As advertisers phase out cookies, what’s the alternative?

What will become of the humble cookie? The tiny data files sent from websites to browsers have come under much scrutiny recently, particularly from privacy advocates and policy makers. Even advertisers agree that the web needs a viable alternative that balances privacy concerns with marketers’ desire to target users effectively.

As investors focused on the advertising technology space, we’ve paid close attention to the discussions surrounding cookies and other tracking mechanisms, given their importance to the ad ecosystem. In this post, we’ll summarize these discussions and touch on emerging tracking technologies that may ultimately replace cookies.

Third-party cookies (i.e., cookies set by someone other than the website being visited) have enabled digital advertising to flourish into the multi-billion dollar industry it is today. They are used to run retargeting campaigns, enable real-time bidding exchanges, and reconcile user-specific demographic data across multiple sources. And they’re everywhere–nearly 85 percent of the top 1,000 sites have cookies set by a third party, according to a study by the UC Berkeley Center for Law and Technology.

Yet many industry leaders have grimly declared “the death of the cookie” sometime within the next few years. What’s the cause of their cynicism? Here are some of the most common critiques:

Privacy concerns: Critics argue that third-parties collect and store excessive data on consumers, often without their knowledge. Consumers agree–57 percent of Internet users are either “concerned” or “very concerned” about their online privacy, according to a recent study by analytics firm Annalect. Law makers are concerned as well, and have floated potential legislation to limit the scope of tracking by third-party advertisers. They’ve tasked industry and consumer groups with defining a browser-based “Do Not Track” standard that would allow users to easily opt out of tracking.

Limited reach: Cookies aren’t effective in mobile environments (third-party cookies are blocked by default on iOS devices, for instance). This can be limiting for advertisers, given that we spend more time on mobile devices than we do laptops and PCs. Additionally, many desktop browsers including Firefox, Safari(s aapl) and Internet Explorer(s msft) have chosen to preemptively opt users out of accepting third-party cookies.

Poor cross-device tracking: Cookies can’t provide cross-device targeting capabilities (i.e. targeting the same user across mobile and desktop devices). As consumer attention continues to bifurcate across devices, the value of desktop-only cookies starts to decline.

Photo from Thinkstock/bestdesigns

Photo from Thinkstock/bestdesigns

Stacking up the alternatives

So what’s next? What’s the magic bullet that balances privacy considerations with sophisticated cross-device tracking capabilities? Some interesting cookie alternatives have emerged, each with their own benefits and drawbacks. We can classify these identifiers into three buckets: known, stable and statistical.

Known identifiers are typically associated with some form of personal information, such as a name or email address. Large consumer internet companies have access to millions of known IDs, across both desktop and mobile. These IDs have some important advantages over third-party cookies:

  • Known IDs are highly accurate given that we typically pass highly accurate demographic and interest data to social media companies like Facebook(s FB) and Twitter(s twtr). Known IDs have large mobile and cross-device reach (persistent login across desktop and mobile devices)
  • Privacy concerns may be mitigated by giving users ample control over the how/when the ID is passed to advertisers
  • Both Facebook and Twitter are expected to begin allowing advertisers to use their known IDs outside of their “walled gardens” (Twitter’s acquisition of MoPub has many industry observers predicting that this will happen on mobile in the near future).

Stable identifiers are typically associated with a specific device or browser. Apple’s IDFA (“identifierForAdvertising”) used on iOS devices is a good example of a stable ID. These IDs are typically persistent (don’t expire or erase), anonymous and allow for user opt-out.

Most notably, Google(s goog) is rumored to be developing a stable ID system, known as AdID. The AdID would be a unique identifier associated with the Chrome browser and Android devices that persistently identifies users. It would be anonymously passed to advertisers approved by Google, while giving users greater control over how they are tracked online (such as the ability to opt-out or block specific advertisers). The AdID could also include “known” data for users logged in to Google products like Gmail and Google.

Details on AdID are sparse, but its implications are vast given Google’s massive reach and scale. See Ari Paparo’s excellent post for some predictions on how the AdID may be designed.

Finally, statistical IDs attempt to bypass cookies entirely by using other attributes to identify users, such as IP address, device type, and browsing patterns. Using these attributes, companies like Drawbridge, TapAd and AdTheorent can probabilistically determine whether two devices are connected (for instance, your phone and PC). The resulting statistical ID can then be used for ad targeting. Here’s a more detailed description of the technology.

Although promising, the technology is still in its early days; most statistical IDs are typically only 60 to 70 percent accurate. Nonetheless, many within the industry are optimistic about the potential of statistical IDs because they allow for cross-device targeting, are anonymous (quelling some privacy concerns) and aren’t owned by a single large player like Google or Facebook.

Nima Wedlake is an analyst at Thomvest Ventures, focusing on advertising technology. Follow him on Twitter @nimajw.