Our response to COVID-19  Learn More


Life After Death of the Third-Party Cookie

With third-party cookies going away, many companies are figuring out new ways to manage attribution. We sat down with MetaRouter’s Head of Product, Greg Brunk, and Lead Site Reliability Engineer, Mike Yeager, to get their take on what this change looks like, who it impacts, and how the internet will function in the future. 

Why are cookies so important?

Greg: Cookies evolved as a hybrid need for browsers to be able to both store data about users and persist that data across sessions (e.g. autofill your name and address). As the process changed, developers and third party services carved out their own specific ways of using cookies, but there was very little cross collaboration. 

Then as technology and ad tech evolved, so did the concept of bidding, supply side advertising, demand side advertising and the need to track users around the internet. Now they are hugely important across the AdTech and MarTech industry, critical for personalization and anything that relies on identity.

Mike: Exactly. When advertising first started on the internet it was very contextual. People would say, “Hey, I sell basketballs! I’m going to go and find sites that are sports sites: ESPN, Fox sports and NBC sports and I’m going to target my users there.”

But going to ESPN to target for basketballs became unrealistic because it would be expensive to display ads on ESPN. So, what about if you knew that the same user who went to ESPN also goes to Joe’s fishing blog? We can target the same user, but so much more efficiently. 

Identification became more and more powerful as we realized that the same user who liked sports and visited ESPN not only visited Joe’ fishing blog but also loves Disney World. Suddenly, Joe’s fishing blog benefits from being able to identify the user. Their ads became worth a lot more, making it really prudent for these publishers to maximize that identification piece. That’s the supply side advertising Greg mentioned.

Meanwhile, the demand-side became really important from the advertisers’ perspective. If you’re looking at shoes on, say, roolee.com, Roolee really wants to know where that user goes because they want to be able to target that user again with additional ads or let you know when they’re having a sale.

So why are they dying? 

Greg: The general public wasn’t aware of a lot of what’s happening behind the scenes. They’re paying closer attention to the security of their financial information, personal information, and private data

For brand reasons, companies like Apple have given users more control over all the information that’s being shared via their OS and browser (Safari). So now others are following suit, like Firefox and Google, and trying to show they care about your privacy and your data by giving you features and controls to allow you to lock it down a little bit more. 

Of course, the other side of that is the government is starting to push privacy, too, because they’re supposed to be representing their constituents. In the face of growing unease, they’re shipping regulations like GDPR and CCPA to give privacy control back to consumers.

Does this mean all cookies are getting wiped out? 

Mike: Not at all. First-party cookies scoped to a domain are alive and well. ESPN.com collects cookies for ESPN. That’s why companies like Facebook aren’t worried—they can still collect any info they need from users and easily advertise within their own domain. 

Second party cookies are first-party cookies called from a different page. If Joe advertises on ESPN and somebody clicks on his ad, bringing them to Joe’s fishing blog, then Joe gets that cookie too. Those are alive and well, too.

The cookies getting killed are third party cookies. A third party cookie is a cookie that is never placed in a first party domain. For example, I know Joe’s fishing blog is tracking me when I visit their page directly, but I have no idea that LiveRamp or Media Math are tracking me too. It’s these third party cookie providers that are the names you’ve never heard of—the LiveRamps, the Trade Desks, the AppNexus’s of the world—that are going to be in a bad spot. 

Greg: Yeah, for certain players, this change means nothing. Mike mentioned Facebook. They don’t need to worry about advertising elsewhere because the primary way that they make money is by showing you advertising inside the Facebook feed. 

However, if you advertise all across the internet, you have this much bigger complicated problem to try to solve. 

Mike: The other big name out there, which is going to get bigger and bigger, is Amazon. Google, Facebook, Amazon, these are called the “walled gardens.” When you’re doing a Google search, you know you’re saying, “Here’s my information. Here’s what I’m interested in.” But that’s the price of having a service, so to speak. 

The other players are fighting for democratization of this data. The future is going to be debating democratization versus earning. Has Google, for example, earned the right to use all that data, just because they’re a search engine? And is it fair that Trade Desk and LiveRamp are collecting info behind the scenes?

I think the removal of the third party cookies is trying to level set. They’re going to have to be replaced with some other identification in order to keep the internet to stay free. Advertising has to exist; otherwise you have to pay $2.99 a month for every website on the planet because somebody’s got to make money. 

So what are our options when it comes to identification?

Greg: It seems like there are three major efforts happening. The first is full democratization of data, which is what Mike is talking about. Nothing’s private, everything is public domain, everybody is just the same dataset. By using the internet, you sign off on the fact that pretty much everything except maybe your financial data should be completely public and democratized and you just accept it. If you don’t like it, don’t use the internet.

The second major play is to try to get everybody on the same page by assigning a centralized identity similar to what Apple did with their ID. It’s not personally identifiable, just a random string of symbols that everybody can agree is you. Then they can all build private datasets and match against a central advertiser. If people needed to communicate and share those datasets about you, they would at least be doing it based on a centralized singular ID and not based on your email address or by inferring things based on your IP address. Nobody’s talking about you behind your back with your private data. 

The third is the option is the one I personally think is gonna win but is also the hardest one to figure out. Most likely, someone like Google would have to own this to do it right or at least do it well. (Whether it’s good for people is a whole another question.)

But in this scenario, you never get targeted based on what you, specifically, have done. You get targeted based on what groups you fall into. Nobody will be looking for a person that lives on a certain street. They’ll be looking for, say, people that are in their forties, who lean conservative, and have an interest in fishing. There would be a central data set similar to what Facebook has done by creating archetypes around you. Maybe you fall into 30 or 200 or 7,000 different archetypes that allow you to be relevant to different advertising categories.

How would this work? 

Greg: One way is the advertisers would get a list of archetypes and they can choose what ads to serve up to you based on that. It could be similar to an Apple ID, but more like an internet or even advertiser ID. You’d sign in with your advertising profile to use the free internet and every advertiser on the planet would see what sort of marketing categories you fit into.

The problem is actually more that the archetypal information you’ve gotten access to hasn’t been very high quality, so the proof in the model is Facebook. They seem to have the world’s most effective advertising mechanism on the planet and it’s why everyone is so crazy suspicious of them all the time. They’re so good at knowing what you want and what you’re interested in. 

Mike: I think the blurred line there is retargeting. To Greg’s point, retargeting would be considered an archetypal model, but maybe more time-relevant. You’re not going to advertise for a basketball every day, but if you know when the user is going to be buying a basketball, that’s a chance for everybody to have a chance to say, hey, you should come check out my store. I can get you a great deal on a basketball. 

I think you’d be hard pressed to find anybody who doesn’t want to be given all the information about their options in a relevant and easy-to-find manner that’s going to be beneficial to the consumer.

So what is MetaRouter’s role in this? 

Mike: Our customers use marketing and advertising tools—we won’t get into the technicalities of what we do, but we give control to the first-party so they can manage exactly what data gets to which third-party sources. Because we offer an unprecedented level of control, our technology allows attribution without using third-party cookies at all. 

We care deeply about data privacy and security—that’s why we exist—so we help organizations keep their customers’ personal data completely safeguarded. Our customers can continue to optimize their marketing and advertising by using the MarTech and AdTech tools they want, while knowing that their attribution is happening in a safe way. 

But that’s a whole ‘nother Q and A!