What Anchors Identity

August 5, 2020  |   Travis Clinger

There’s a lot of talk about solving for identity while maintaining an individual’s privacy: how it will or should work, and whether or not these solutions meet the ethical bar and put individuals first. It’s time to go beyond the smoke and mirrors, and have a frank conversation about the complex nature of identity. 

Let’s start with first-party cookies. When people ask about the deprecation of third-party cookies, more than a few will say that they use first-party cookies, and that first-party cookies are unaffected by the browser changes. While it’s true that first-party cookies are unaffected (or minorly affected), it’s important to recognize that first-party cookies are a domain-specific identifier, and while they can store other identifiers, they are themselves not cross-domain. Any identifier can be stored in the first-party cookie—it’s a very common practice to store third-party cookie IDs within the first-party cookie to reduce page load times and give more time for the SSP/DSP to fund the auction. The limitation is that it is technically impossible to read a first-party cookie from anywhere other than the originating site. First-party identity has to be anchored to a portable identifier for a marketer to be able to buy, frequency cap, and measure cross-domain. That’s where the third-party cookie comes into play—it has been the glue that’s enabled cross-domain advertising and measurement. Unfortunately, the industry did a bad job of explaining the value exchange involving third-party cookies, and it has caused consumer confusion and mistrust. 

Fast-forward to today—when a number of identity providers say they have first-party identity, but there are only a few ways that could be true, and not all put privacy-first. One of these solutions is the pariah of the ad tech world: fingerprinting, also called signal-based identity. Fingerprinting is a probabilistic method that relies on a combination of user agent, operating system, fonts, screen sizes, and often much more to determine identity. The idea is that if you collect enough individual pieces of information about the consumer, you can build a fingerprint that is associated with that user. If the user logs in on one site, then anywhere you see the fingerprint you apply the login. The problem is that it’s not very transparent to the consumer, and it’s often inaccurate. Not to mention it’s opposed by all major browsers. Another proposal is to build a common first-party domain, i.e. all publishers would exist on one domain. While this could technically work, it has commercial issues: every publisher would have to agree to be hosted on the same domain and this solution could be easily disabled by the browser. We’re also seeing proposals of putting hashed emails directly in the bidstream. While collecting authentications is the right first step, putting personally identifiable information (PII) in the programmatic bidstream is not. We need something much more secure and privacy-centric. 

LiveRamp’s Authenticated Traffic Solution (ATS) is another option that establishes scaled identity without relying on third-party cookies. ATS puts privacy and security first through trusted and transparent first-party authentications consumers have with brands and publishers. 

LiveRamp’s ATS solution is anchored to a pseudonymous identifier. This is done via a registration and log-in on every site that uses ATS. If a publisher doesn’t have a relationship with a consumer, ATS will not identify the consumer for that publisher. We’re not building a co-op, but instead an identity infrastructure that all publishers can use to connect their disparate first-party identities. As one example, individuals can confirm their identity by providing their email address or phone number on a publisher’s website. This act of direct or “first-party” authentication happens and requires participation and consent from the individual—a clear signal that a fair-value exchange occurred — first-party for free content and a personalized experience.

On the technical side, ATS converts the log-in into an IdentityLink (IDL) envelope, which is a secure container for encrypted IdentityLinks that look different to every partner in the ecosystem and are indecipherable to an outside observer. IdentityLinks are encrypted separately for each customer or partner who leverages IdentityLink. Without access to secure APIs or hosted applications, different entities who use IdentityLink cannot share or overlap protected data. However, if both parties agree to data access, LiveRamp can provide the identity integration layer. Think of translation software—one person may speak French and another speaks Japanese. Much like a Rosetta Stone, IdentityLink enables French and Japanese speakers to converse with one another in their own language. So brands and publishers can connect data directly—and with their partners—more accurately, with little to no data loss.

After the data is connected, IDLs are never stored. Technology partners such as DSPs (demand-side platforms) each have an IDL encoded uniquely to them, and we’ve built real-time technology that enables SSPs to decrypt the IDL envelope and send the appropriate IDLs to the DSP. DMPs (data management platforms), CDPs, personalization, and measurement platforms can also retrieve the envelope and, if permissioned by the publisher/or marketer, convert to an IDL. This enables publishers, platforms, and marketers to transact programmatically on a people-based identifier ethically and securely at scale. 

When assessing identity providers, ask them for details of how they build their identity. Identity is complex, but it can be explained, and your identity provider should share the details with you so you understand the technology under the hood. You’re trying to solve for the erosion of trust with consumers, not head down the same path. 

Today, we challenge every identity provider to be transparent with their clients and explain how their solution actually works.

When it comes to solving for a world without third-party cookies, the advertising ecosystem will not survive using smoke and mirrors. To build trust within the ecosystem, providers need to build trust with brands and publishers. We’re committed to developing and implementing products that are neutral, interoperable, and ultimately support a trusted ecosystem. We’ve been working on ATS for over three years—and identity for much longer—and are actively partnering with technology providers and publishers to drive continuity for the 400+ brands with whom we work. 

At LiveRamp, we are committed to data transparency. We welcome the opportunity to demonstrate the exact details of how ATS works and how to connect publisher identity to marketer identity. This is the first blog in a series that will cover the importance of identity. If you want to continue the conversation now—our team is available to answer any questions. Please reach out to