Who doesn’t love a good funnel?

Today, we’re going to make a nice colorful funnel using the latest data from some of the ad industry’s most reliable sources to trace a dollar spent for programmatically-bought display advertising on its exciting journey from your pocket to the bank accounts of middlemen, con men, crooks, and the Bermuda Triangle.

Adtech was created to make the buying and selling of online advertising so much more efficient. Today, about $350 billion dollars is spent on online advertising. 70%+ of it is bought programmatically. It turns out it has been wonderfully efficient for the lads and lassies in the adtech industry. Not so efficient for losers like you and me. Let’s see how it’s working…

1. You start with a dollar to spend
2. Your agency gets a 7¢ fee
3. Technology and targeting fees take another 27¢ (DSPs, SSPs,and WTFs)
4. 15¢ mysteriously disappears into the “unknown delta.” No one knows where the “unknown delta” is. My guess? Jupiter or North Korea.
5. 30% of the ads you buy won’t be viewable
6. About 20% of the stuff you buy will be fraudulent
7. Only 9% of your display ads will be viewed by a real person for even a second. Bastards.
8. Blogweasel math notwithstanding, looks like your dollar bought you 3¢ of real display ads viewed by real human people.

Covering My Ass
As I’m sure you know, no one in the comical online “metrics” business can agree on anything. Consequently, to minimize the torrent of abuse I’m going to get from agency and adtech apologists, I have taken the numbers in the above illustration from the most reliable sources I could find:
     – The first four items come from the ISBA and PwC’s, Programmatic Supply Chain Transparency Study
     – Item 5 comes from Integral Ad Science
     – Item 6 comes from AdAge and Spider Lab’s report, Combating Ad Fraud in the Age of COVID-19
     – Item 7 comes from Lumen Research

Covering Your Ass
Oh, and be sure to ask your agency about these numbers. And when they say, “We have systems in place…” ask to see the systems, have them explained to you, and get their version of how much value you’re getting from a programmatic ad dollar. Should be good for a few laughs.

Some Notes on the Funnel

–  It’s important to note that the ISBA study alluded to in points 1 through 4 above only reported on the highest quality tip of the iceberg — the most premium end of the programmatic marketplace.

Even at the premium end, only 12% of the ad dollars were completely transparent and traceable. An astounding 88% of dollars could not be traced from end to end. Imagine what the numbers must be like in the non-premium end.

– The “unknown delta” represents about 1/3 of the fees that programmatic buyers pay. This money just evaporates. No one can figure out where it goes. Not even a  famous blogweasel.

– I have used 30% as the factor for non-viewable ads. Some research reports it as high as 50%.

– I have used 20% as the fraud number at the publisher end of the funnel. Even if fraud at this end is only 10%, the math still comes out at about 3% viewable ads by real people.

– How many people actually view a display ad? The IAB defines a “view” as 50% of an ad’s pixels seen for one second. Huh? Even by this ridiculous standard only 9% of online ads are “viewed.”

Idiots on Wheels

Of all the industries that never learn anything, my vote for the dumbest goes to the auto industry. It doesn’t matter how many times they try the same stupid strategy and fail, they never learn.

The strategy in question, of course, is the “let’s target young people” strategy. It never works, but it is the knee-jerk strategy for every new product from every auto marketer in captivity.

The latest example is Lexus. They have a new SUV, the NX, which they are targeting to young “creative visionaries” (someone shoot me) with all kinds of hip media horseshit. Only problem is, the average luxury SUV buyer is 53 years old.

The auto industry’s magical thinking goes back a long way. Of course, there was the infamous “Not Your Father’s Oldsmobile” campaign that helped kill an entire brand.

More recently, in 2015, Cadillac gave us the hilarious “Dare Greatly” campaign which  “tapped into the Millennial mindset.” Yeah, right. They even moved their entire headquarters to NYC’s SoHo area to prove how young and hip they were. The result? Cadillac has the oldest buyers of any car brand on the planet. Oh, and they’re back in Detroit.

In 2016, Toyota killed Scion, its entry into the “youth car” market. The “youth car” idea was all the rage in the early 2010’s. The idea was to target the ever-popular (and mostly non-existent) 18-34 year old car buyer. According to The Wall Street Journal, 88% of these “youth cars” were bought by people over 35. Scionara.

For just plain laughs, it’s hard to beat Chevy’s attempt to be young. In 2012 they hired some clown from MTV who “transformed part of the G.M. lobby into a loftlike space reminiscent of a coffee shop in Austin or Seattle, with graffiti on the walls and skateboards and throw pillows scattered around.” Average age of a Chevy buyer? 46.

Back to Lexus and its new NX. According to MediaPost, “Gen Y and Gen Z luxury buyers tend to be more diverse, more affluent…” said Lexus’ VP of Marketing.

Just curious about who these “affluent Gen Z” luxury car buyers are. The average Gen Z is now 16 years old…You truly cannot make this stupid shit up.

The auto industry, steeped in research horseshit about “creative visionaries” and decades of other socio-generational idiocy can’t get it through their thick skulls that our population is aging at warp speed; that the average car buyer in America is 53; that since 2000 the share of new cars bought by people over 55 has increased by 15%. These people are really, truly, genuinely clueless.

I’ll leave the last word to P.J. O’Rourke, “Whenever anything happens anywhere, somebody over 50 signs the bill for it.”


I’m getting a little long-winded here today, so let’s move this thing along…

    – Alternate headline for today’s newsletter: “I know 97% of my programmatic ad budget is wasted, I just don’t know which 97%.”  

    – From the late, great Nora Ephron, the best definition of ‘content’ you’ll ever read…“Something you can run an ad alongside of.”

    – Here’s a good laugh. According to Ad Age“The Association of National Advertisers and member marketers have begun discussing an industry self-regulatory body to handle social media issues…” Yeah, that oughta do the trick. Letting a marketer regulate himself is like giving a 14-year-old girl a cosmo, a cell phone, and a credit card.

    – According to ad fraud researcher Dr. Augustine Fou, 2/3 of clicks on Google Ads are from bots. “If your agency is reporting clicks and click rates to you, you’re likely being misled.”

     – And while we’re kicking Google around…there are some companies that have very G-rated names, but sell very X-rated stuff. A couple of these companies are named “Jack and Jill” and “Adam and Eve.” If you search for “Jack and Jill”  you won’t find the dirty company on Google in a natural search. That’s because Google has stunning integrity! Except, of course, if Jack and Jill happen to buy some Google Ads. In which case – surprise – there they are!

And Speaking of X-Rated Stuff…

        …doesn’t anyone screw anymore?


How BuzzFeed Is Using Automated Ads to Power Growth

BuzzFeed’s four-year-old programmatic business is the engine of its advertising growth. That muscle will come in handy as publishers and marketers enter the usual frenzy of the fourth quarter against the backdrop of the delta variant threatening to derail ad creative and campaign budgets.

On its road to becoming a public company, the publisher wouldn’t break out specific programmatic revenue, but overall ad revenue for its second quarter increased 79% to $47.8 million. Advertising makes up 53% of its total second-quarter revenues with growth driven by higher pricing on programmatic ads and an increase in the total number of impressions sold.

Driving the higher pricing and more impressions is BuzzFeed’s answer to the dwindling efficacy of third-party cookies. Lighthouse, announced in March, helps increase marketers’ audience scale by finding previously unaddressable audiences and cutting down on marketing waste, ultimately selling more effective campaigns that nurture repeat business. Now, BuzzFeed uses some aspect of Lighthouse for almost all clients.

“The pandemic has taught us to be flexible,” Ken Blom, svp of ad strategy and partnerships told Adweek, who added that buyers always had access to first-party data through BuzzFeed’s private marketplaces and direct deals. But revenue from selling on the open marketplace is still a big part of BuzzFeed’s business, and buyers there still rely on third-party data.

Lighthouse on full beam

Today, 66% of publishers are driving revenue through their first-party data, according to OpenX research which found that 21% of publishers said first-party data was “very important” to revenue today.

Universal IDs are not our strategy, our strategy is cohorts and contextual. Come talk to us and we’ll tell you what we have.

—Ken Blom, svp of strategy and partnerships, BuzzFeed

Advertisers using Lighthouse are consistently getting between three and four times increases in click-through rate compared with using just third-party data sources, according to Blom.

The addition of HuffPost and Complex Networks to BuzzFeed’s audience pool means it’ll have fewer scale woes than other publishers, making it less reliant than others on alternative identifiers like Unified ID or LiveRamp’s Authenticated Traffic Solution. Here, BuzzFeed is dipping its toes, going through the legal process with a couple but wouldn’t share which.

“Universal IDs are not our strategy,” said Blom, “our strategy is cohorts and contextual. Come talk to us and we’ll tell you what we have.”

Publishers can make a decision about what ID solutions they integrate, but that only goes so far without advertiser demand, not to mention meeting ad-tech vendors and giants like Google somewhere in the middle.

Google’s deadline extension for cookie collapse gives BuzzFeed more time to test capabilities of its own first-party data solutions combined with context, rather than scrambling to release a minimum viable product that marketers might question. Conversations haven’t slowed, as many fear, Blom said, but clients’ readiness is a broad spectrum, those who are willing to test are still experimenting.

Performance from programmatic pipes

With cookies going away and contextual targeting on the rise, the thinking goes that ad buyers would do well to have more direct conversations with publishers to know if, say, the news team is setting up a health desk.

