8 Ways to Target Ads Without Third-Party Cookies
By 2022, the three most popular internet browsers will have phased out third-party cookies. But marketers will still want third-party data — the anonymized behavioral information they buy and use to target digital ad campaigns — according to Lotame CRO Jason Downie.
They’ll just have to get it another way.
In 2018, American companies spent roughly $18 billion on third-party data, and Downie doesn’t see that demand flagging. Companies will always want more behavioral data than consumers will give them directly, he predicted.
It’s not just because more data means more precise ad targeting and better conversion rates. It’s also that some marketing teams don’t have an organic way to collect first-party data from their customers.
Take a soda company, like Pepsi or Coke. “They’re disintermediated from the consumer,” Downie explained. “You go into a convenience store and you buy a Pepsi, and the clerk’s not going to be like, ‘Hey man, give me your email.’”
So how do soda companies, and other “disintermediated” companies, reach their desired audiences online? Third-party cookies were just one of many possible solutions.
We asked a handful of experts, including Downie, what the targeting techniques of the future might look like. They named a total of eight. Some of them are still emerging; others are already here.
The Replacement User IDs
The third-party cookie doesn’t just track online behavior — it also labels all of it, across websites and social platforms, with the same alphanumerical ID. It functions as a kind of anonymized nametag for the user. What other technologies could do the same job?
First- and third-party cookies collect information in similar ways, on a technical level. The distinction between the two lies in where they send that information: first-party cookies relay it to the owner of the web domain the user has chosen to visit, and third-party cookies send it to outside data aggregators.
But once browsers disable third-party cookies, “companies absolutely will innovate on their first-party data strategy and fill in some of the holes created by this third-party vacuum,” John Hyland, VP of publisher solutions at Centro, predicted.
The New York Times, for instance, will drop third-party data from its ad ecosystem in July. Marketers advertising in the digital Times will still be able to target a choice of 45 audience segments, though, based on the paper’s first-party data.
Meaningfully targeting based on first-party data requires scale. “This can only work because we have six million subscribers and millions more registered users that we can identify and because we have a breadth of content,” Allison Murphy, senior vice president of ad innovation at the Times, told Axios.
For smaller publishers, an effective first-party data strategy may require joining a larger media group.
Even then, first-party data poses problems for marketers that still need to be worked out. For one thing, it’s balkanized into what those in the industry call “walled gardens.” That makes it hard to compare one publisher’s audience to another — each publisher might collect different types of first-party audience data.
“There’s no standardized framework,” Group M’s Krystal Olivieri told Digiday.
At least, not yet.
Third-Party Cookies Disguised as First-Party Cookies
One potential route to standardization involves injecting first-party cookies with third-party code. Like normal first-party cookies, these sleeper cookies would only work on their native web domains. However, they would still relay some data to third-party aggregators.
This workaround can, for instance, tell a third party which website a user is visiting, their username on that site, their IP address and their browser specifications, among other things, explained Osano CEO Arlo Gilbert.
“It’s not quite as good as a third-party cookie for [marketers],” he said. “But technically, they can get like 80 percent of the value that they would get from [third-party cookies] from the new method.”
A user’s IP address — which conveys information about their device and their network — offers another, cookie-free tracking ID. The IP address is a relatively evergreen identifier; when it comes to desktop devices, especially, IP only changes when the user gets a new computer or router.
“My IP address at my house in Austin hasn’t changed in two years,” Gilbert said. “IP addresses on their own can actually be an extraordinarily powerful signal for advertisers.”
For laptops, IP is more complicated; it changes whenever the user changes locations. People hoping to mask their IP addresses can also do so using VPNs.
Still, while first-party cookies offer a way to track behavior within walled gardens, IP addresses offer a decent way of tracking users as they hop between walled gardens.
Fingerprinting can happen at the browser level or the device level, and, essentially, it combines all the public, mundane backend specifications of your set-up — the size of your screen, the fonts and plugins you have installed, your IP address — into one unique ID.
Though screen size on its own isn’t a particularly unique identifier, the whole matrix of specifications can identify a user with a 99 percent accuracy rate, Gilbert estimates.
Fingerprinting is hard for users to manually prevent, because the information within the fingerprint gets publicly transmitted with every browser request. Unlike dropping a cookie, scraping fingerprint-relevant details doesn’t require special permissions or notification.
However, some browsers have begun to combat fingerprinting by sending out noisy data shot through with false information, Gilbert noted. Users can also change their fingerprints by switching browsers, installing or de-installing new fonts, connecting to a VPN, etc.
The Database That Merges the IDs Together
None of the above IDs are completely evergreen. But some marketers are working to map, and connect, user profiles across the internet.
