Unified ID 2.0 Is Facing Roadblocks (And Not Just To Do With Google)

Google isn’t a fan of email-based identifiers, but that isn’t the only challenge facing the Unified ID 2.0 initiative as it works to gain steam.

Google called the future of Unified ID 2.0 into question, without directly naming it, by clearly stating that it has no plans to support email-based identifiers or any mechanism that it views as mirroring the functionality of cookies.

 For Google, it’s Privacy Sandbox or bust, at least when it comes to the open web. (Google’s own first-party products and services are an entirely different story.)

 Regardless of Google’s opinion on the matter, however, the industry soldiers on, including The Trade Desk (which spearheaded Unified ID 2.0 as an open source industry initiative), the Partnership for Responsible Addressable Media (which is currently reviewing the UID 2.0 code) and the IAB Tech Lab (which is in the mist of hammering out the Project Rearc principles that will underpin UID 2.0).

Open questions

But there are other challenges facing Unified ID 2.0, putting aside Google’s rebuke and its prediction that email identifiers “aren’t a sustainable long-term investment” due to consumer expectations for privacy and the rapidly evolving regulatory environment.

For example, can the effort scale? What happens to small and medium-sized publishers that can’t convince their visitors to authenticate? Will the central body that eventually administers the ID have too much power? Will the increasing popularity of disposable burner emails and Apple’s “Sign in with Apple” option break UID 2.0’s identity backbone?

 And, the biggie: Will enough consumers actually consent to their email being used as an ID for ad targeting and how do you get them to do it?

Scale and mid tail 

Without enough publishers and consumers on board, Unified ID 2.0 is a cool concept car without the gas to make it go.

Getting scale is a significant challenge, said Hugo Loriot, a partner at You & Mr. Jones-owned data agency fifty-five.

Although the purpose of UID 2.0 is to bring addressability to the open web in the absence of third-party cookies, the end result could actually be another walled garden, he said.

“It’s a little deceptive to present this as the future of the open web versus Facebook, Google and others, because it’s mainly the big publishers that will have the ability and the right value proposition to get people to sign in, which will earn those publishers higher CPMs tied to identity resolution – and that’s great for them,” Loriot said. “But for the vast majority of publishers, the ones who aren’t able to join the club, CPMs will fall.” 

Dave Pickles, CTO of The Trade Desk, acknowledges that the burden on mid- and long-tail publishers “is a big deal.”

“Some publishers have logins today, which I think makes UID 2.0 a no-brainer, but that’s not the case for publishers that don’t have a direct relationship and that is where a lot of my attention is right now,” said Pickles, pointing to the work that Criteo and others are doing to develop a single sign-on platform to help publishers gather consent.

Getting consent

But even if every small, medium and large publisher on the internet joins UID 2.0, that doesn’t mean consumers will be willing to share their email address.

Developing a systematic – and convincing way – to get people to opt in is crucial. “This whole thing only works if users consent to a targeted internet by providing their email,” said Tom Kershaw, CTO of Magnite and chairman of Prebid.org, which recently agreed to serve as one of the independent operators of Unified ID 2.0. 

The Trade Desk is optimistic that with a user-friendly SSO system and consumer education, this is more than possible. Pickles estimates that over time there’s no reason why 80% of internet users won’t eventually authenticate if the value exchange is properly explained and executed.

But take that with a grain of salt. Even LiveRamp, which joined the UID 2.0 initiative last year and has a lot riding on the viability of its own Authenticated Traffic Solution, believes that publishers should aim for at least 30% authentication … a far cry from 80%.

To be fair, though, the average cookie match rate is only around 40% on a good day – and it’d be foolhardy to assume that authentication is a 100% solution for everyone. 

“It’s unrealistic to expect the whole web to be authenticated … not everyone will do so,” said Tom Richards, global product director at programmatic media solutions provider MiQ. “A diversified cookieless activation strategy is required.”

Who holds the keys?

There is, however, an even more existential question dogging UID 2.0, and that is whether it will remain truly open source.

Although Prebid has signed on as an independent operator, that only means it’s going to operate the cloud accounts that UID 2.0 will run on, and that Prebid’s GitHub repository will be home to the underlying software.

But UID 2.0 is also looking for an administrator, an entity that has the power to audit and shut off bad actors. That job will most likely fall to the IAB Tech Lab.  

Comic: At the privacy diner.“It’s a major concern, the potentially authoritarian, centralization aspect of all of this,” said Joshua Koran, head of innovation labs at Zeta Global.

“Imagine if a kill switch was built into the ID itself,” Koran said. “How many publishers would want to put their entire business at risk? Who writes new regulations to replace what governments have already come up with? Moreover, if there is an alleged violation, which justice system or law enforcement will investigate?”

That burns

And here’s another rub: what if consumers actually take active measures to avoid their email address from being used as an identifier?

A growing number of consumers are signing up for temporary “machine-generated emails” provided by services such as Burner Mail and Simple Login in order to conceal their real email address. And Apple, for example, is aggressively pushing its Sign In With Apple SSO service, which generates a unique, random email address that forwards to a user’s personal email.

“Every one of these solutions gives out a different email address for the same user for every site they go to and it just breaks everything,” said Keith Petri, CEO of a new startup called LockrMail that provides people with a single publicly facing email address that they can use across publishers, retailers and other sites.