“The pendulum is swinging back to direct in some way,” said Blom. “The programmatic pipes are good, but how do we make them more performant?”

Due to client demand, BuzzFeed has tinkered with a three-year-old ad unit Spotlight to focus on the features inside, what content runs next to it and what the creative looks like. It’s rolled up other ad unit functions that were across the site into the ad, features like streaming video files, full-screen expansion capabilities and what it calls customizable and interactive solutions.

These include more tracking features, real-time performance and, of course, weaves in its first-party data so it can run comparative tests and use machine learning to build audience cohorts. Driving performance and utility, the ultimate test in advertising ROI, will help it maintain a growth trajectory if it can prove its programmatic ads work.

This strategy of juicing up ad units makes sense for BuzzFeed to keep up with the post-cookie world since it has scale but could struggle to get people to share email addresses to access content (commerce features are a surer bet), said Dan Elddine, svp, data and technology, North America, Essence.

“We are starting to see a bifurcation among publishers talking about identity and first-party data solutions versus those talking about ad units and inventory types,” said Elddine.

So far, the ad unit has gone down well with entertainment and retail clients. One unnamed entertainment client used the unit to promote a video game launch, growing top-of-mind awareness by eight points. Another campaign advertising a movie release including the date drove an increase in awareness by over 14 points.

“Advertising can fuel revenue diversification, it’s a foundation and an anchor,” said Blom, “it helps what we do with licensing and commerce, if you have advertising without diverse revenue streams you’re leaving money on the table.”

Source: How BuzzFeed Is Using Automated Ads to Power Growth

Forrester says it’s end times for digital and display advertising | The Drum

A new Forrester report forecasts the end of digital and display advertising as we know it as consumers move away from experiences in which they can be interrupted.

That’s in part because consumers are putting more trust in digital assistants to make decisions on their behalf, but, naturally, it’s also because US marketers wasted roughly $7.4bn on display ads in 2016 – only 40% of which were seen by consumers.

In a blog post, James McQuivey, vice president and principal analyst at Forrester, said the “bombshell” report “fits nicely into the current backlash against major publishers and ad networks, including Google and Facebook” as advertisers re-examine their digital spend and demand more transparency.

But McQuivey said bigger change is afoot “because interruptions are coming to an end” as “interruption only works if consumers spend time doing interruptible things on interruption-friendly devices”.

He went on to add: “Once they can get what they want without leaving themselves open to interruptions — whether through voice interfaces or AI-driven background services — they will feel even more hostile to ad interruptions”.

And it is consumers’ “casual indifference to advertiser interests” that McQuivey said will enable consumers to inhabit an advertising-free world. I.e., soon Alexa may answer most of the questions consumers have historically requested via search engines, plus digital assistants may collate and deliver highlights from users’ Facebook feeds, so they don’t see sponsored posts.

“The question remaining is what role will marketers play in that hypermediated world,” McQuivey wrote.

The answer?

Marketers should focus on building deeper relationships with their customers in 2017 – in part by investing in relationship technologies such as those that offer a real-time, single view of the customer, plus artificial intelligence that drives conversational relationships, McQuivey said.

Intelligent conversational relationships are possible via chatbots, chat interfaces and voice skills on in-home devices, but marketers must also ensure the conversations “sparkle with the brand personality the CMO has committed the company to,” McQuivey said.

What’s more, McQuivey said this will take investment, but his advice is to pay for it with the billions of dollars used on digital display advertising.

“When they do [divert digital display ad budgets], that will signal to everybody that the end of advertising is upon us. And that something much better is on its way,” McQuivey added.

Source: Forrester says it’s end times for digital and display advertising | The Drum

Inside the Industry That Unmasks People At Scale

Screen Shot 2021-02-24 at 3

Hacking. Disinformation. Surveillance. CYBER is Motherboard’s podcast and reporting on the dark underbelly of the internet.


Tech companies have repeatedly reassured the public that trackers used to follow smartphone users through apps are anonymous or at least pseudonymous, not directly identifying the person using the phone. But what they don’t mention is that an entire overlooked industry exists to purposefully and explicitly shatter that anonymity.


They do this by linking mobile advertising IDs (MAIDs) collected by apps to a person’s full name, physical address, and other personal identifiable information (PII). Motherboard confirmed this by posing as a potential customer to a company that offers linking MAIDs to PII.


“If shady data brokers are selling this information, it makes a mockery of advertisers’ claims that the truckloads of data about Americans that they collect and sell is anonymous,” Senator Ron Wyden told Motherboard in a statement.


Do you work at a company selling this kind of data? Do you otherwise have access to the data itself or documents related to it? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on [email protected], or email [email protected].


“We have one of the largest repositories of current, fresh MAIDS<>PII in the USA,” Brad Mack, CEO of data broker BIGDBM told us when we asked about the capabilities of the product while posing as a customer. “All BIGDBM USA data assets are connected to each other,” Mack added, explaining that MAIDs are linked to full name, physical address, and their phone, email address, and IP address if available. The dataset also includes other information, “too numerous to list here,” Mack wrote.


A MAID is a unique identifier a phone’s operating system gives to its users’ individual device. For Apple, that is the IDFA, which Apple has recently moved to largely phase out. For Google, that is the AAID, or Android Advertising ID. Apps often grab a user’s MAID and provide that to a host of third parties. In one leaked dataset from a location tracking firm called Predicio previously obtained by Motherboard, the data included users of a Muslim prayer app’s precise locations. That data was somewhat pseudonymized, because it didn’t contain the specific users’ name, but it did contain their MAID. Because of firms like BIGDBM, another company that buys the sort of data Predicio had could take that or similar data and attempt to unmask the people in the dataset simply by paying a fee.



A screenshot of FullContact’s website offering the linking of mobile ad ids and other information.


“Anyone and everyone who has a phone and has installed an app that has ads, currently is at risk of being de-anonymized via unscrupulous companies,” Zach Edwards, a researcher who has closely followed the supply chain of various sources of data, told Motherboard in an online chat. “There are significant risks for members of law enforcement, elected officials, members of the military and other high-risk individuals from foreign surveillance when data brokers are able to ingest data from the advertising bidstream,” he added, referring to the process where some third parties obtain data on smartphone users via the placement of adverts.


This de-anonymization industry uses various terms to describe their product, including “identity resolution” and “identity graph.” Other companies claiming to offer a similar service as BIGDBM include FullContact, which says it has 223 billion data points for the U.S., as well as profiles on over 275 million adults in the U.S.


“Our whole-person Identity Graph provides both personal and professional attributes of an individual, as well as online and offline identifiers,” marketing material from FullContact available online reads, adding that can include names, addresses, social IDs, and MAIDs.


“MAIDs were built for the marketing and advertising community, and are tied to an individual mobile device, which makes them precise in identifying specific people,” the material adds.


On a listing advertising its capability to link MAIDs to personal information, BIGDBM says “The BIGDBM Mobile file was developed from online providers, publishers and a variety of data feeds we currently obtain from a multitude of sources.” That listing did not list the specific types of PII that BIGDBM offers, so Motherboard posed as a potential customer interested in sourcing such data for a stealth startup.


BIGDBM did not respond to multiple requests for comment. FullContact did not respond to a list of questions, including whether its MAIDs and PII is collected with consent, and what sort of protections FullContact has in place to stop abuse of its capability to unmask the person behind a MAID.



A screenshot of the emailed response from Brad Mack.


Edwards said that the existence of companies that explicitly link MAIDs to personal information may provide issues under privacy legislation.


“This real-world research proves that the current ad tech bid stream, which reveals mobile IDs within them, is a pseudonymous data flow, and therefore not-compliant with GDPR,” Edwards told Motherboard in an online chat.


“It’s an anonymous identifier, but has been used extensively to report on user behaviour and enable marketing techniques like remarketing,” a post on the website of the Internet Advertising Bureau (IAB), a trade group for the ad tech industry, reads, referring to MAIDs. The IAB acknowledged but ultimately did not respond to multiple requests for comment asking if it still believes that MAIDs are anonymous.


In April Apple launched iOS 14.5, which introduced sweeping changes to how apps can track phone users by making each app explicitly ask for permission to track them. That move has resulted in a dramatic dip in the amount of data available to third parties, with just 4 percent of U.S. users opting-in. Google said it plans to implement a similar opt-in measure broadly across the Android ecosystem in early 2022.


Apple and Google acknowledged requests for comment but did not provide a statement on whether they have a policy against companies unmasking the real people behind MAIDs.


Senator Wyden’s statement added “I have serious concerns that Americans’ personal data is available to foreign governments that could use it to harm U.S. national security. That’s why I’ve proposed strong consumer privacy legislation, and a bill to prevent companies based in unfriendly foreign nations from purchasing Americans’ personal data.”


Subscribe to our cybersecurity podcast, CYBER.



By signing up to the VICE newsletter you agree to receive electronic communications from VICE that may sometimes include advertisements or sponsored content.


Source: Inside the Industry That Unmasks People At Scale

2 interesting ways Seb Gorka, a Nazi, is collecting your ad dollars – BRANDED

How the ad exchanges are sending your money to a very bad man

Welcome back to BRANDED, the newsletter exploring how marketers broke society (and how we can fix it).

Here’s what’s new with us:

Seb Gorka is a neo-Nazi. This is not an opinion or a personal interpretation. It’s a well-documented fact.

