A Definitive Guide to Cookieless Advertising

An illustration depicting different elements and icons of web cookies
Headshot of Joe Cha, Marketing Director at Roqad
By: Joe Cha

Ask the broader marketing community if they understand digital advertising and chances are they will reply in the affirmative.

However, when asked to peel back the layers of our online onion, it’s often quickly found to be true that the level of understanding (with the exception of our media SMEs) is perhaps wanting. Cookieless advertising is going to be key.

Read on to learn more about how those crafty digital ads make their way to you and your customers and how a cookieless future will impact the ability to continue operating in the same way with the same results.

How does an Ad actually get to me when I’m reading the Seattle PI, The NY Times, or any other content site/app?

In about the blink of an eye, that ad space that is sitting on the page that hosts the Seattle Marriner’s article you just pulled up is offered to a network of hundreds of advertising technology companies to see which of thousands of advertisers want to buy that space RIGHT NOW on your browser.

That advertiser might be:

  • EA Sports advertising the video game MLB: The Show
    • Their advertising partner assumes from the context of the site that you like baseball
    • They know your home IP has a Nintendo Switch, and shared that with their advertising partner
  • Or maybe it’s Alaska Airlines trying to reach you about a flight to San Francisco
    • They have seen your browser looking for flights to San Francisco and shared that with their advertising partner
  • Could be Toyota Motors trying to reach SUV intenders
    • They told their advertising partner to find intended
    • SUV buyers Their partner engaged Kelly Blue Book and found out you searched for a new SUV last week

Depending on each advertiser’s willingness to pay, those advertising partners set min/max bid criteria for their algorithms

Then their algorithms bid directly based on the parameters their customers set

For example, if Alaska & Toyota are both using the same advertising partner (called a DSP or demand side platform), that DSP’s algorithm will automatically decide to bid for one versus the other, then decide exactly how much it thinks it will take to win the bid. If it decides to bid for Alaska (because they have a greater willingness to pay), then the DSP will bid on behalf of Alaska. If the bid on behalf of Alaska wins the auction, then that DSP serves an ad for a trial from SeaTac to SFO.

Return to Top

How do third-party cookies relate to this entire ecosystem?

Let’s start with the definition of a cookie: regardless of the first or third-party consideration

A cookie is a small piece of data that a website drops on a browser when it visits that domain. The goal is to give that browser a unique ID so that the site owner can track things like:

  • Login status
    • Facebook keeps users logged in for up to 90 days to make the site easier to use
  • Past Interests
    • Newspapers regularly customize pages to put relevant information for specific users on top (The NY Times always puts tech articles on top for me)
  • Purchase histories
    • In an effort to understand the type of things you like, Alaska might keep track of the fact that you have been looking for prices on flights to San Francisco, and have SFO as the destination filled in for you when you come back

These are all examples of information tied to first-party cookies, or cookies set directly by a site owner

Return to Top

How do third-party cookies differ from their first party cousins?

Third-party cookies allow companies who are not the owner of the site in question to drop that same unique ID token for a browser in that browser’s cookie storage

They function in the same manner as first-party cookies in that they allow a company to store a unique ID about the browser that then can allow that company to keep track of things you like, have looked at, etc.

The way this works is that the domain owner “invites” the company to read or drop a cookie on that browser … let’s say that partner is a DSP in this case:

  1. The site directs the browser to call a different site and gives the machine a version of:
  2. Hi, we know this browser as Alaska 123, Beeswax (a Comcast owned DSP) — do you know who they are?
  3. Beeswax then responds: Thanks Alaska. We hear you, and are connected to this browser
  4. Beeswax reads that browser’s cookie store and:
    • Realizes that they have never seen that browser before, and drops a new one, say Beeswax 456
    • Recognizes that it has and it is Beeswax 456
  5. Then Beeswax stores the map Alaska 123 = Beeswax 456
  6. Once the map exists, Alaska can separately tell Beeswax that this browser is interested in buying a flight to San Francisco because they have a Rosetta Stone of sorts for that user

But what about the other side of the transaction? How does Beeswax figure out that Beeswax 465 = Seattle PI 123?

