A concern for TTD?

Hi Darth,

Thanks greatly for the detailed analysis of the Unified ID and how it is different. And the CLEARCODE site does a good job of explaining things in more detail.

It was critical to know that cookies often only contain a unique ID and that the rest of the data is stored on servers at the advertisers and website companies. These IDs are what is mapped between advertisers and websites to refer to the same person, and allow them to share data they have each collected (Cookie Syncing).

The Trade Desk’s Unified ID solves the problem of matching each DSP’s ID they’ve assigned to a user’s cookies, a problem that currently causes lots of mismatches and requires each DSP to keep a map between their IDs and every other DSP’s IDs.

https://martechtoday.com/why-the-trade-desks-unified-id-may-…
In addition to being a massive matching effort, this process is highly inaccurate. Match rates above 60 percent are considered decent, which means that it’s common for a large percentage of user IDs to remain un-synched and therefore unrelated to other cookie-based history.

The worst privacy issues come from the use of Tracking Pixels. In simplified form, advertisers use Tracking Pixels to know when each ad they have served to a particular user (via website or email) is accessed by that user, and websites use them to track what a user is doing during a session on its website. Using Tracking Pixels in this way provides information about users without their consent, including the unique IP address of their computer allowing companies to identify the user activity whenever they access the internet. Spammers use this as well.
(Details on Tracking Pixels: https://en.ryte.com/wiki/Tracking_Pixel )

If it is Tracking Pixels that Google ends up blocking (already available for gmail as a Chrome extension called PixelBlock), then privacy is maintained and TTD’s Unified ID will not be affected. Things like PrivacyBadger (that enforces Do Not Track) appear to do that, but I haven’t been able to confirm that.
https://www.eff.org/issues/do-not-track

Darthtaco:So what the DSP uses to determine what ad to display (programmatic) is entirely and purposefully from a randomly generated and assigned ID.

I found a reference that confirms that:
https://martechtoday.com/2019-will-be-the-year-the-ad-tech-e…
One important point is that no actual data is exchanged in this process. The IDs that we pass and link together are completely random numbers, meaningless in a vacuum. All companies involved in the chain engage simply to exchange currencies – “I got ID123 on this user, what did you get? ID456? Great.” The seller doesn’t tell the DSP that the user is a soccer fan who streams a lot of games online. The DSP doesn’t tell anyone that the user is shopping for a new car. Both of those data points remain proprietary to their respective owners.

Darthtaco:TTD and others have created a system where big third party cookie reading has become less important. In place they have created a system where better targeting can be completed using only data in their own systems on a completely anonymized ID.
From what I have noted above, the websites still use a user cookie, but advertisers probably don’t.

Darthtaco:I hope my other post made that clear why that is true and why if Google stops transacting in identifiable consumer data it won’t effect TTD.

You sound very certain that it won’t affect TDD, and that is reassuring. But without knowing what Google is thinking of doing, I am concerned enough that I’d like to know how you are so certain.

Enjoy,
Brian

I enjoyed Jeff Green’s interview on CNBC’s the Closing Bell as he discussed the massive opportunity with the launch today in China and the opportunity that Baidu, Alibaba, Tencent, etc…

He also discussed the ad-funded model of connected TV. (hello Netflix into the TAM)

He didn’t mention Google Chrome (he wasn’t asked).

Might want to check it out…

Putter

Can anyone explain in layman’s terms how the Unified ID protects the consumer and keeps their data anonymous? TTD website only explains how it’s beneficial to DSPs, advertisers, publishers, inventory suppliers…etc. And I’ve read numerous times, Jeff’s statement that because they’re not a search engine, they don’t keep any personally identifiable data.

But in order to be effective, they need to know that my randomised ID # 4xs0976338 has visited nike.com and bought some sports clothes, likes cycling and lives in the UK. Maybe I’m missing something very simple here, but I just can’t see how having effective targeted advertising coexists with protected, anonymous data.

