A (cookie) bridge too far

When we said we wanted a cookie replacement, we didn't mean THAT

Why does so much ad tech and martech marketing suck? Joe Zappa joins the pod to explore this subject. And in this week’s ad tech controversy, we talk about SSP ID shenanigans and “ID Bridging”.

Enjoy Marketecture? You should also subscribe to:

Vendor interview: XR (ExtremeReach)

You want your creatives delivered to media companies, but that just doesn’t seem like enough anymore? Well now you can get it, to the EXTREME.

XR is the new name for a company that’s been around for a long time. Their archives include cigarette ads, so we’re talking Don Draper era. But you might better know XR as ExtremeReach, or maybe even DV Fast Channel.

This company is at the heart of much of the advertising creative workflow, and if you’re asking yourself “couldn’t I just send the file by email”, well then we’ve got the answers for you in this interview with President Jo Kinsella.

Watch the interview with Ari, free for a week before going behind the paywall.

Reminder: Vendor Interviews are always free for 1 week, then are subscribers-only. Subscribe for only $39/month.

Podcast: Why ad tech marketing sucks, with Joe Zappa

Joe Zappa has joined the short list of hired guns to call when you need to fix your ad tech marketing.

We try to answer some deep questions, like “why won’t you tell me what you actually do”, and “how is this different from everything else.” Also, “will Eric and Ari start a TikTok?”

Listen to the pod now:

A bridge too far?

On the Marketecture podcast we’ve mentioned a couple of times the trouble brewing in the bid stream around unreliable and undocumented identifiers being used to replace the declining third-party cookies. This week Catherine Perloff at AdWeek broke this story with a lot of detail. I’ll do my best to add to it, but her article is a must read.

No ID, no service

Hawaiian ID

We all need IDs

First, we all know that auctions without IDs monetize far worse than those with IDs. The benchmark/conventional wisdom for Safari is 30% of the monetization of Chrome. There’s a pretty big incentive to have IDs in the auctions if you’re selling media as a publisher or an SSP.

Second, while we’re all getting excited about moving to the cookieless future (woo hoo!), some of us are moving a little slower than others. Most DSPs were built primarily for the purpose of buying audiences, using cookies. As an unexpected result, when the ID is not present in the bid request the DSP may do strange things, like not bid at all.

Third, and most perniciously, advertisers and agencies may put undue faith in the veracity of deterministic IDs and may not readily be able to test or verify that those IDs are, in fact, deterministic. After all, isn’t a hashed email a real, verifiable data point? Yes, but it might not match the auction you just bid on.

The mechanics

The AdWeek article goes into some depth on how this works. Here’s some bullets to make you seem smart:

  • ID Bridging (new term for me, too!). If you don’t have an ID for a user, you use the IP address to see if you have an ID on a different browser or OS, then send that;

  • ID Bridging for deterministic IDs: Basically the same as above, but you are resolving to what is supposed to be a reliable and persistent ID such as RampID or UID2;

  • Fake cookies / SSP cookies. Some SSPs are putting IDs that they know are unreliable or transitory (i.e. will be deleted almost instantly) into the bid stream to game the DSPs into bidding outside of frequency caps.

You set a cookie on Safari the first time, they grab that ID in the sync request and then probabilistically reinsert it on future bid requests

—Anonymous DSP exec

A quick primer on ID taxonomies

Wow, that might be the most dry title I’ve every penned. Please don’t unsubscribe, this newsletter feeds my family.

A lot of the controversy over these IDs is about declaration and disclosure. Just as in dating, it is fine to be 5-foot-2 and 300 pounds, as long as you say that in your profile. Yes, I am fat shaming SSPs.

The Open RTB spec (oRTB) has a lot of flexibility in how they let the user’s identity be represented to the buyer.

oRTB Field

What is it?




If the DSP is hosting the match (not commonly used)


DSP ID or mobile identifier

If the SSP is hosting the match and passed the DSP’s cookie, or if the device provides a persistent identifier

eid (object)

Any other IDs, along with their sources

This is where you would put extended IDs, like ID5, Lotame, RampID, UID2

So if you want to boil down all this controversy into something very simple, it is SSPs using the user.buyeruid parameter for an identifier that should more rightfully be in the eid object.

What is deterministic, exactly?

This fascinating discussion on X, embedded below, needs some parsing. Keith offers a service to manage IDs for publishers, while Jud is an executive at The Trade Desk. Keith is asking about the case when a publisher probabilistically “bridges” a UID2, and Jud seems to say that’s fine, as long as it is declared as such. Not sure if that’s TTD’s policy or if he’s just making the point that I was making above about proper taxonomies, but the accuracy of deterministic data is definitely a trend to watch.

twitter thread

Impact on advertisers

To start with, this is a form of ad fraud. I don’t see a meaningful difference between spoofing the URL an ad is coming from (which we all agree is fraud) versus spoofing the ID of the user the ad will be served to. You can make the argument that it is an approximation, not a deception, but there are clear ways to execute that in the oRTB spec, so failure to do so is fraud.

The impact of these shenanigans varies by what’s being done.

Fake cookies:

  • Ads serve above frequency targets with no obvious way to detect

  • Ads serve to no-cookie environments when cookies are expected

  • Click-through and view-through attribution show zero results (since the cookies never match)

ID bridging:

  • Mis-targeting of individuals within the same household (same as pure IP targeting)

  • Highly improper media targeting when IP bridging is used on Wifi, data center, or cell tower traffic

Moving forward

On the one hand, the incentive to play loose with IDs will be increasing as signal loss continues. On the other, this sort of thing is pretty easy to detect for DSPs, so I think companies will be told to clean up their acts or risk losing demand. As a result, we’re likely to see a lot more stuff get shoved into the eid object moving forward.

Reading list

Join the conversation

or to participate.