He has worked closely with antisemitic politicians and written for openly antisemitic newspapers. He has publicly worn Nazi insignia. When asked about it, he has said he inherited the insignia on the “merits of [his] father,” who was a member of the Hungarian neo-Nazi group the Vitézi Rend. There is strong evidence that Gorka himself has sworn a lifetime oath to the group.

If that isn’t enough, he publicly incited and encouraged the January 6th insurrection, claiming that “patriots” have “taken over Capitol Hill.” He has also publicly promoted voter fraud disinformation on his website,

All this makes him extremely — as we like to say in the advertising biz — brand unsafe. Even YouTube has banned him. But that hasn’t stopped Seb Gorka from running a profitable disinformation outlet. With help from a handful of adtech companies that either don’t know or don’t care about where your ad dollars go, Seb Gorka is cashing in.

How is this happening? There are two ways: an obvious way and a less obvious fraudy way. We’re going to explore both of them here. Grab some popcorn, we’re going to defund a Nazi today, folks!

1. The normal, regular ad placement method (simple!)

Ad placements are the obvious way makes money. The following companies are serving ads on, in violation of their own Publisher Policies and Acceptable Use Guidelines:

  • Criteo (of course)
  • Taboola
  • Google
  • The Trade Desk

How do we know this? We hovered over the ads and took screenshots. You already know how all this works. It gets more interesting from here.

2. The shady revenue-sharing ring method (sketchy!) doesn’t just earn money through ad placements. also monetizes by using shared DIRECT IDs — an ID meant for one publisher — across a shared pool of unrelated websites. This practice not only artificially inflates its CPM rates (cost per thousand impressions), but also allows it to get paid untraceable sums of money by an LLC.

Let’s break this down together.

Remember ads.txt?

We’ve talked about ads.txt before, but it’s important for us all to understand what a hot mess it really is.

Ads.txt is a protocol developed by IAB Tech Lab to bring transparency to the supply chain. An advertiser should be able to cross-check a publisher’s ads.txt directory against each exchange’s counterpart directory, known as sellers.json. If the data matches up, this tells the advertiser that things are fine.

In theory, these two specs allow advertisers and ad exchanges to verify that their ads are being placed on the correct inventory and that they’re paying the correct company. Here’s what this is supposed to look like when it’s working:

This screenshot is from CredCoalition’s ads.txt research, linked in the intro

In sellers.json, sellers can list themselves as one of three Seller Types (“seller_type”).

Publisher: If a seller is listed as a PUBLISHER, that means

Intermediary:  If a seller is listed as an INTERMEDIARY, that means

Both: The seller has been approved by the ad exchange both as a PUBLISHER and INTERMEDIARY.

Why does any of this matter? Because advertisers are willing to pay a premium for DIRECT and PUBLISHER ads because it signals to them that they have 1) a higher quality audience and 2) less potential for fraud.

But in practice, publishers like have correctly surmised that ad exchanges aren’t performing the necessary checks — which means they’re able to declare themselves DIRECT and PUBLISHER across an unlimited number of websites and funnel the revenues into a single shared account.

In Australia, this is formally recognized as a form of ad fraud, and is illegal. In America, this is still just uh… fraudy.

Here’s what we found in’s ads.txt

We looked at the DIRECT IDs on — and it tells us an interesting story:

  1. is sharing DIRECT IDs with a number of local CBS, ABC, and NBC news affiliates.
  2. Frankly Media LLC appears to be employing these shared DIRECT IDs for lot of publishers. Check out this list of Google results for just one ID.
  3. Frankly Media is owned by Engine Media Holdings, a publicly traded company on Toronto’s TSX Venture Exchange.

And in the middle of it all are the ad exchanges.

Here’s what’s going on in’s ads.txt

The following companies are allowing mislabeling, which lets publishers get away with misrepresenting themselves and misleads advertisers into thinking they’re paying for direct inventory when the reality is anything but:


It’s fraudy because: Only publishers should be calling themselves “publishers”. Frankly Media is not a publisher. This could be an attempt to defraud not-so-vigilant buyers and suppliers with poor supply optimization. Also Frankly Media is not a DIRECT seller of

Let’s continue…


It’s fraudy because: Frankly Media is not a publisher, and certainly not a publisher of Newsweek. Also Frankly Media is not a DIRECT seller of


It’s fraudy because: Frankly Inc. (what happened to Frankly Media LLC???) is not a publisher, and certainly not a publisher of 41NBC. Also Frankly Media is not a DIRECT seller of


It’s fraudy because: Frankly Media LLC is not a DIRECT seller of


It’s fraudy because: Frankly Media LLC is not a PUBLISHER of and Frankly Media LLC is not a DIRECT seller of


It’s fraudy because: Engine Media is not a DIRECT seller of

Is Frankly Media LLC a dark pool sales house?

It sure looks like Frankly Media LLC has been going around to all the ad exchange and telling some fibs.

They’ve told some of them that they own and operate — but they don’t. They’re telling others that they are both PUBLISHER and INTERMEDIARY for — and that’s not true either ( is owned by Salem Media Group).

But one thing is probably true: Frankly Media LLC and/or its parent company Engine Media Holdings is making payouts to But how much? This is where we hit a dead end.

Frankly Media LLC is what we call a dark pool sales house. We don’t know how much it’s earning for through this revenue-sharing ring and we don’t know how it’s distributing the collective proceeds across its members.

Maybe they have a profit-sharing contract? Maybe they pay out through yet another shell company? Anyone looking at these records would never know.

So what do we do now?

What we’ve just uncovered is a Nazi infiltrating the adtech supply chain through the very pipelines designed to keep someone like him out of it. If Frankly Media LLC can use the same DIRECT ID across NBC affiliates and a Nazi’s media outlet, we are in trouble.

Last summer when we first reported on ads.txt revenue-sharing, we noted the national security implications of not knowing where our advertiser dollars are being funneled:

One of the reasons that this is still legal, or not explicitly known to be illegal, is that ads.txt is only three years old and there hasn’t been, to our knowledge, any major investigative research into the consequences of its design… Ads.txt is a global standard, used in international markets. This giant security hole opens markets and mediascapes around the world to foreign propaganda, hate groups, money laundering, and, of course, fraud.

If ad exchanges don’t enforce ads.txt, all these problems run rampant.

Once again, it’s up to us, the advertisers, to take charge of our own ads. If you want to keep your ad budgets away from Seb Gorka, you will have to add the website “” to your exclusion list. You will also need to block Frankly Media and its DIRECT seller ID’s. You can find them at

Thanks for reading,

Nandini & Claire


NOTE: Originally, the first sentence of this post said “Seb Gorka is a Nazi.” We have updated this to read “neo-Nazi” because it is debated whether the word Nazi is a general term for someone’s ideology or if it refers specifically to a member of the historic National Socialist German Workers’ Party of Germany.

Did you like this issue? Then why not share! Please send tips, compliments and complaints to @nandoodles and @catthekin


Source: 2 interesting ways Seb Gorka, a Nazi, is collecting your ad dollars – BRANDED

The inventor of the digital cookie has some regrets — Quartz

You’re reading a Quartz member-exclusive story, available to all readers for a limited time.
To unlock access to all of Quartz become a member.

When Lou Montulli invented the cookie in 1994, he was a 23-year-old engineer at Netscape, the company that built one of the internet’s first widely used browsers. He was trying to solve a pressing problem on the early web: Websites had lousy memories. Every time a user loaded a new page, a website would treat them like a stranger it had never seen before. That made it impossible to build basic web features we take for granted today, like the shopping carts that follow us from page to page across e-commerce sites.

Montulli considered a range of potential solutions before settling on the cookie, as he later explained in a blog post. A simpler solution might have been to just give every user a unique, permanent ID number that their browser would reveal to every website they visited. But Montulli and the Netscape team rejected that option for fear that it would allow third parties to track people’s browsing activity. Instead, they settled on the cookie—a small text file passed back and forth between a person’s computer and a single website—as a way to help websites remember visitors without allowing people to be tracked.

Within two years, advertisers learned ways to essentially hack cookies to do exactly what Montulli had tried to avoid: follow people around the internet. Eventually, they created the system of cookie-based ad targeting we have today. Twenty-seven years later, Montulli has some misgivings about how his invention has been used—but he has doubts about whether the alternatives will be any better.

This conversation has been edited for length and clarity.

QZ: What was your goal when you were creating the cookie?

We designed cookies to exchange information only between users and the website they visited. The founders of Netscape and many of the other denizens of the internet in that age were really privacy-focused. This was something that we cared about, and it was pervasive in the design of the internet protocols we built. So we wanted to build a mechanism where you could be remembered by the websites that you wanted to remember you, and you could be anonymous when you wanted to be anonymous.

How did you feel when you started seeing advertisers exploit cookies to track people?

Courtesy of Lou Montulli

Montulli circa 1992

That wasn’t something that we had really anticipated sites doing—although I guess one could have followed the money and could have imagined this happening. We became aware of this in 1996, and it was certainly very surprising and alarming to us. We were simultaneously fighting a knock-down, drag-out battle with Microsoft [for dominance of the browser market] and basically getting our clock cleaned. So there were a lot of other problems going on within Netscape besides just cookies. So it just fell to me to figure out what to do about cookies. People were like, “Well I don’t have time to deal with this. Can you deal with this?” And, you know, I’m just a lowly engineer. I don’t really have any experience dealing with policy.