The Unified ID solution seems like it’ll make harvesting consumer data even better, as it removes the errors of having multiple solutions

That’s the difference Ben. They may know consumer XYZ likes this and that and be able to target that person appropriately. They do not know who customer XYZ actually is though. Don’t know email addresses, name, phone number, social security…no personal data.

That’s the difference.

AJ

They do not know who customer XYZ actually is though.

Nike.com knows who I am though, because I gave them my name, address, phone number, & CC when I ordered my shoes. What mechanism prevents Nike from cookie-syncing with an AdTech platform? Nike’s privacy policy already allows Nike to share your personal information with their advertisers.

From Nike’s Privacy Policy (emphasis mine):
Third party service providers processing personal data on Nike’s behalf, for example to process credit cards and payments, shipping and deliveries, host, manage and service our data, distribute emails, research and analysis, advertising, analytics, manage brand and product promotions as well as administering certain services and features.

We are talking about what TTD does, which is place an ID cookie on a web browser that is a random and anonymously generated cookie, and what they collect with that, which contains no PII. That collection of all non identifiable information is owned and maintained by TTD and is only connected to a completely unidentifiable ID.

Here’s TTd privacy policy if anybody wants more info or has concerns about this technology and TTDs policy.

https://www.thetradedesk.com/general/privacy-policy#sharing

The Trade Desk bears no responsibility for how Nike collects and shares whatever data they have acquired and how they chose to share or not share that data with a third party.

I have no idea if Nike ever provides any PII to TTD. But that is Nike’s data and their responsibility. TTD doesn’t collect or use PII in the process of what they do.

Darth

Thanks 5761796E65, that is precisely my concern.

This might seem to be moving OT, but I don’t think it is. It’s at the core of what TTD does. We all know the privacy intrusion, surveillance capitalism is bad. Cookies are the workhorse of this. TTD has come racing in as the Knight in shining armour essentially saying we care about privacy issues (mainly because they see policy changing i.e. GDPR, and are so getting ahead of the competition, good sound economic sense on their part), and have come up with this Unified ID solution where they don’t keep any personally identifiable information on us.

Great.

But then they say they are giving me a personal, randomly generated, identification number. With this number, they don’t know who I am, but they know I like sports and athletic footwear, which will allow Nike to target advertisements towards me. That’s good. I like that.

But this randomly generated identification number is mine. It doesn’t change everytime I visit another site. It’s issued and personal to me. TTD have set out to ensure privacy, but this to me is hackable!

And I imagine not that hard to hack or socially manipulate or reverse engineer. Then I have your name, address, email address, and your unified ID #, where I know what you like/don’t like.

Of course, TTD doesn’t have your personal information. So they’re guilt-free. Their hands are clean.

I’m trying to grapple with how the ID works. What information is shared? Clearly some has to be shared in order for advertisers to target effectively. If I visit Nike and buy a pair of trainers, my unified ID needs to update with something on the likes of “this person likes athletic trainers”. So Nike has to update this and therefore has to know my Unified ID #. After I give them my name and address and someone hacks Nike and steals all this information, they’ve now linked my name and address to a specific Unified ID #.

I admire Jeff Green and his mission, but I’m not convinced this Unified ID is the dream of advertising solution.

If I use my Roku to connect to Hulu and get targeted ads, how do they know it’s me? Have they linked my TV personality unified ID to my desktop computer and mobile phone unified ID. Or do I now have 3 different IDs?

I guess if there is a question of privacy concern for advertisers or consumers - whether it be on Facebook, Google, or even if it involved The Trade Desk - where else can advertisers/consumers turn to? Seems like these are the “big 3” in the advertising space?

From your first link: https://clearcode.cc/blog/cookie-syncing/
The results of the cookie-syncing process benefit those mentioned above, as [The AdTech Platforms] are able to exchange user data across different platforms, and therefore, better target audiences with online advertisements.

Sure, TTD isn’t sharing my PII. Instead, they are assigning me a Unified ID, which allows every AdTech data silo to be linked together. Now Nike can connect my PII with my online activity from every data silo. And Nike can share my PII with every AdTech data silo, with 100% accuracy, due to TTD’s Unified ID.