The Identity Graph
This database uses machine learning algorithms and user-provided IDs — like email addresses and site logins — to bundle activity across platforms and devices into holistic individual profiles.
This is a complicated, error-prone process. By one estimate, the average person accesses the internet on four different devices every day. The demise of third-party cookies will fracture data on individuals further, making it hard to connect a user’s activity from device to device and from domain to domain.
However, algorithms can spot certain signals that devices belong to the same user. For instance, if a phone is located near a smart TV between 6 p.m. and 7 a.m. most weekdays, they probably belong to the same person, Downie explained.
That’s just one potential connection too. “There are a lot of things that can go into a graph,” Downie said. “There are a lot of inputs.”
Alternatives to Tracking
If marketers gave up on targeting programmatic advertising based on individual user behavior, they could ensure relevance in other ways.
Federated Learning of Cohorts
Initially proposed in the Google Privacy Sandbox, this approach could replace ads targeted to individuals with ads targeted to groups with shared interests. At a technical level, it would involve a machine learning algorithm crawling each user’s data — without porting it off their personal device — and assigning them a behavioral cohort, or “flock,” based on a global behavioral model. Some cohorts might be interested in celebrity news; others might focus more on political commentary.
Marketers would be able to target ads to cohorts, but not to specific users’ browser history; that type of information would no longer be public.
In other words, Downie explained, instead of having information like, “ID 12345 read this particular E! News article on Kim Kardashian,” advertisers would instead have access to more general information like, “These 10 IDs often read about Kim Kardashian.”
The underlying training technique here, federated learning, has proven effective for training machine learning algorithms on decentralized data sets. Though it takes longer, researchers have found it ultimately 99 percent as accurate as traditional algorithmic training methods; it has already made substantial inroads in the healthcare industry.
Its programmatic advertising applications, though, remains in the ideation phase. It’s not yet clear how browsers could design flocks specific enough to be valuable to advertisers, but general enough to protect user privacy.
Contextual analysis helps marketers target ads based on the content of the website the user is visiting, rather than that user’s personal profile. It might mean a user visiting ESPN.com might see ads for sports paraphernalia, or that a user reading about a musician might see an ad for that musician’s upcoming arena tour.
On a technical level, this type of targeting requires algorithmic analysis of text, images and video — in other words, “reading at scale.”
First, it finds the meat of the article on the page, Weiner said — which means differentiating it from any sidebar and header ads. Next, it parses the body text, headlines, image captions and the like with natural language processing; at the same time, it uses computer vision to parse the main visuals. Finally, it blends its textual and visual analysis into one cohesive report, which it sends off to ad servers.
This report may not be for human eyes, but it’s quite detailed. It slots the page into a general category, like sports, and documents the most prominent keywords. It also notes whether or not the content addresses a time-sensitive event, like a holiday, or the Olympics. Another section focuses on the tone of the page: positive, negative or neutral? (This is more about sentiment than content, Weiner said; if the writer were delighted by a tragedy, that would read as “positive.”)
The report assesses “brand safety” too, flagging possible threats with machine learning algorithms. Lately, Weiner said, GumGum has been training Verity’s algorithms to recognize hate symbols.
Though there are cultural nuances that contextual analysis algorithms still struggle with, the technology is currently on the market, and growing more precise as new and improved training data sets emerge.
Another approach to ad relevance: matching ads not to the user or the content they’re consuming, but to current events. This is called “cultural marketing,” and though it’s not as consistently useful as the other types of targeting, during certain cultural moments — say, during the Olympics, or amid the coronavirus pandemic — ads linking a brand constructively to front-page news can be very successful.
We covered this in an April feature on email marketing during coronavirus:
As a growing number of states shelter in place, it makes sense for brands to give regular customers updates on practical matters: health and safety protocols, or the availability of delivery and essential services, like Wi-Fi.
But when a company emails its entire client list after years of silence, or sends an email more to praise itself as a “do-gooder” than to serve customers, it can backfire. It feels like “jumping on the bandwagon,” [according to] digital marketing consultant Melanie Balke.... [During] this time of unprecedented fear and economic dislocation, cultural marketing needs to walk a fine line. Brands don’t want to look like they’re ignoring coronavirus, or attempting to cash in on it.
This isn’t just specific to the coronavirus — with the current wave of police brutality protests, too, cultural marketing needs to walk a fine line between ignoring the issue and exploiting it. Another challenge of cultural marketing: News often isn’t “brand safe,” which has led to layoffs at many ad-supported news outlets during the pandemic.
However, it’s worth noting that ad targeting has at least three dimensions: who’s reading the ad, where on the web they’re reading it, and when they’re reading it.
More dimensions and approaches will surely emerge, too, as the end of third-party cookies draws closer.