Quantcast recently hosted a fireside chat: The Cookie Experts: Ask Us Anything. Our privacy and identity experts, Durban Frazer and Heinz Baumann, shared insights into first-party and third-party cookies, the impact of third-party cookie deprecation, audience insight measurement, email-based IDs, and navigating Apple’s latest product announcements. 

Many thoughtful questions were asked by the engaged audience. To support the continued discussion on the evolution of cookies, we are sharing nine of the notable questions and our answers from the event.

  1. What exactly are third-party cookies, and what do they do? How are they different from first-party cookies?

A third-party cookie is placed by a vendor in a browser’s cookie store, which is accessible to all web pages. This allows the cookie to be read by a vendor’s code from any sites visited by that browser, as long as the respective code from that vendor is present on the page. A typical use case is to allow a vendor to observe traffic across multiple sites. For example, if site A and site B both use Quantcast, then we can store a third-party cookie when the user visits site A and read the same third-party cookie when the browser navigates to site B. In this way, ad tech solutions can observe browser behavior across the two sites. They can observe the visitor behavior on site A, for instance, and infer whether or not the visitor should be served a certain ad on site B.

However, third-party cookies have never been a perfect solution–they can be deleted or can misidentify someone who uses more than one browser as more than one person. Additionally, third-party cookies are not available in all environments (e.g., Safari blocked them with Intelligent Tracking Prevention).

In contrast, first-party cookies are stored directly by the domain (website) that users visit. These cookies allow website owners to collect analytics data, remember language settings, and perform other useful functions to provide a good user experience. 

The major difference between third-party cookies and first-party cookies is that first-party cookies exist only within a single domain. First-party cookies allow publishers and other companies on that site to store info (e.g., an ID), and that ID can’t be shared across different domains.

  1. What are the best practices for creating first-party cookies?

First of all, it depends on how you create the cookies and what system you use to do that. There are two ways to set up first-party cookies: one by the server and one by JavaScript on publisher sites. The server-side first-party cookies tend to be stickier, but also require a lot more implementation effort and more changes to your ad stack.  

Quantcast suggests these overall best practices: 

  • Do due diligence to take stock of what pixels / tags already exist.
  • Make sure you understand what the code does and only install codes from a trusted vendor .
  • Verify that the codes are consistent with regulatory guidance for your region (e.g., GDPR).

  1. How does the deprecation of third-party cookies affect the various platforms in the ad tech ecosystem?

To make advertising work effectively without third-party cookies, we will need to invent alternative approaches to correlate the user on the publisher site with a user on the advertiser / brand site. A number of different approaches and solutions have been proposed, such as first-party data, cohorts, contextual, deterministic IDs, or probabilistic IDs. 

One of the common deterministic approaches being worked on is using email addresses to sync data between the DMP and the advertiser / publisher. The big drawback to this approach is that the majority of publishers don’t have a high sign-in rate (if they have any at all). Very large publishers who can drive high sign-in rates will be able to keep transacting on data from a data management platform (DMP) using email. Smaller publishers are going to struggle without data derived from third-party cookies in support of selling their inventory.

Given the increased emphasis on first-party data, there is an increase in customer data platforms (CDPs) that help manage first-party data, and provide a more direct integration with a marketer or publisher. However, CDPs have not solved the challenge of modeling or reporting on how users behave across sites. 

Publishers will need to be able to collect more information about their users and form tighter connections with them. To do so, publishers will need to communicate the value exchange with users more clearly. Marketers then need to develop closer connections to publishers to be able to leverage user data.

  1. How will measurement be impacted? Can click attribution still work?

There are different solutions being developed across the industry for measurement and attribution. Once these different solutions move into test phases, we will learn to what degree measurement and attribution will be impacted. 

In general, though, attribution will still be available after third-party cookies go away. At a high level, the basics such as “we spent X dollars on ads and got Y conversions” will remain. However, the way in which we get to these insights will change. Both Safari and Chrome have proposals for how publishers and marketers might do anonymous conversion reporting via the browser explicitly: Private Click Measurement (Safari) and FLEDGE (Chrome) use panels for very large campaigns, statistical methods, etc. 

Quantcast has recently released an alpha version of third-party cookieless conversion reporting that does not rely on third-party cookies. If you would like more information, please get in touch with our team here

  1. What is Apple’s iOS 15 update and how does it impact advertising?

At WWDC 2021, Apple announced a number of products and new directions, which can be found here. Specific details on the new initiatives announced can be found here.

Apple’s latest announcements are not a surprise. Apple already supports tracking prevention with the App Tracking Transparency (ATT) framework for mobile apps and has a “block tracker” feature in Safari today. What is new:

  • Apple will expand this feature within Safari by hiding the IP address to disallow companies’ use of the IP address.
  • Apple will offer email obfuscation for iCloud+ users. 