I’m not suggesting TTD is violating any laws. But Unified ID isn’t helping the privacy of consumers. It just makes it worse.

5761…,

You are misreading that I believe. Nike says they share certain info with advertisers. TTD is not an advertiser. And there is no evidence that anyone anywhere is connecting IDs to individuals. That would violate the policies and all evidence is the opposite.

And there is no evidence that anyone anywhere is connecting IDs to individuals

But it says so right there on TTD’s webpage:

https://www.thetradedesk.com/industry-initiatives/unified-id…
It is critical we adopt an ID that will eliminate the need for synchronization, so advertisers can identify a user across websites

Here’s what we have now:
Data Silo #A - Website#1:
Cookie #31415926535
Name: Darthtaco
Bought shoes

Data Silo #B - Website#2:
Cookie #27182818284
Name: ???
browsed pop-tarts and comic books

Now the advertisers want to know what users from silo #A match with users from Silo #B. TTD says “Use our Unified ID to match users across websites” TTD ends up assigning #UI1875545956 to Darthtaco. TTD doesn’t share Darth’s PII, but that data is already spread out there with Nike, TMF, and hundreds of other sites. Nike, allowed by their Privacy Policy, trades your PII for a discount on an ad-buy. Now every ad company can know that Darth buys Nikes and loves pop-tarts.

This data sharing has been going on for a long time. The Unified ID just makes the accuracy of matching much better.

You are misreading that I believe. Nike says they share certain info with advertisers. TTD is not an advertiser. And there is no evidence that anyone anywhere is connecting IDs to individuals. That would violate the policies and all evidence is the opposite.

That is not what TTD is saying in the privacy policy that you linked to:
The Trade Desk uses cookies, Web beacons, pixels and other technologies to collect web viewing data across non-affiliated sites over time. In addition, The Trade Desk collects app usage data across non-affiliated apps over time. We may also collect such Web viewing and app usage data from other ad platforms, application platforms or providers, customers or websites and services (including our Clients) and we may combine this information with any information that we have collected about you. We use this data to infer your interests and to provide more relevant advertising to you. This is known as Interest-Based Advertising (“IBA”).

We may also facilitate our Clients’ efforts to place a cookie or other tracking technology on a website with which our Client has a relationship, and we may allow our Clients to collect information about your web viewing behavior on our website. This information may be combined with other data collected from other websites over time for IBA purposes.

They are collecting and storing personal information and associating it with the Unified ID. I agree with Wayne @761796E65 that the Unified ID is not protecting the individuals, but is for pooling information about individuals from all advertisers. The question about how Google under pressure from European privacy measures will change things to protect PII and how that will affect TTD is the big question.

And under PRIVACY PRACTICES FOR OUR WEBSITE:
This privacy policy describes how The Trade Desk collects and uses the personal information you provide on our Web site, www.thetradedesk.com or otherwise to The Trade Desk through your contact with us, our employees and our contractors . It also describes the choices available to you regarding our use of your personally identifiable information (“PII”) and how you can access and update this information.

Enjoy,
Brian

I like the level of detail and thinking here, but this won’t mean much to me until we hear about it. Yes, I realize that point may be painful, but I’m siding with Green on this and have trust in his knowledge of the market.

Also, I’m having a tough time understanding how hackers would obtain PII from anonymous data. If I’m a hacker, I’d just hack the companies who have that data versus a company with anonymized ID where I would have to then run more analysis to match PII. I’m sure it’s possible, but why not go after the easy targets?

Also, what TTD is doing definitely doesn’t run afoul of any new privacy rules in place. Much better than previous alternatives for advertising and I don’t think advertising is going anywhere.

AJ

Also, I’m having a tough time understanding how hackers would obtain PII from anonymous data.

If anyone clicks through on an ad, the website that it takes them to can use Pixel Tracking to get their IP address and be able to identify the person from that. Or from spamming out to email addresses and getting information from all who observe the message whether they click or not.