But we were really faced with three choices: One would be to do nothing, to go “oops!” and throw up your hands and allow advertisers to use third-party cookies however they wanted. Another would be to completely block third-party cookies. And the third option was to try to create a more nuanced solution in which we try to give control of the cookie back to the user—especially control over the way advertisers used cookies to track them. That was the approach that we tried to take. And to do that we built out a bunch of functionality within the browser to let users see what cookies are on their device and allow them to control how they’re being used. So you could turn off third-party cookies entirely, or you could turn them off for a certain site.

So you had a chance to kill third-party cookies back in 1996—why didn’t you take it?

Advertising at that time was really the sole revenue stream of websites, because e-commerce was not as strong. Pretty much the entire web relied on advertising and by turning off advertising cookies, it would severely diminish the ability for revenue to be made on the web. So I can’t say that the decision was entirely financially neutral. We as a company believed very strongly in the future of the open web. We felt like having a revenue model for the web was pretty important, and we wanted the web to be successful. So we made the choice to try to give cookie options to the user, but not disable them.

Now, 25 years later, do you feel like you made the right choice?

I look at it from two different perspectives. If you agree that advertising is a reasonable social good, where we get free access to content in exchange for some amount of advertising, and if that advertising is reliant on some form of tracking, I would say the use of the cookie for tracking is a good thing for two reasons. First, it’s a known place where tracking is happening. And second, it’s a technology that is in large part under the user’s control. You can disable cookies in your browser or use an ad blocker plugin to block cookies. So the user has a fair amount of control over the advertising technology right now, and that’s only because it works through this particular technology. The alternative would be, if every ad network were to use a completely different technology, and that technology was not under the control of the user, we would no longer have a singular mechanism with which to personally disable that tracking network.

There’s another view, though, which I’ve only come around to recently. I now think the web’s reliance on advertising as a major revenue source has been very detrimental to society. Advertising perverts the user experience. Instead of incentivizing quality, it incentivizes getting as much interaction as possible. And I think that we’ve seen that those business models that seek to generate as much interaction as possible have caused people to behave very irrationally and not in the public good. So we may need to cut back on the advertising model to get some sort of sanity back in our online experience. I had a hand in building the web this way, but in my old age I’m looking back and thinking the world might have been a better place if we had spent more time working on micropayments or subscription-based content that would have allowed us to value quality over quantity.

Given that we know third-party cookies are dying, what do you think of the alternatives the ad industry is proposing to replace them?

On FLoC: This is an alternate form of expressing preferences for advertising without the traditional means of tracking you all over the web. And I think those forms are really interesting. But I also think that the public is likely to find them a little creepy at first because they won’t really understand it.

On Unified ID 2.0: That’s basically just another cookie. I don’t think it will get traction, because almost everyone will want to turn it off. And if you turn it off, it does advertisers no good.

On first-party data: It’s fine for really large, top 100 websites, but it really cannot be a useful technology for smaller sites. If you don’t have much traffic, collecting your own data has very little relevance to the larger ad-serving, ad-tracking world.

How optimistic are you that new technologies can fix the misgivings consumers have about ad tracking?

It’s my guess that as the third-party cookie gets phased out, ad tracking networks will try to migrate to cookie replacements that do almost the same thing as cookies but don’t have the same user control or supervision, like fingerprinting. I think these new technologies will just set off an arms race between advertisers, who are trying to figure out how to track users, and the browsers and privacy advocates who will come up with technological methods to fight back.

Ultimately, it comes down to: Do we want to fight a technological tit-for-tat war between the advertising companies and the browsers, or do we create public policy around what is and isn’t permissible? It’s very difficult to create a singular technology that is able to solve this problem. And as soon as you do, you have billions of dollars trying to work around it, which to me means if we care about it as a public policy initiative then we ought to put some restrictions around it. And that’s a little hard for me to say as a technologist, because oftentimes legislation has the best intentions, but it doesn’t really hit the mark very well. But sometimes you just can’t come up with a pure technological solution to a problem and you have to figure it out on a policy level.


Source: The inventor of the digital cookie has some regrets — Quartz

The end of third-party cookies — Quartz

  • The technology that shaped digital advertising and media is going away. What will replace it?

    Animation of eyes surrounding a UI window full of mouse cursors

    Image copyright: Illustration by Charlie Le Maignan

  • By the digits

    $336 billion: Valuation of the digital advertising industry, according to one estimate

    72%: Americans who worry that what they do online is being tracked by companies

    40%-60%: The (rather low) accuracy rate when two companies try to match the cookie data they have on the same set of consumers

    2.7%: Increased likelihood that a person will buy something from an ad that uses cookies vs one that does not, according to one study

    40%: Web traffic that comes from users who block third-party cookies

  • Explain it like I’m five!

    How do third-party cookies work?

    A cookie is a small text file saved locally on a user’s computer at the behest of a website they’ve visited. It helps the website remember information about them—often for benign reasons, like remembering their login information or making sure the items in their shopping cart will still be there even if they close the page and come back later.

    When cookies come from someplace other than the website a user chose to visit, they’re called third-party cookies. They’re not a particularly effective way for digital advertisers to track potential customers, and the public fears the privacy implications of having their every move online surreptitiously tracked. In response to public pressure, lawmakers are passing legislation to protect internet users’ privacy, but the most effective move of all might be a voluntary one by web browsers that have said they will no longer support third-party cookies. Few will mourn the functional death of the third-party cookie, but there’s reason to be suspicious of what might rise in its place.

    Read more here.

  • Charting where digital advertising money goes

    Where a dollar of digital advertising goes

    Read more here.

  • Brief history of third-party cookies

    1994: Lou Montulli, a 23-year-old engineer at the world’s then-leading web browser, Netscape, invents the cookie. His original goal was to create a tool that would help websites remember users—but couldn’t be used for cross-site tracking.

    1995: DoubleClick, one of the world’s first adtech firms, is founded. Its engineers realize they can exploit cookies to track users across the web; the company pioneers and comes to dominate the world of ad targeting.

    2008: Google buys DoubleClick for $3.1 billion and expands its advertising business from search pages to programmatic ads on websites.

    2016: The EU passes the General Data Protection Regulation (GDPR), which expands requirements for websites to get users’ consent before tracking them with cookies.
    Jan. 2020: Google announces it will block all third-party cookies by default, writing, “Our intention is to do this within two years.”

  • Billion-dollar question

    What will replace the third-party cookie?

    There are three major proposals for how the industry can continue to show consumers relevant ads and measure the effectiveness of marketing campaigns without relying on third-party cookies. These solutions aren’t mutually exclusive, and in the short term we’ll see the industry experiment with all three.

    👯‍♀️ Google’s Federated Learning Cohorts (FLoC) model: The browser tracks users and groups them into cohorts alongside thousands of peers with similar online habits. Every time a person visits a website, their browser would tell the site which cohort they belong to, and advertisers would show them ads tailored to people with interests like theirs.

    🗞️ First-party data tracking: Publishers and advertisers each collect their own data about their audience and consumers respectively. If a brand and a publisher have the same piece of information about a particular user, like an email address, they can team up to match the customer’s spending habits on the brand’s site to their reading habits on the publisher’s site and target ads even more effectively.

    🔑 Identity-based tracking: A central authority would assign every web user an advertising ID that advertisers could track every time a user logs into a website. Adtech companies would once again be able to monitor individual users’ browsing habits, serve them targeted ads, and measure whether a user who saw an ad went on to buy the advertised product.

    How developed are these models, and who wins and loses with each? Read more here. 

  • Person of interest: Lou Montulli

    A 22-year-old Lou Montulli rocks a big shock of hair that sticks straight up all around his head.Image copyright: Courtesy of Lou Montulli Montulli circa 1992

    When Lou Montulli invented the cookie 1994, he was a 23-year-old engineer at Netscape, the company that built one of the internet’s first widely used browsers. He was trying to solve a pressing problem on the early web: Websites couldn’t remember who their users were or what they had done in previous visits.

    He and his Netscape colleagues settled on the cookie as a way to help websites remember visitors without enabling cross-site tracking.

    Almost immediately, advertisers learned ways to essentially hack cookies to do exactly what Montulli had tried to avoid: follow people around the internet. Over time they created the system of cookie-based web tracking we have today. Twenty-seven years later, Montulli has some misgivings about how his invention has been used—but he has doubts about whether the alternatives will be any better.
    Read more here.

    What if antitrust regulators forced Google to sell Chrome? (Quartz) If Google were forced to sell Chrome due to monopoly concerns, a new owner might jettison third-party cookies sooner, creating headaches in the digital ad world.

    Google is done with cookies, but that doesn’t mean it’s done tracking you (Vox) Another take on FLoC and what information Google will still collect even after cookies are gone.

    No need to mourn the death of the third-party cookie (The Next Web) The case for publishers, advertisers, and consumers being better off without cookie tracking.

    Advertisers scramble for answers after Apple’s IDFA update (Digiday) Looming changes to Apple’s ID for Advertisers will be just as disruptive for the ad industry as Google’s deprecation of third-party cookies.

Source: The end of third-party cookies — Quartz

The death of third-party cookies will reshape digital advertising — Quartz

You’re reading a Quartz member-exclusive story, available to all readers for a limited time.
To unlock access to all of Quartz become a member.

Table of contents

Nothing on the internet is free | Glossary | What is a third-party cookie? | Timeline | Why are third-party cookies going away? | What will replace third-party cookies? | Who gets to decide what will replace third-party cookies? | What will the outcome of all this be?

