.
There’s much to applaud in this decision. The cookie was an awkward marker. It was originally developed to maintain “session state.” Because the web was inherently asynchronous at its start, every time a user wanted to make a change (“Give me a new article.” “Show me what’s in my cart.”), a publisher had to respond, “Let me read this little file I dropped so I can see who you are.”
Since the cookie was intended to help maintain session state, it was designed so that only the publisher that dropped the cookie could read it. As ad tech evolved, an interoperating web of companies were required to ensure that various pieces of the digital puzzle worked correctly. Unfortunately, since only the entity dropping a cookie could read it, each had to drop its own marker. Imagine if each of the hundreds of car parts suppliers had to be directly involved in that vehicle’s maintenance.
As a result of this chaos, a single page load could see five, 10, or maybe 50, 80 … even over 100 cookies dropped, some nested inside serial server calls. On the server side, these cookies were creating a horrendously inefficient waterfall of additional transactions in order to sync and calibrate, store, track, log, and maintain calibration. Every page load, every interaction, every session, every minute, every day, every millisecond would trigger tremendous amounts of storage, calculation, and processing, ad infinitum.
So where does that leave the cookie and maintenance of state? Many don’t realize it, but Google and Facebook left the cookie behind a long time ago. If you’re a user of either technology, you may have noticed that these platforms don’t really work unless you are authenticated. That means you’ve logged in with a username and password. Notice your little picture always there in the upper right corner on your Chrome browser? They always know who you are.
What about the rest of ad tech? What happens post-cookie for these players? We haven’t yet landed on a solution. Here’s what we can say for sure: Identity in media and marketing isn’t going away. It’s been with us for 100 years. Think of print advertisers. They didn’t know your “cookie ID.” They knew your home address — and all the attendant data that went with it, courtesy of the Census Bureau and numerous other market research companies. That ID “home address” was much more persistent than the cookie. Marketers have always transacted on some sense of identity, such as age, gender, household affluence, and interests. Transactional identity is what makes marketing and media dollars efficient. Most digital media and applications are free because advertisers pay for them. How much free stuff you get is directly dependent on their efficiency.
How does ad tech work with the walled giants then? Amidst all this creative destruction, large players became media giants by buying up the pieces of ad tech they needed and developing platforms that had to interoperate with other media and marketing at some level, often based on the cookie.
In this cookie chaos, there was a sliver of rationality due to one accidentally smart thing done by Apple. Around 2011 or 2012, Apple developed its phone-based ID for Advertising or IDFA. Apple said the “A” word. Google followed suit with the Google Ad ID (GAID). These IDs were everything the cookie wasn’t. They existed at the device level, so they were interoperable between and among apps and browsers. They were persistent and unitary, so they allowed the maintenance of state. They were readable by everyone who needed to serve content to the phone, so all of a sudden, there was no need to drop hundreds of cookies in a single page load, or sync, process, and maintain ID maps on the server side. You know what? Suddenly, everything in mobile marketing and media could work better! More efficient, more reliable, more consistent. Hallelujah!
I can practically guarantee that Tim Cook rues the day he okayed IDFA. Why? Because today, Tim Cook sells privacy. He may or may not care about your privacy, but today Tim is facing a world where Google Maps and Alexa voice assistant have invaded his phones. He does care about this can’t-be-stopped competition. He doesn’t want an open system. He wants a world where he can take a fair share of everything on his phones: every app, every in-game purchase, everything sold. IDFA is open and a threat to walls and barriers. Rumor is that IDFA could be going away, which would be a giant step backward. Remember, with IDFA, digital media on phones works better for everyone.
A rising tide in favor of a universal device ID for PC and desktop systems (and keeping those on phones!) will lift all boats in the ecosystem. Let’s outline the benefits of a persistent ID that’s open and connected to the device.
1. The mechanics of digital media work better with a universal ID. Say goodbye to dropping multiple IDs from multiple domains, latency, slow page loads, back-end syncing transactions, and nested server calls.