The below says that Pixel Tracking used in an ad image is enough to get the IP address, even without the user clicking.

Tech 101: What is a Tracking Pixel?
https://skillcrush.com/2012/07/19/tracking-pixel/
When a tracking pixel is embedded into the HTML code of a website, an online advertisement, or a marketing email, each time a user loads that site, ad, or email in their web browser they also load the pixel tag. This event triggers a request to the web server where the tracking pixel is hosted. The server then sends the pixel tag to the user’s unique IP address (a string of numbers that identifies each machine connected to a computer network) and that address is logged by the web server. Website owners, authors of email marketing campaigns, or advertisers responsible for the tracking pixel can then periodically analyze server logs and understand how many unique views their content is receiving.

Still not sure if Google’s pending changes would affect this, but for those who value privacy it’s a good reason to turn off automatic image loading in your email and Pixel Tracking on your mobile and TV devices.

From the TTD privacy policy statement:
OPTING OUT ON IOS DEVICES SUCH AS IPHONES, IPADS OR IPODS
If you have an Apple device, you can opt out of our IBA services by updating to iOS 6.0 or higher, and setting Limit Ad Tracking to ‘ON’. You can do this by clicking on Settings → General → About → Advertising and toggling Limit Ad Tracking to ‘ON’. Our systems are designed to respect your choice and not use information to provide IBA when this setting is ON. Again, you should consult Apple’s support web pages and instructions for the most current applicable settings.

OPTING OUT ON ANDROID DEVICES
If you have an Android device and would like to opt out of our IBA services, you may do this as follows:
1. Open the Google Settings app on your device

2. Select Personal info & privacy à Ads settings à Manage Ad Settings

3. Turn to “off” the “Ads based on your interests” option.

Our systems are likewise designed to respect these choices transmitted by your Android device. Again, however, please consult Google’s settings and instructions for the most current settings information.

Please note that these settings do not block ads, but rather will not base ads on your interests.

For Apple devices, use:
https://support.apple.com/bg-bg/HT202074

Enjoy,
Brian

Sorry 576, but that is wrong in the most important way.

Here’s what we have now:
Data Silo #A - Website#1:
Cookie #314159265
Name: Darthtaco
Bought shoes

Name: Darthtaco<——-This Data block would not exist. Name is personally identifiable information and is impossible to obtain via the TTD process and is further prohibited via the privacy policy.

That’s the point. The reason for TTDs success in the UnifiedID space is their wizardry matches these things based off this data

Cookie #314159265
Browser visited shoes

Cookie #27182818284
browsed pop-tarts and comic books

And they match that with 99% accuracy compared to what was typically only 60% or so.
There’s more to it obviously but bottom line is NO PERSONALLY IDENTIFIABLE INFORMATION IS USED IN THIS PROCESS.

Brian that is what the privacy policy says. What you cut and paste from it is talking about non-PII. That’s the way it is, the wizardry doesn’t use PII. TTD does not share any PII with other ID AdTech companies because it is not in that database. This is simple.

The last paragraph you pasted is from the specific section regarding privacy policy for www.thetradedesk.com

It only applies to visitors of that website and is irrelevant to this conversation.

Darth

https://www.benzinga.com/analyst-ratings/analyst-color/19/03…

… Google was considering restrictions on cookie tracking in Chrome, similar to what Apple Inc. AAPL 0.75% has done for its Safari browser, Schwartz said in a Wednesday note.

Trade Desk’s Safari desktop revenue continued to grow when Apple enacted similar restrictions in the past, Schwartz said. Moreover, the company’s key growth drivers — ConnectedTV, mobile and China — are strengthening and do not use browser cookies, he said.

HP

Sigh, you are not comprehending. TTD does not provide other companies with PII. We agree on that. So stop claiming that as your defence.

Name: Darthtaco<——-This Data block would not exist. Name is personally identifiable information and is impossible to obtain via the TTD process and is further prohibited via the privacy policy.