Nothing on the internet is free

From news articles to web comics to cat videos, the internet has more media than you could ask for, much of it available for you to access without paying a dime.

But nothing in life is free, and the internet is no exception. In reality, there’s a deal happening every time you consume a piece of free content online. Web publishers are giving you their content; advertisers agree to fund that content by paying for ads. And you agree to give mountains of personal data to hundreds of companies in the digital ad industry, whether you realize it or not.

That’s the bargain that has funded free web publishing since the mid-1990s, and for the past quarter century it’s been powered by a key piece of technology known as third-party cookies. These are tiny but crucial identifiers that track internet users’ every move across the web. They help advertisers target ads and measure the effectiveness of their marketing campaigns. They’ve become one of the central technologies underpinning the business model of publishing on the web.

And they’re about to die.

Safari and Firefox, the world’s second and third most popular web browsers, already block third-party cookies by default to protect users’ privacy. Google Chrome—which controls two-thirds of the global browser market—has announced it will follow suit by 2022. When Google pulls the plug next year, almost no one will be left using a browser that supports third-party cookie tracking, rendering it effectively extinct.

The death of third-party cookies comes at a moment of widespread backlash against advertisers’ digital surveillance. The public has become increasingly vocal about its discomfort with ad tracking. Europe’s landmark digital privacy laws have spawned copycats all over the world. Apple, sensing an opportunity to market itself as the privacy-friendly tech giant, has announced software updates that will make it much harder for advertisers to track what users do in apps and mobile browsers.

The internet is now at an inflection point. Industry groups representing advertisers, advertising agencies, browsers, and publishers are scrambling to come up with alternatives to the old methods of invasive personal tracking. The decisions they reach over the next year will have widespread implications for the future of privacy on the web and how the businesses that operate on the internet carve up the spoils of the $336 billion industry of digital advertising.

It’s hard to overstate what hangs in the balance. “If we do it right,” said Chetna Bindra, who heads Google’s product team on trust and privacy, “this will be the way to proactively shape the next couple of decades for a free and open web.”


Publishers: Companies that create and host content online, including news organizations and independent creators.

The “open” web: The universe of content that is free for anyone to access using a web browser—no one has to log in or pay a fee to see it.

Walled gardens: In this story, this term mostly refers to companies that collect data on their websites that they won’t share with anyone (e.g. Facebook, which has vast troves of data on its users that no one else can see). But in other contexts, it can mean publishers that require users to log in or pay a fee to access content (e.g. Quartz, which requires you to become a member to read this story).

Brands: The companies that buy ads to market their products or services. The biggest advertisers in the world include brands like Procter & Gamble, Samsung, and L’Oreal.

Agencies: The firms that brands hire to design and execute their marketing campaigns.

Adtech: A catchall term for the hundreds of companies that help connect brands, which have ads they want to place, with publishers, who have ad space they want to sell. Adtech companies automate the process of buying and selling ad space, track web users to help companies target the audiences they want to reach, and measure how effectively a marketing campaign is getting people to spend money with a brand. Google is one of the world’s largest adtech companies, but the group also includes smaller, independent firms like The Trade Desk, LiveRamp, Criteo, and ComScore.

Programmatic advertising: Ads bought through automated exchanges enabled by the adtech industry. There is no direct relationship between the brand and the publisher. Publishers sell space to the highest bidder, and brands place ads targeted to particular audiences, regardless of the publisher who hosts them. This accounts for a large portion of digital ad spending—85% in the US in 2020.

First-party data: The data internet users give directly to a company. If you go to a brand’s or publisher’s website, everything you do and all the information you enter counts as first-party data. For publishers, that might include what kinds of articles you like to read; for brands, that might include what kinds of products you like to buy.

Third-party data: The data a company gets indirectly, either by tracking you or buying it from someone else. There are companies that base their entire business on buying and selling data on internet users’ demographics, location, income, and browsing history.

What is a third-party cookie?

A cookie is a small text file saved locally on a user’s computer at the behest of a website they’ve visited. It helps the website remember information about them—usually for benign reasons, like remembering their login information or making sure the items in their shopping cart will still be there even if they close the page and come back later. Up until recently, websites saved cookies on visitors’ computers automatically, without ever notifying them. (In response to European privacy laws, many websites now have pop-ups informing visitors that they use cookies.)

When cookies come directly from a website a user chose to visit, they’re called first-party cookies. For example, if a user goes to a weather website and types in their zip code to get their local forecast, the site might save a cookie on their device. That way, it will remember a user’s location—and offer the right forecast more quickly—the next time they visit.

When cookies come from someplace other than the website a user chose to visit, they’re called third-party cookies. For example, if a user goes to a website that displays an ad, that ad might save a cookie on their computer that reports back to the advertiser. The cookie then marks them as the person who saw this particular ad at this particular moment. If at some point later they visit the advertiser’s website and buy something, the company can infer that its marketing campaign influenced their decision and was effective.

The digital ad industry has learned many ways to use third-party cookies to its advantage. Ever notice that, when you click on a product listing for a pair of pants, ads for that particular pair of pants begin following you everywhere you go online? It may be because the retailer saved a cookie on your computer identifying you as a potential pants buyer. Ad vendors can also use cookies to keep track of the websites you’ve visited, and link that information to massive third-party datasets on consumer incomes, demographics, or addresses. In this way, a beauty brand might target ads for its products only to affluent women who live in geographic areas where the company operates.

We became a little bit dependent on third-party cookies because it was easier, faster, and required less planning and integration.

Advertisers began adopting third-party cookie tracking around the turn of the millennium because targeted ads promised to solve two of the industry’s perennial problems. First, they offered a simpler way to reach the right audience at scale. Before cookies, a brand might painstakingly cut deals with individual magazines, TV channels, or websites based on their inferences about how likely it was that Golf Digest readers would be in the market for a new watch. Now, brands can just say they want to reach wealthy, middle-aged men who have browsed fashion websites in the past month, and cookie trackers will attempt to find those men anywhere they happen to be around the internet.

“We became a little bit dependent on third-party cookies because it was easier, faster, and required less planning and integration [than traditional marketing],” said Matt Naeger, who heads US strategy for the performance marketing agency Merkle.

Cookies also promised to bring some scientific rigor to the advertising process. Agencies could analyze cookie data and calculate how much revenue a particular marketing campaign generated. In fact, an entire sub-industry dedicated to “performance marketing” now promises its clients clear returns on their investment based on rock-solid data. The allure of these precise figures stands in contrast to the traditional ad model, in which brands simply have faith that their investments in marketing would eventually bring in customers.

In reality, however, third-party cookies haven’t turned out to be the omniscient crystal balls they promised to be. Even before ad blockers (which also block tracking cookies), consumers had a pesky habit of clearing their cookie caches and sharing a browser with other members of their household, leaving the data noisy and incomplete. To further muddy the waters, the internet is awash in bots designed to fabricate ad traffic to generate billions of dollars in fraudulent revenue for nefarious publishers and adtech vendors. Today, cookies are rather lousy proxies for a consumer’s identity. When one adtech vendor tries to match the cookie data it has on a given audience to another vendor’s cookie data on those same people, the accuracy rate tends to hover between 40% and 60%—a major challenge for advertisers who want to track individuals around the web.

Peer-reviewed academic research has struggled to find evidence that cookie-based tracking actually makes advertising more effective, according to Arslan Aziz, an assistant professor at the University of British Columbia business school who wrote the 2016 paper “What Is a Digital Cookie Worth?” His study found that, under the right circumstances, ads that use cookie tracking could make a person 2.7% more likely to make a purchase than ads that don’t. But he said other studies have been more equivocal. “Frankly, the research is not conclusive about whether these ads do add value,” he said.

Adtech firms, however, have been very successful at convincing brands that tracking is worth the investment. “We know from basically just looking at the industry that advertisers do spend a lot of money on [ad targeting] and that translates into revenues for all these big tech firms that work on advertising and all these other players in the ecosystem,” Aziz said. “So there is a lot of money being spent. Now whether it creates a lot of value, but it’s difficult to measure, or it doesn’t create any value, I feel it’s still not fully answered in research.”


1994: Lou Montulli, a 23-year-old engineer at the world’s then-leading web browser, Netscape, invents the cookie. His original goal was to create a tool that would help websites remember users—but couldn’t be used for cross-site tracking.

1995: DoubleClick, one of the world’s first adtech firms, is founded. Its engineers realize they can exploit cookies to track users across the web; the company pioneers and comes to dominate the world of ad targeting.

1996: The press starts reporting on cookie tracking in advertising, prompting public backlash. At Netscape, the decision about whether to ban third-party cookies falls to Montulli, who decides to spare them. Netscape, however, gives users full power to clear their cookie cache or delete cookies from specific websites, which other browsers later emulate.

1998: The US Department of Energy Computer Incident Advisory Capability issues a bulletin assuring the web-browsing public that “the vulnerability of systems to damage or snooping by using Web browser cookies is essentially nonexistent.”

2008: Google buys DoubleClick for $3.1 billion and expands its advertising business from search pages to programmatic ads on websites.

2011: The European Union issues an ePrivacy Directive enshrining individuals’ right to refuse cookies.

2016: The EU passes the General Data Protection Regulation (GDPR), which expands requirements for websites to get users’ consent before tracking them with cookies.

