Identity Resolution

Getting Addressability Right—Why Fingerprinting is Not the Answer

March 10, 2021  |   Travis Clinger

We’re now closer than ever to the end of the third-party cookie, and in March we expect to see AppTrackingTransparency (ATT) rollout as well, changing the way mobile in-app inventory is made addressable. As a marketer or a publisher, you’ve likely been inundated with solutions for a post-cookie world and the fact is, you need more than one. There’s no silver bullet for the end of the cookie or the diminishing IDFA, instead you’ll need a mixture of authenticated, cohort, and contextual solutions to achieve your goals, each with its own pros and cons. Contextual works across all browsers, while the browser-based cohorts may only work on an individual browser. Authenticated identity is cross-device and people-based, but will not have 100% scale—it’s more likely that 30% of the Internet will be authenticated. With no solution that clearly replaces the cookie 1:1, we have seen a nefarious technology start to rise claiming to be that silver bullet—fingerprinting. Fingerprinting has no place in the post-cookie world. As an industry, we must reject it and lean into consumer privacy needs. We must remember that the reason we lost the third-party cookie and saw the diminishment of the IDFA is because we lost the trust of the consumer. Fingerprinting offers a technical solution that only deepens the trust deficit between marketers, browsers, and end-users. 

The inherent risks of fingerprinting

Fingerprinting aggregates browser and/or network signals, including user agent, screen resolution, installed fonts, operating system, and device model to create a “synthetic” ID in place of a cookie. These signals were not meant for creating IDs, they were intended to enable consumers to view an optimised web experience or to power the infrastructure of the Internet itself. The main problem with this “off-label” collection and use of these signals and the creation of the ID is that they are not transparent to the consumer and consent, or the choice to opt out, is difficult at best. Fingerprinting has been condemned by every major browser and is under regulatory scrutiny as well. While fingerprinting may offer instant scale for targeting and measurement, it does so at an enormous cost—the trust of the consumer. 

Simply put, fingerprinting is unacceptable technology that is dangerous to the advertising ecosystem and the consumers we serve. 

Today, during my panel at the IAB ALM, LiveRamp pledged to stand against fingerprinting and called upon the industry to do the same. Publishers, platforms, and marketers—we must reject solutions that do not uphold consumer trust, transparency, and control. Please join us in committing not to use fingerprinting technology. Be wary of anything also referred to as probabilistic signal identity. If it involves non-authenticated elements being pieced together to create a new identifier, it’s likely fingerprinting. 

In this pledge against nefarious technologies and towards a better ecosystem, we were joined by the following partners: 

“We have an opportunity within the digital marketing industry to rebuild the construct of identity with a focus on transparency and respect for the user. As part of this new construct, transparent user authentication should be the standard for one-to-one messaging. That is the only way we can sustain targeting, personalisation, and measurement in a free and open internet.” —Rob Auger, SVP Head of Media Technology, Digitas

“Magnite has long been opposed to fingerprinting, which we define as using signals such as UA and IP address in ways that are not consistent with consumer privacy and consent,” said Tom Kershaw, CTO of Magnite. “This includes the probabilistic linking of first-party values in device graphs. It is absolutely critical that we as an industry come together and act as a community to stomp out this practice. The trust of consumers and the safe functioning of the Internet is literally at stake.” 

“At Microsoft, we’re committed to enhancing consumer privacy and believe that consumer authentications are an essential part of supporting an ecosystem rooted in trust. That’s why we will not support future solutions that leverage non consented user signals as we believe this approach does not provide the appropriate consumer choice and consent. We strongly believe that fingerprinting is not the answer, and are actively collaborating with industry partners, like LiveRamp, to solve for the deprecation of third-party cookies while keeping consumer transparency and choice at its core.” – Jeff Nienaber, Senior Director, Global Audience Ads at Microsoft Advertising

Emerging privacy-centric methods 

Authenticated people-based identity

The current gold standard is authenticated people-based identity. Why? Consider that walled gardens have thrived because of people-based identity. Now the open Internet has the chance to achieve addressability parity with walled gardens. LiveRamp’s Authenticated Traffic Solution (ATS) allows for greater reach, including across previously unaddressable environments such as Safari or Firefox, people-based targeting, frequency capping, and better measurement. Further, ATS is omnichannel and can be deployed across display, mobile in-app, and connected TV publishers. ATS is also neutral and interoperable with other authenticated identifiers, such as UID 2.0, creating consistency across advertising to improve attribution and measurability for marketers in a transparent way in their chosen environment. Most importantly, ATS is rooted in a trusted value exchange where authenticated consumers have consented to share their identity with the publisher. ATS does not co-op data and it doesn’t use log-ins from one site to power another, it connects authenticated publisher inventory to marketer demand across the advertising stack. And because it relies on publisher first-party data, publishers remain in the driving seat, controlling the activation and use of their data. 

Cohorts 

Google’s Federated Learning of Cohorts (FLoC) is another post-cookie solution that helps marketers reach individuals by clustering large groups of people with similar interests. This method “masks” the individual by placing them within a crowd and is done via browser processing. Since their web history can’t be exposed to third parties, this method is private and secure. Even though the browser maintains the cohorts, they can be used by any adtech platform. Cohorts also aren’t new—they are similar to lookalike audiences and how digital advertising has been bought for several years. Keep in mind that cohorts aren’t individuals, so the larger the cohort, the greater the chance of diversity within the group, making it a challenge for marketers to personalise, measure, and attribute their campaigns. Google’s proposals are still being actively debated, so there may be additional “gotchas” to come. FLoCs are one example of cohorts, but there are other browser proposals, like Microsoft’s PARAKEET and also cohorts built on publisher first-party unauthenticated data, to enable direct and private marketplace (PMP) buys.  

Contextual advertising

Contextual advertising has existed for a long time. Aligning advertising to keywords and topics on a page can yield meaningful results. The benefit of contextual is that it works on every site. The downside is that it’s imprecise, difficult to measure, and based solely on the context of the browser session at that point in time. When combined with other solutions, like cohorts and authentications, it can be a powerful tool, though similar to FLoCs, personalisation, measurement, and attribution are a challenge. 

Whatever the solution, we should all work towards building a better and healthier advertising ecosystem. 

  • Marketers: don’t buy inventory enabled by fingerprinting or use it for measurement.
  • Publishers: refuse to partner or integrate with anyone using fingerprinting and remove their tags from your pages.
  • Platforms: avoid any solution that uses fingerprinting technology and don’t enable it in your platform.

The path forward can’t be a step backward when it comes to putting the consumer and their privacy first. 

If you would like to know more about LiveRamp’s Authenticated Traffic Solutions, reach out to ats@liveramp.com