When you visit the Seattle PI site, it makes a similar call to the one Alaska made, but it calls what is called a Supply Side Platform (SSP), someone like Xandr (Microsoft’s SSP)…these companies are basically the auction house of internet advertising:

  • When a browser lands on the Seattle PI site, one of the calls it makes is to Xandr, just like Alaska called Beeswax, with the same outcome
  • There is now a map held by Xandr that says: Seattle PI 123 = Xandr 789

This interaction functions in the same way as the one above, but with an extra step:

In order to map cookies with all it’s potential auction buyers, Xandr keeps track of all the Xandr cookies it has seen with each auction buyer, and if they have not seen this user with Beeswax (or any other DSP) before, they add an http call.

Instead of “closing the loop,” they tell Seattle PI to hold on a moment.

They then call Beeswax and say:

  • Beeswax do you know this user?
  • Beeswax responds: Yes, this is Beeswax 456

Now, Xandr knows that Xandr 789 = Beeswax 456 = Seattle PI 123

Ok, but what can they do with that information?

Next time Xandr gets a call from Seattle PI about Seattle PI 123, it will immediately send a “bid request” to Beeswax and several other companies asking if each of them wants to bid on “their company cookie ID” from the previous sync

Beeswax will recognize that Beeswax 456 is the same user that both Alaska said is looking for a flight to SF and Kelly Blue Book told them is an SUV buyer

Now Beeswax knows that two of their advertisers both want this ad space…Alaska is willing to pay more, and so Beeswax’s algorithm bids on the space on Alaska’s behalf

BUT, that bid request also comes to each bidder with a referring URL and an IP address:

  • The referring URL allows a DSP to deduce what the content is about: in this case, baseball
  • The IP address is the same as one that a rival DSP working with EA (The TradeDesk) was told by EA has a Nintendo Switch with at least one EA game
    • This powerful combo makes this user the perfect target for EA, and the TradeDesk’s bidding algorithm bids higher than Alaska.
  • The TradeDesk wins the bid and sends an ad for MLB The Show to Matt while he’s reading about the Marriner’s homestead.

This process takes about 150 milliseconds from start to finish; again, for context, the average blink of an eye is between 100 & 150 milliseconds

Of course, you could just have an office in Pioneer Square and be worried about game traffic…and your teenagers might play Plants vs. Zombies and hate baseball…we don’t really know…

Return to Top

How did cookies start?

Essentially cookies are an artifact of how browsers technically work.

When a site is downloaded by the browser, the browser downloads what is called the base page, then the base page instructs the browser to make calls to dozens of different locations to download specific pieces of content.

  • EG: Newspaper photos are large, and are often hosted by a content delivery network so they are closer to the user and get to the browser faster
  • EG: Buzzfeed embeds individual Tweets and Reddit posts in its feed that require direct calls to those sites to download the content because the owners don’t allow external sights to embed photos of copyrighted material, only links too it.

Eventually, the site finishes downloading the visual content, then it fires what are called image pixels that do the cookie syncing we described…

These elements are unseen to the eye, but prompt the browser to make the calls that allow for cookie syncing

When cookies were invented, the original browser designers actually knew 3rd party cookies were possible, even inevitable…regardless, cookies are necessary to allow for any type of personalization…the question between first & third party cookies is merely: who is doing that personalization? Have we outsourced it or are we doing it ourselves?

Return to Top

What happens when browsers take away third-party cookies?

Third-party cookies have been set to “no” by default in the FireFox and Safari browsers for some time, so it’s pretty easy to see:

  • Technically, unless you are the domain owner, you don’t have the right to read the browser’s cookie store

Business-wise, any data sharing between companies based on matched cookies to help the targeting process comes to an abrupt end.

In effect, we need to find other ways to map IDs across publishers together in order to share relevant targeting information.

That’s where Identity resolution comes into play ID resolution has a few flavors, but the most common are:

  • Deterministic — mapping users via some other definitive key (usually email) between sites
  • Probabilistic — mapping users in a predictive way based on the output of a machine learning algorithm

For more on what it means when data can’t be transferred, how Identity resolution can help, and what the common pitfalls are in setting up these systems, please join us on Friday for the CMO Roundtable!

Questions? Give us a shout to chat with an identity resolution expert today!

Return to Top
Headshot of Joe Cha, Marketing Director at Roqad

About The Author
Joe Cha

Joe Cha is a marketing director with Roqad.

He has created content marketing projects for machine learning / artificial intelligence companies for the last 3 years. He previously served as content lead for fraud prevention ML company Nethone, which raised Series A and was named one of the fastest-growing companies in Central Europe by Deloitte.   

Stay in the Know

Get news, resources and updates about events happening in the world of digital advertising.