Sept. 2017: Safari starts blocking some third-party cookies through the first iteration of its Intelligent Tracking Prevention (ITP) protocol.

April 2018: Citing GDPR, Google blocks adtech companies from accessing DoubleClick data, strengthening its grip on a walled garden of user data.

Oct. 2018: Firefox rolls out “Enhanced Tracking Protection” features that block third-party cookies, but these are switched off by default.

Aug. 2019: Google Chrome announces its “Privacy Sandbox” initiative to develop and test new browser features that would boost user privacy.

Sept. 2019: Firefox blocks all third-party cookies by default.

Jan. 2020: Google announces it will block all third-party cookies by default, writing, “Our intention is to do this within two years.”

March 2020: Safari blocks all third-party cookies by default.

Why are third-party cookies going away?

The immediate cause of death for third-party cookies was Google Chrome’s decision to stop supporting them. But Google’s decision was really a recognition of the reality that cookie-based tracking had suffered a swift and irreversible fall from grace. At this point, there are few people left in the ad industry willing to defend—or invest in—third-party cookie tracking.

First, public opinion turned negative. A major catalyst for change was Facebook’s Cambridge Analytica scandal—which, ironically, had nothing to do with cookies. But after the news broke in 2018 that a third-party analytics company had improperly accessed Facebook users’ data in an attempt to psychologically manipulate voters and sway elections, the media cast a harsh spotlight on the ways tech companies harvest and exploit data. Public awareness of and opposition to tracking grew. On top of that, a steady drumbeat of headlines about massive data breaches undermined the public’s faith that the companies that collect data could be trusted to protect it.

When laying out its justification for nixing third-party cookies, Google cited public opinion polling from Pew Research Center showing that 72% of Americans worry that almost all of what they do online is being tracked by advertisers, tech firms, and other companies; 81% believe the risks they face from having their data collected outweigh the benefits. Pew has also found that half of Americans have chosen not to use a product or service (mainly websites, electronics, and social media platforms) because they worried about how much personal data it would collect about them.

Souring public opinion spurred regulation. Europe’s General Data Protection Regulation law passed in 2016, and quickly became the template for similar privacy regulations around the world. The new rules restricted the use of cookie tracking by requiring companies to obtain opt-in consent from users before saving cookies on their computers. The laws also convinced companies that more regulation could be on the horizon, and it was a good time to take some proactive steps to preserve privacy and appease lawmakers.

Apple sought to claim a competitive advantage by positioning itself as a privacy-first consumer tech company. Safari, which has blocked some forms of third-party cookies since 2017, completely banned them in 2020. Apple has also said it will release a software update in “early spring” 2021 that will require advertisers to ask for permission before tracking iOS users’ activity on mobile devices. The update is expected to limit the industry’s use of Apple’s “Identifier for Advertisers,” which plays a similar role to cookies on mobile devices.

Apple’s privacy moves were inspired by Firefox’s 2019 decision to block all third-party cookies by default, and coincided with the rise of ad blockers, third-party extensions that allow users to swat down tracking cookies even on browsers like Chrome. Thanks to Firefox, Safari, and ad blockers, roughly 40% of US web traffic now comes from users who block third-party cookies, reducing cookies’ utility to advertisers.

This whole thing has helped us all to rethink what data matters.

As public backlash, regulatory scrutiny, and competitive pressure rose, advertisers started to take a closer look at the adtech business model that third-party cookies were propping up. Advertisers’ reliance on tracking data had created an elaborate industry of hundreds of adtech firms, each using third-party cookies to facilitate a niche part of the process of buying and selling digital ads. A 2018 analysis from the Incorporated Society of British Advertisers (ISBA) found that agencies and adtech middlemen—who connect brands buying ads to publishers selling ad space—absorbed roughly half the revenue from programmatic advertising (confirming earlier findings from the World Federation of Advertisers and the US Association of National Advertisers).

Worse, the digital ad industry was so opaque that almost none of the advertisers the ISBA reached out to could fully audit their spending. In the industry group’s analysis, 15% of ad spending seemed to simply disappear. No one could account for where it went or who pocketed it.

Where a dollar of digital advertising goes

Against this backdrop, Google announced in Jan. 2020 that it would stop supporting third-party cookies within two years. Initially, industry groups like the US Association of National Advertisers and the American Association of Advertising Agencies grumbled in press releases that they were “disappointed that Google would unilaterally declare such a major change” and worried that the move would “threaten to substantially disrupt much of the infrastructure of today’s Internet.”

But they quickly fell in line and embraced the change. In roughly 30 recent interviews with representatives from brands, agencies, adtech firms, publishers, privacy watchdogs, and academia, not one person mourned the third-party cookie. Stephan Pretorius, chief technology officer at UK-based WPP, the world’s biggest ad agency, gave a representative response: “I’m not particularly sad about the demise of third-party cookies because they were never really that accurate, never really that useful, and in fact I think this whole thing has helped us all to rethink what data matters,” he said.

What will replace third-party cookies?

There are three major proposals for how the industry can continue to show consumers relevant ads and measure the effectiveness of marketing campaigns without relying on third-party cookies. Google is championing a browser-based tracking model; publishers and brands are developing ad models that rely on their own first-party data; and some parts of the adtech industry are pushing for a new form of identity-based tracking that would bear some similarities to the cookies of yore.

These solutions aren’t mutually exclusive, and at least in the short term, we’ll see the industry experiment with all three.

Google’s browser-based model

How it works: The browser would collect information about what a user does online and save that data locally on their computer. Based on the websites they visited and the content they saw, the browser would assign them to a cohort alongside several thousand people with similar interests. Then, every time that person visits a website, their browser would tell the site which cohort they belong to, and advertisers would show them ads tailored to people with interests like theirs. The cohorts would update every week, to keep ad targeting relevant and make it harder to identify the members of each group.

Who’s working on it: Google Chrome is currently testing a version of this, which it calls the Federated Learning of Cohorts (FLoC) model. Chrome engineers are hammering out the details of how it should work with representatives from ad agencies, publishers, and adtech firms who meet regularly as part of a working group at the World Wide Web Consortium (W3C), an industry group that sets technical standards for web browsers. No other browser has publicly indicated it is working on a similar model.

Stage of development: In beta testing. Google says that 0.5% of users in Australia, Brazil, Canada, India, Indonesia, Japan, Mexico, New Zealand, the Philippines, and the United States are part of its initial “origin trial.” (Europe was not included, for fear that the trial might violate GDPR.) If you’re a Chrome user in one of those countries, you can check if you’re part of the trial.

How it improves privacy: FLoC has two privacy-preserving features. First, all tracking data is saved locally on a user’s computer—it never gets collected in a central server, and it can’t be resold to third parties. Second, advertisers never see specific information about an individual user; they only see aggregated information about a group of thousands of users in the same cohort.

Caveat: FLoC wouldn’t change the fact that Chrome users’ every move online is being logged and tracked—it would just make it harder to tie that data back to an individual. (But, as the privacy-focused Electronic Frontier Foundation points out, that doesn’t stop advertisers from trying to de-anonymize consumers through a practice called “fingerprinting,” which some adtech companies already use to track people.)

How it would affect the ad industry: In this model, all tracking, targeting, and measurement runs through the browser. No one else has access to the underlying data, giving the browser a tremendous amount of control over the digital ad market.

Who wins: Google. The company can legitimately claim it boosted user privacy while also consolidating its grip on web advertising.

Who loses: Adtech vendors, especially those who run independent ad exchanges or rely on granular, individual-level user tracking.

First-party data tracking

How it works: Publishers collect their own first-party data about their audience, which might include information about the content they’re viewing, the kinds of topics they tend to be interested in, and possibly survey responses about their interests and demographics. They can use this data to divide their audience into segments, and sell ad space to advertisers who want to target those segments. Meanwhile, brands also collect their own first-party data about their customers’ shopping habits. If a brand and a publisher have the same piece of information about a particular user—say, they both know their email address or phone number—they can team up to match the customer’s spending habits on the brand’s site to their reading habits on the publisher’s site and target ads even more effectively. Note that these kinds of partnerships require direct deals between brands and publishers, who have to set up complicated technical systems that make the ad targeting work without revealing brand’s data to the publisher or the publisher’s data to the brand.

Who’s working on it: Large-scale publishers like the New York Times, Vox Media, and Insider have already launched their own ad targeting systems based on first-party data. The Local Media Consortium is working on a massive partnership between 5,000 US-based local news outlets to build a first-party data system that would sell ad space across all their websites, in an effort to match the scale of the big publishers. (Quartz, which makes money from both ads and memberships, has its own first-party data strategy.)

Stage of development: Several large publishers are already using them, while the Local Media Consortium is beginning to pilot its proposed ad network.

How it improves privacy: Instead of being tracked by third parties they don’t know, consumers give their data directly to publishers and brands. Ideally, this creates a clear “value exchange” in which consumers knowingly and voluntarily give up their data in exchange for free content, discounts, or other incentives.

Caveats: Consumers may not be fully aware of when their data is being collected and what happens with it afterward. When someone gives a publisher their email address and agrees to receive marketing emails in exchange for free articles, the terms of the deal are obvious. But it’s less clear that consumers are thinking about handing over data for advertising every time they make a purchase or log into a website. Plus, companies can make deals with third-party data vendors to “enrich” the first-party data they get from consumers—a process that allows them to match the users in their first-party database with information the third-party vendor has about their homes, their cars, their incomes, their demographics, their credit histories, and so on, for ad targeting purposes. (Vice has struck a partnership along these lines with credit agency Experian.) Consumers, in other words, may be giving away access to a lot more information than they realize.