2. The business of digital media and marketing work better and more efficiently with a universal ID. Why? Device IDs are persistent and consistent. Suddenly, ad tech has a means to communicate and interoperate. In today’s world, cookies sync at rates of 40-60% on a good day, meaning marketers can’t reach 60–40% of valid audiences. Remember, the more efficient the dollars of advertisers and marketers are, the more free stuff we all get.
3. Privacy would work the way consumers think it works today, but doesn’t. GDPR didn’t banish the cookie. “Cookie” is mentioned a single time in that 66,000-word regulation, among a long list of others that could be considered personal information, such as IP address, which we know is not going away. Respecting privacy is about giving a consumer transparency and control. Today privacy policies ask consumers to consider maybe tens or hundreds of unknown ad tech vendors and decide who to block or what to delete. A device ID is a single ID that the consumer controls. For the IDFA, the consumer can block it (“Hey … never track me.”), and a consumer can reset it (“I need a fresh start.”). For the ad tech industry, all of a sudden, we don’t need the expense and uncertainty of tracking consumer wishes against a revolving set of cookie IDs. Don’t want to be tracked? Block your IDFA. Have trusted partners that you want to know everything? Sign in with them (WSJ, Facebook, etc.). You are in control.
4. Be smarter about antitrust and competitive concerns. An open device ID has great impact here. Digital media is severely handicapped by lack of interoperability. Governments in Europe and the US are spending millions (billions?) examining competitive behaviors. There is even talk of breaking giants up. Unfortunately, trust busting didn’t work 100 years ago when the US broke up Standard Oil or in the last decade when we went after Microsoft. It’s a process that requires years of antagonism, billions in tax-funded litigation, awkward divestitures, and usually a return to status quo. There is something we could do that would be inexpensive and would take only months: set a standard that requires open device IDs. It’s the same tech Apple implemented on its phones years ago. The ad tech industry would jump for joy. The same industry won’t even yawn if you require Facebook to sell WhatsApp.
Unfortunately, as an industry we haven’t made much progress in executing the universal ID. Apple, realizing its “mistake,” may be sunsetting the IDFA. On the PC side, Google intends to sponsor a proprietary ID system. In this closed system, Google will hold a universal ID. If you have a business need, Google may share it, but they will ration the number of times you can get it, the pieces of information you can pick up, and how you can transact via a murky set of business rules.
We know this to be true because Google’s said it in its blog post announcing the demise of the cookie. The Privacy Sandbox will further entrench Google as arbiter; it will extinguish a number of industry players; and it gives the hapless consumer little control. Google has taken a page from Apple’s playbook in using the fig leaf of privacy to further establish its monolithic closed systems, standards, and controls.
Where in this dialogue is the IAB? IAB, your role is important. You’ve initiated Project Rearc, which you characterize as a call-to-action for stakeholders to rethink the architecture of digital marketing and infrastructure. That’s a noble cause. You’ve been smart and empathetic in saying that it’s not your immediate objective to set a standard, but rather to drive a dialogue involving key stakeholders, charting a course for the infrastructure to support the future of digital media and marketing.
But, you may be playing it too safe. As a threshold matter you said, “Let’s not discuss a universal ID. Big players would never go along with it.” At least that’s what I think I heard you say at the IAB Annual Leadership Meeting in January.
We are at a singular time in digital media. First, Google has said they will eliminate cookies. Second, we have competitive commissions looking to ensure equal access to opportunity. Third, we have heightened awareness around privacy and consumer control. These factors all conspire to create an environment where we can talk the big talk about truly big ideas to re-architect digital media and build a better ecosystem.
Let’s lunge at this opportunity. The Universal Device ID solves every significant challenge around legacy infrastructure:
We know we can interoperate in a public health crisis. Google and Apple are going to demonstrate this in a matter of weeks. We need to interoperate in a fair and open system with a universal device ID. Industry participants, the IAB, regulatory authorities, and visionaries should all consider the universal ID to be the next big idea.
How are marketers and publishers adjusting their customer acquisition strategies in light of nonstop industry change? We surveyed over 1,400 decision-makers to better understand identity’s role in their cookieless future, what they’re adding and removing from the next-gen tech stack, and where they plan to invest today and in the future. Get the report here.