Companies that use the IP address as a way to correlate traffic from the same browser or use an email address as the ID will need to rethink how to analyze traffic from Safari browsers. 

This is in line with proposals on anonymization that Google is already working on (i.e., FLEDGE). The difference between Google and Apple is that Google’s approach is site-by-site-based, while Apple’s approach applies across all sites on the Safari browser. 

  1. What is the work being done in various industry standard working groups, such as IAB Tech Lab’s Project Rearc, Prebid, and W3C? 

Project Rearc is an industry-wide standard supported through IAB to define criteria for addressability and accountability throughout the ad tech industry, especially in the third-party cookieless world. A major initiative is Unified ID (UID) 2.0, an open source deterministic ID solution.

World Wide Web Consortium (W3C) is a group where all new internet protocol standards are proposed and agreed on. Even though many ideas on how to solve the third-party cookieless future are being discussed, most time is spent on understanding the potential viability of Google’s cohort-based solution, FloC.

Prebid.org is an open source organization that provides a lot of the software used by publishers and ad exchanges to make their inventory available in real-time bidding (RTB). (Note: Google does not use Prebid.) Prebid is also involved in a few identity solutions in development: 

  • PubCommon ID – allowing publishers to use a simple extension to share the same site information (first-party cookies) with DSPs, which can then do frequency capping, sequence ads, show brand lift studies, etc.
  • UID 2.0 – helping operate UID 2.0 for sending IDs and SSO service lead by Criteo within Prebid
  • Publisher first-party audiences – working on implementing standards that make it easier for publishers to describe their audiences to DSPs / marketers. These descriptions can be quite challenging, and so Quantcast is helping publishers with tools, such as Quantcast Marketplace, first-party segments, and modeling.

  1. What is Google’s FLoC? What are the limitations of Google FLoC?

Google’s FLoC is a way of grouping users together based on their browsing behavior, while at the user level sharing only which group they are in. This approach allows the browser (Chrome) to share some information on what the user is doing while adding a layer of anonymity by grouping the user with other users. 

The biggest limitation is that FloC only works within Google Chrome, leaving cross-browser, cross-device, and offline data out of the picture. Quantcast has noted that: 

  • It would be difficult for Chrome to consistently collect user information. It is unclear whether or not FLoC will be able to be deployed globally because Google can’t make FLoC available for testing in countries where GDPR and the ePrivacy Directive are in effect.
  • Large publishers may resist contributing data about visitors to their sites, and they would not want it shared via FLoC any more than they do via third-party cookies.

  1. How is Quantcast helping publishers thrive in a cookieless world?

With the deprecation of third-party cookies, the role of publishers will grow in importance because they are the ones that provide content to the consumer. The more engaged the consumer is with a given publisher, the more information the publisher will have access to, which can facilitate the publisher’s understanding of their audience. Quantcast helps publishers understand, and therefore better monetize, their engaged consumers.

Quantcast is helping publishers understand their audiences with audience and content insights, demonstrate their reach and performance to marketers with campaign reporting, and monetize their contextual and audience segments by connecting directly with marketers. 

In order to thrive in a third-party cookieless world, publishers can install Quantcast’s Prebid ID Module, a snippet of JavaScript code that can be put in the Prebid wrapper / prebid.js that makes the existing Quantcast first-party cookie available in the bid request. This allows Quantcast to continue buying ad inventory on publishers’ sites in third-party cookieless environments. 

  1. How can marketers get involved in Quantcast third-party cookieless efforts? 

We have been actively testing our technology in Safari environments. Safari’s Intelligent Tracking Prevention (ITP) already blocks third-party cookies. This third-party cookieless environment is an ideal testing space and a good indicator of what the future will look like.

So far, we have seen positive results with our alpha capabilities. We are focusing first on measurement efforts and have developed the first iteration of a third-party cookieless conversion report for the Quantcast Platform, available now to marketers. Additionally, we have been running internal tests of our campaign activation capabilities and will soon be looking for external partners for testing. If you are interested in being an alpha partner, please sign up for our early adopter program here. If you’d like to get a deeper understanding of the Quantcast approach and get an assessment of your readiness for the third-party cookieless world, please contact us here.

The entire digital advertising industry is navigating all the recent browser, platform, and regulatory developments. Events like our recent fireside chat create important spaces for industry stakeholders to learn from one another. Quantcast’s long-term approach to providing world-class solutions that help our customers navigate the complex and changing digital media ecosystem is based on helping develop industry standards, enabling interoperability with key marketplace technologies, and a never-ending investment in innovation.

Get in touch with us here to learn more about Quantcast’s alpha capabilities for third-party cookieless targeting and conversion!