How it would affect the ad industry: First-party data comes with fewer headaches around complying with privacy regulations and managing user consent. But first-party data is also much harder to get than third-party cookie data. Under this model, the ad world would have to learn how to make do with less information about consumers.

Who wins: The biggest publishers with access to the largest pools of first-party data could wind up making more money under this model by cutting direct ad deals with brands. Also, brands that have access to lots of consumer data, e.g. direct-to-consumer brands, would gain a marketing advantage over brands that have no direct relationships with consumers.

Who loses: Smaller publishers who don’t have as much first-party data and lack the scale they’d need to secure ad deals with major brands. Also, brands that haven’t invested in collecting consumer data through direct-to-consumer sales, subscriptions, loyalty programs, newsletters, etc.

Identity-based tracking

How it works: A central authority would assign every web user an advertising ID based on a trait that isn’t likely to change very often, like their email address. Every time a user logs into a website with their email address, advertisers could identify and track them using their specific ID. Adtech companies would once again be able to monitor individual users’ browsing habits, serve them targeted ads, and measure whether a user who saw an ad went on to buy the advertised product. If enough of the ad industry agreed to use this form of ID tracking, and more websites started requiring users to log in with an email address, the digital ad world could return to a system for targeting ads that would look something like the cookie-based system we have today.

Who’s working on it: The Trade Desk, one of the web’s leading adtech companies, has developed the most prominent proposal, which it calls Unified ID 2.0. It has gotten buy-in from a slew of adtech companies and industry groups like the Interactive Advertising Bureau (IAB) Tech Lab and the Partnership for Responsible Addressable Media (PRAM), which are developing technical standards for identity-based tracking.

Stage of development: In beta testing.

How it improves privacy: User IDs would be encrypted, so advertisers wouldn’t see a person’s email address—they’d just see a random string of characters that correspond to that email address. The IAB Tech Lab has also proposed creating a “Global Privacy Platform” which would help the companies that use Unified ID 2.0 offer consumers a way to opt out of ad tracking. It wouldn’t create a universal opt-out button, however—consumers would still have to opt out of tracking from each company individually.

Caveats: In reality, people just don’t use opt-out menus. It’s not clear how many consumers would know the opt-outs existed or go to the trouble of finding them and fidgeting with their privacy options.

How it would affect the ad industry: The ad industry wouldn’t have to change their business practices very much after third-party cookies fade away, maintaining the status quo. Advertisers wouldn’t be able to collect as much data as they did with cookies, but the data would be more reliable because it would come from logged-in users. But critics worry this solution wouldn’t sufficiently address consumers’ or regulators’ privacy concerns, and would leave the industry open to a renewed backlash.

Who wins: Adtech vendors whose business models depend on granular tracking, and who worry about the market power of Google and Facebook. Smaller publishers who rely heavily on programmatic advertising and don’t want to have yet another business model change foisted upon them.

Who loses: Potentially the digital ad industry, if fed up consumers and regulators believe this solution doesn’t go far enough and they turn their ire on advertisers.

The other alternative would be for the industry to move away from tracking and back toward old-school marketing methods. Instead of targeting ads to individual users, brands could return to contextual advertising, in which they place ads in publications or next to stories with relevant content. Instead of following users around the web to see if they eventually buy a product after seeing it in an ad, marketers could rely on last-click attribution—an imperfect way of measuring an ad’s effectiveness by simply observing how many people click on it and whether those clicks lead to sales. Both tactics can be imprecise, but they don’t require cookies or any cookie alternatives.

In other words, the industry could let go of its preoccupation with measuring everything, and operate the way it did before the internet: with a lot less data, and a lot more faith that good marketing will eventually carry the day. Naeger, the Merkle ad executive, said the industry has lost sight of the basics of building a brand and maintaining relationships with customers. “The first job you have is to be a real marketer,” he said. “The second job you have is to take advantage of the tools and technologies that allow you to do it in a faster and easier way.”

Who gets to decide what will replace third-party cookies?

There are hundreds of players in the digital ad world who all have a hand in deciding which cookie alternatives the industry will adopt. But three main power centers have emerged with outsized influence over the future of tracking on the web.


Google is working on standards for browser-based tracking through the W3C’s Improving Web Advertising Business Group. The 355-member group is, theoretically, supposed to be collaborative and make decisions based on consensus among all its stakeholders, who represent browsers, ad agencies, adtech firms, and publishers. But it’s hard to find common ground with so many competing interests at the table.

“It’s hard to point to something that everyone agrees on,” said Wendy Seltzer, the W3C’s legal counsel, strategy lead, and chair of the advertising working group. “When I’ve tried to suggest points of agreement even around the basics—we’re trying to work on solutions that improve privacy and opportunities for monetization—I get pushback from some group participants.”

It’s hard to point to something that everyone agrees on.

Absent any consensus, it’s unlikely the group will come up with standards for browser-based tracking by 2022. That frees up Google—which never needed the W3C’s permission in the first place—to forge ahead with its own vision for FLoC. Jochen Schlosser, the chief technology officer at the adtech company Adform and a participant in the W3C working group, says the meetings have started to feel like a Google-led show-and-tell.

“It’s not a conversation,” he said. “It’s not about trying to be creative together or trying to find a compromise. This is about someone doing a show and then taking feedback, and then saying, ‘Thank you for listening. It was great having you.’” Schlosser has stopped attending the meetings, and instead sends someone in his place to take notes on Google’s latest updates.

Bindra, the Google privacy lead, says Google remains committed to collaborating with its peers on the W3C. She points out that Chrome’s latest prototype—a tool for replacing digital ad auctions that it calls FLEDGE—incorporates some of the extensive feedback the company got from the working group. But the end product does bear a lot of similarities to Google’s original proposal.

Large publishers

The largest web publishers aren’t convening industry groups to develop shared standards to govern their first-party ad targeting software. Many saw the writing on the wall when GDPR passed in 2016 and started developing their own ad platforms soon after.

So far it seems to have been working—at least for publishers with the largest audiences. Jana Meron, who leads Insider’s programmatic advertising and data strategy, says the publisher has been able to keep significantly more of its ad revenue by signing direct deals with brands based on first-party data. Schlosser, the Adform CTO, says that a “double digit percentage” of traffic on his company’s ad network now comes from publishers who use first-party data for ad targeting. “We’ve had no complaints about their performance, so I think that proves first-party solutions are already working,” he said.

The Trade Desk & the IAB Tech Lab

Despite pushback from some parts of the industry, The Trade Desk is moving ahead with Unified ID 2.0. The IAB Tech Lab is in talks to take on the role of overseeing the tracking system, and has put out a set of standards for how Unified ID 2.0 should be governed. Industry groups including the Partnership for Responsible Addressable Media and the American Association of Advertising Agencies have tentatively expressed an interest in the new tracking protocol.

The big, remaining hurdle is getting the rest of the ad world onboard. The more brands, agencies, adtech firms, and publishers use Unified ID 2.0, the more comprehensive its ability to track users across the web will become—and, in theory, the more useful it will be to advertisers. But some players worry that adopting a new form of identity-based tracking will just set off another wave of public outcry over privacy.

In March 2021, Google threw up a roadblock for Unified ID 2.0 when it declared that it would not support identity-based tracking in its ad products. “We don’t believe these solutions will meet rising consumer expectations for privacy, nor will they stand up to rapidly evolving regulatory restrictions, and therefore aren’t a sustainable long term investment,” the company wrote in a blog post.

Some publishers have echoed the sentiment. Megan Walton, who heads Vox Media’s ad tech team, said identity-based tracking is ineffective and short-sighted. “We don’t think that’s the future out of how advertising will be transacted and we think that’s not the correct strategy,” she said. Pranay Prabhat, who heads digital ad technology at The New York Times, agreed. “I don’t think that’s the future,” he said.

Still, there are a couple of major publishers who have shown support for Unified ID 2.0. The Washington Post became the first publisher to agree to test the tracking system for ad targeting on its site, and The Trade Desk lists Buzzfeed and Newsweek as collaborators on the project.

What will the outcome of all this be?

No matter how the battle to select third-party cookies’ replacement shakes out, we can expect two major outcomes: modest privacy gains for users and increased consolidation in the digital ad market.


The clearest beneficiaries from the death of third-party cookies are the web’s walled gardens, especially Google and Facebook, who have vast pools of data about users and their browsing habits that no one else can access. There’s also room for Amazon to become the third ad industry titan, since it controls its own walled garden full of rich data on consumer spending habits. Over the past several years, the ecommerce giant has been steadily growing its ad marketplace, which now accounts for 10.3% of the US digital advertising.

Adtech vendors, on the other hand, are shut out of all this information. When third-party cookie tracking goes away, they won’t have their own walled gardens full of data to fall back on. Many of their business models, which rely on collecting and analyzing vast troves of user data, won’t work anymore. Larger adtech vendors will be able to pivot to new supporting roles in an industry that relies more on FLoC cohorts and highly technical first-party data partnerships—but smaller adtech firms may struggle to keep the lights on as they try to find a new niche.

The same is true for publishers. Bigger publishers may be able to boost their revenues by charging more for ads that use first-party data to target their large audiences. But smaller publishers are less likely to have the developers on staff who can build out a first-party data offering, the sales people who can knock on brands’ doors to offer direct ad deals, or the scale that would make it worth it for a brand to cut deals with them individually.