“What I think UID 2.0 doesn’t take into account is that there is an equal and opposite reaction coming from consumers when it comes to tracking,” Petri said.

According to Pickles, publishers will have a way to quickly detect whether an email address isn’t legit, and then it’s up to the publisher whether it wants to communicate directly with those visitors and ask them to share something usable.

But regardless of any messaging or the development of an opt-in system that explains the value of UID 2.0, perhaps the deepest challenge of all is that the imitative isn’t necessarily solving a core consumer complaint, said Scott Messer, SVP of media of Leaf Group.

“A lot of people just don’t want to be tracked,” Messer said. “It’s got to be acknowledged.”

Enjoying this content?

Sign up to be an AdExchanger Member today and get unlimited access to articles like this, plus proprietary data and research, conference discounts, on-demand access to event content, and more!

Join Today!


  1. david elkins

    Won’t the use of a universal SSO associated with the UID 2.0 alleviate issues of scale for longer-tail publishers ? Meaning, it will still be valuable for ALL pubs/content creators to build their 1p audiences + email lists, but if they’re plugged into a holistic ecosystem (SSPs and DSPs (and brands)) that have adopted UID 2.0 + SSO – aren’t they pretty much covered on the identity front ?

  2. “For Google, it’s Privacy Sandbox or bust, at least when it comes to the open web. (Google’s own first-party products and services are an entirely different story.)” <== to be fair to Google, they are applying the same rules to their own 1p context as they are for any publisher. Their use of data from Android and Chrome on the other hand represent more fundamental anti-competitive issues.

  3. “A growing number of consumers are signing up for temporary ‘machine-generated emails’ provided by services such as Burner Mail and Simple Login in order to conceal their real email address. And Apple, for example, is aggressively pushing its Sign In With Apple SSO service, which generates a unique, random email address that forwards to a user’s personal email.”

    A “growing number.” How many? What does the data show?

    While I can see a very tech-conscious minority doing this, I don’t believe the vast majority of individuals are using services like this. Frankly, “sign in with Apple” sounds like a bigger issue because of the iPhone’s popularity, but even there I think the proportion of users who buy Apple products as a fashion and status symbol vs. the “all-in” Apple ecosystem users is different. Again — we need to look at actual data.

  4. Eric, great question. I couldn’t agree more that action should be taken, but only against actual data. The impact and subsequent consumer reaction to publishers, brands, and everyone in-between requiring email to access content and services is still in its infancy. Just like GDPR, you won’t see publishers implement strategies to counteract the depreciation of the 3rd party cookie until closer to game-day. However, a few have taken proactive stances and have registration walls for eCommerce sites, many news publications, and the like. You see daily commentary by LiveRamp ATS, UID2.0, and other identity providers pushing the burden of explaining the value-exchange to the consumer – all the way down the chain at the publisher/brand level.

    As such, you not only have solutions like Apple SSO, Firefox Relay and the two mentioned in this article, but 10s (if not 100+ more): Hey.com, Mailman, LunarMail, SlickInbox, Polymail, Helm, Newton, TheOtherMail, LeaveMeAlone, Temp-Mail, etc. – the list is endless. Each of these services have grown exponentially in the past 12-months. The driving factor is the growing annoyance that the historical quid pro quo of the Internet (“Users see relevant ads in exchange for free content.”) is being re-written as “Users required to register and give up complete control over their personal and professional inboxes in exchange for free content.”

    The value-exchange has not been redefined; it has not been explained. The value has not increased, but yet the payment terms have.

    New privacy regulations (a completely separate topic) empower the Internet user. Every aspect of every proposal to solve for identity in adtech/martech has completely ignored the concept of consumer rights and is driven by maintaining (not the status quo, but) current revenue and margins.

    As an industry we are trying to renegotiate the rights of consumers online without giving consumers an opportunity to sit at the table and partake in the discussions. This will backfire and it already has begun.

  5. Craig T

    If you think publishers are sitting around waiting to figure this out then you haven’t been talking to publishers. Maybe those guys on the longtail are asleep at the wheel, but from my experience the bigger players have been working on their post-cookie approach since last year.

    The real interesting part will be the backlash from the general public when all of the websites they’ve grown accustomed to visiting without issue suddenly want them to register and login. I think you’re quickly going to find that people prefer user experience over privacy when their general user experience becomes inconvenient.

  6. When is the AD tech industry going to get it through their dumb skulls that users/consumers/clients DO NOT WANT TO BE TRACKED / PROFILED / BEHAVIOURALLY ANALYSED / LOCATED etc, why cannot AD tech expand on contextual advertising as it seems the most sane and intelligent thing to do.

    I can’t remember where I saw it but there was a report / analysis that tracking based advertising only made 4% gains, what a huge amount of effort for not a lot of gain. AD tech are the new age snake oil salesmen.

  7. Users have to accept the quid pro quo – it’s either that or pay for a subscription. Does that hurt the mid/longtail? Sure, but the best content always wins. Perhaps an argument can be made that the web needs to contract a bit. Does the sharing of an email address really create a negative user experience? The alternative could be worse. Besides, didn’t you have to submit your email address just to post your comment here? How long did that take you? Maybe I’m naive to believe that TTD and others not named Google, Facebook, et al, will actually deliver on the promise of displaying ads that are more relevant without the security compromise. In that case, we already know the alternative is much worse.