It’s possible that small publishers can band together in partnerships like the NewsNext program envisioned by the Local Media Consortium to pool resources and build their own ad offering based on first-party data. Otherwise, they’ll have to hope that cookie alternatives like FLoC and Unified ID 2.0 continue delivering programmatic ad revenue after third-party cookies get phased out. If not, they’ll have to find ways to make up for lost income, such as boosting subscription rates.

At least marginally better privacy

Any of the proposed alternatives will offer more privacy protections than the status quo, in which hundreds of adtech companies surreptitiously used third-party cookies to collect mountains of data about users without their knowledge or consent. But it’s unclear whether the cookie alternatives will offer anything more than a small step in the right direction.

FLoC promises to hide users’ identities in large, anonymous groups, but advertisers could use fingerprinting to de-anonymize FLoC cohorts. Unified ID 2.0 promises to come with opt-out buttons, but few people actually take advantage of opt-outs. First-party data promises to be the gold standard, in which users knowingly and voluntarily give their data directly to a publisher or brand in exchange for content, a discount, or something else they value. But consumers may not fully understand the implications of giving away their data.

The biggest privacy gain to come out of the industry’s switch to cookie alternatives may be the disruptions that it causes. Whatever comes next will likely throw a wrench in what used to be a relatively smooth data collecting operation—which ran quietly enough in the background that most users didn’t have to think about the fact that it was happening. The transition may require companies to ask users for their consent to give up their data more often. It may require users to click through more obtrusive privacy pop-ups. It will probably create more friction, at least in the short term, in the experience of using the internet.

But that friction will create awareness. It will force users to more frequently face the fact that they are being tracked by advertisers. And it will force advertisers to be a little more transparent about why they’re asking users to hand over their data. The industry believes it’s ready for that moment of honesty—and that it has a convincing sales pitch that can win over consumers.

The third-party cookies didn’t really transparently explain the value exchange…[adtech] did a bad job of telling that story to consumers.

“The internet is this amazing offering, where you have essentially unlimited content—news, entertainment, political views, social networking sites—available to consumers that never before have existed, and all of it is mostly free. And that is powered by advertising,” said Travis Clinger, vice president for addressiblity at the adtech firm LiveRamp.

If you explain that to people, Clinger and many of his peers believe, they’ll get why companies need to target ads to them to fund web publishing. They’ll be willing to barter their data for the bounty of the internet. It’s just that no one has ever clearly laid out the terms of the deal to them. “The third-party cookies didn’t really transparently explain the value exchange, and I think that’s on adtech,” Clinger said. “We did a bad job of telling that story to consumers.”

Consumers will not escape tracking as a result of the ongoing changes in the digital ad industry. This is, after all, an attempt at self-regulation from an industry that has convinced itself, rightly or wrongly, that it needs extensive user data to generate value—so there’s no way it will create a new system that doesn’t give advertisers access to plenty of user data. Changing that fundamental reality would require government intervention.

But the industry may, at least, become a little more transparent about the terms of the deal it’s striking with consumers. And consumers, in turn, may be a little better equipped to make decisions about when to trade their data away.


Source: The death of third-party cookies will reshape digital advertising — Quartz

Cookie changes will force some publishers to give up on advertising

This article is part of the Digiday Privacy Preview, a digital issue of stories examining what the coming changes to Chrome and iOS will do to the worlds of media and marketing. Read the rest of that coverage here.

More than $10 billion worth of digital ad revenue rides on the media industry’s ability to figure out how to function without third-party cookies. But many of the industry’s smallest publishers are taking a passive, even defeatist approach to pursuing that money.

A full half of small publishers plan to rely more on non-advertising sources of revenue when third-party cookies are phased out at the end of 2021, according to a survey Digiday conducted in the first quarter of 2021. Digiday asked 114 publishing professionals how their organizations were responding to the changes Google is making to the digital ad ecosystem.

That’s compared to about 30% of publishers that generate more than $50 million in annual revenue and a similar percentage of publishers that generate between $10 million and $50 million in annual revenue.

Sample: 114 publisher professionals
Source: Digiday Research 2021 Publisher Survey

While the media business has looked different for bigger and smaller publishers for years, the coming changes may mark the unofficial end of a long, futile struggle for publishers to turn digital advertising into a sustainable stream of revenue. More than two decades after the first banner ad was sold, digital advertising has grown so competitive, and so complex, that small publishers are beginning to disengage from it.

Most cannot hire the talent needed to stay at the bleeding edges of programmatic advertising. Many do not have the development resources required to meet the market’s changing brand safety and viewability standards.

And none can, or will ever be able to, offer the scale necessary to attract many direct buyers.

And so, after years of being scolded by Google and different trade groups for being too reliant on print advertising, many of the smallest publishers are instead admitting that they have brought knives to a gunfight, where the largest combatants have fielded entire battalions of robot soldiers.

“The big tech platforms and the mega publishers have the resources to swim in these waters,” said Ken Harding, senior managing director and global publishing leader of FTI Consulting. “Everyone else is floating along, and they’ll take what they can get…maybe you plug in where you can, you get your $1.15 CPM, but you’re not going to invest.”

While many small publishers spent years watching expectantly as their digital ad revenues grew from a small base, even that promise has begun to fade. Harding said that, in recent years, smaller clients have actually begun to see their digital ad revenues decline, with last year’s coronavirus shock delivering the toughest blow yet.

Faced with the prospect of having to turn around a declining revenue stream, or invest in an area like subscriptions, “the question is: ‘How much do we want to invest in something we can’t control?’” Harding said.

In theory, digital advertising ought to be easier to sell because there is less friction in the connections between audience, publisher and advertiser. In practice, particularly at the local level, publishers have had trouble drumming up interest in their inventory, either among the small businesses who remain comfortable buying print ads or among national advertisers who are too busy to bother setting up dozens of deals with smaller outlets.

The changes looming on the horizon will exacerbate that dynamic even more.

“Without third-party cookies and targeting, they don’t have the scale to compete,” said Fran Wills, the CEO of the Local Media Consortium, a trade group that negotiates preferred rates with vendors and platforms for over 5,000 local news publisher sites. “They aren’t necessarily engineers or digital experts, nor do they have the time or the resources to keep up.”

Wills says that a growing number of LMC members have begun asking for a managed service that would allow them to wash their hands of managing their own digital advertising.

The LMC took a tentative step in that direction in the first quarter of 2021, launching the pilot phase of a product called NewsPassID, a single sign-on technology meant to provide a foundation of first party data for an ad network set to launch later this year.

Wills said a number of working groups will use the pilot phase to determine, in part, how to adapt NewsPassID to make it easy enough for even the smallest, most strapped members to implement it.

But even if the challenges in digital advertising are being felt most acutely by small publishers now, they are not the only ones looking for relief.

“More and more we’re seeing bigger and bigger publishers working with us, because it’s so hard,” said Paul Bannister, the chief strategy officer of Cafe Media. “It’s all hard and it’s getting harder.”


Source: Cookie changes will force some publishers to give up on advertising

How Ad Targeting Reinforces Bias – AdMonsters

It’s a harrowing time.

First, we were hit with the COVID pandemic, and in recent weeks, protests and discussions about racial inequities in America have taken the main stage.

Businesses are questioning their operating practices (or sometimes being called out for them and canceled) and uncovering how unconscious biases might play a role in everything they do—from recruitment to product development to marketing. The world of digital media and advertising has long been fraught with its own set of diversity challenges, but maybe now is a time where actionable plans and strategies can be put in place to bring about actual change.

Earlier this week, in our Wrapper newsletter, I brought up the topic of ad targeting bias, nudging the industry to start thinking about a solution. On a visit to Twitter later that day, I discovered that I wasn’t alone.

Right in my feed, Gizmodo’s enterprise reporter, Shoshana Wodinsky asked the question: “are there any concrete digital ad rules wrt racially targeting/tracking a given user? outside of fb’s 2018 settlement, i’m not seeing…………….. much of anything.” To which she added, “genuinely asking here, bc after doing 20 minutes of digging into the ways data orgs infer (or explicitly pull) racial data from……………………. all of us, i’m kinda getting genuinely concerned.”

Her question prompted deep conversations about weblining and digital redlining, which relate to how personalization can lead to discrimination and bias in terms of exactly which advertising is presented to an individual based on demographics such as race, gender or location. It’s not something that’s illegal, but it’s closely related to the practice of redlining—explicitly denying services based on race or zone pricing—which most certainly is.

These are some instances where personalization can go all the way wrong.

AdMonsters friend, Aram Zucker-Scharff, Ad Engineering Director for RED at the Washington Post, wrote one of the most informed and thoughtful responses to Wodinsky’s question. It was so good, we asked him if we could post his Twitter thread in its entirety, here it is:

Hopefully, you made it all the way through Zucker-Scharff’s full thread. It’s quite the worthy read.

Wodinsky and I also had another conversation that sprang from her original question about racial ad targeting. It’s clear that targeting to the right person at the right time can lead to some terribly bad practices and although they’re not illegal, they can lead to some of the worst cases of injustice.

Here’s a couple of follow-up questions for the ad-tech community at large: Can we have targeted advertising that is also fair and unbiased? And will it require a set of regulations to get us there?


Source: How Ad Targeting Reinforces Bias – AdMonsters