Nike.com has your name and other PII because you bought your shoes there. I’m sure Nike.com has this block of data on you somewhere on their server, so don’t claim this data does not exist. NOTE: Nike has it, not TTD, as you keep confusing this step. Nike’s marketing department wonders how they can get shoe buyers to buy shirts, hats and other merchandise. So Nike works with data vendors to determine the browsing habits of Darth and thousands of other shoe buyers (all completely legal). And before UnifiedID, the data companies could match about 60% of the records. Now, after UnifiedID, they can match 99% of the records. Again, TTD hasn’t broken the law. TTD hasn’t shared my PII with any vendor. But in TTD’s own words, they allow advertisers to identify users across websites.

You claim that the UnifiedID “is entirely unidentifiable data”. That’s true, until TTD starts sharing the UID with companies that do have your PII. As soon as one company (not TTD) links your PII with your UID, it’s going to be linked everywhere.

Look, I’m long TTD. I think this technology is great for TTD. I’m just disagreeing with the claim that UnifiedID will help consumer privacy.

As soon as one company (not TTD) links your PII with your UID, it’s going to be linked everywhere.

Well, no, if I am understanding how this works. True, Nike, who started off with your PII can find out about your browsing habits via UID links, but the only additional information that they have is that this UID with those browsing habits did actually buy shoes from them. Despite the link having been made at Nike, no other site would be able to access the PII at Nike, short of classic hacking methods which are going to exist regardless.

No?

So I misstated when I said “it’s going to be linked everywhere.” Nothing automatically happens to link your data everywhere. But with these data sharing agreements between vendors and ad companies, your data will get linked up eventually.

Despite the link having been made at Nike, no other site would be able to access the PII at Nike

That’s true. It requires Nike to share your PII with their advertising partners, allowed per Nike’s privacy policy. Your data at Nike has value to these ad partners. They will pay for the data, typically for a reduced rate on an ad-buy. None of this is news. Data companies have been building databases of PII and browsing data for 10+ years.

You’re right! I have no idea what you’re talking about!

UnifiedID solution can match disparate unidentifiable IDs across websites, devices, and platforms. Again, this how it does it.

Here’s a step-by-step overview of how it works:

-A user visits a website that contains an ad.
-The DSP receives the ad request.
-The DSP sends back the request and creates a third-party cookie.
-The ad exchange redirects (http redirect) the ad request to the pixel URL on the DMP’s side, passing the user ID in the URL parameter. The DMP reads its own cookie, or creates a new cookie, and then saves the user ID passed from the DSP along with its own user ID in the cookie-matching table.
-If the sync is bidirectional, the DMP makes the redirect back to the DSP, passing its own ID in the URL parameter. The DSP receives this request, reads its own cookie, and stores the DMP ID along with its own ID in the cookie-matching table.
-Now, both the DSP and DMP have each other’s’ user IDs in each other’s databases.

That is where and when the sync occurs. Open the link and look at the graph.

https://clearcode.cc/blog/cookie-syncing/

Once the cookie IDs have been synced between two AdTech platforms, they can now share or request data contained in the cookies by referencing each other’s user IDs.

This process is typically done via a server-to-server integration with the data being transferred in large batch files. Although the actual cookie-matching part happens in real time, sharing the data between platforms happens at a specified time, e.g. once a day.

This is between AdTech companies on synched IDs. The website publisher (Nike in this example) is not involved in this process. The publisher does not read the TTD or other AdTech cookie data or obtain the ID.

From TTD privacy policy. Of this data this is only how it is shared.

Data that is in our Platform is pseudonymous, which means that it does not directly identify people.

We share pseudonymous IDs that we think might be related to other pseudonymous IDs with clients and partners that use our AdBrain product.

Only pseudonymous to pseudonymous. Ie AdTech companies in the consortium.

In the terms and conditions for using the TTD platform.

Company shall not (i) import any personally identifiable information into the Platform, including by using TD’s ad tags or pixels to gather such information, and (ii) combine any TD Data or Business and Campaign Data with any personally identifiable information.

Company would be the client in an agreement with TTD and TD is the Trade Desk.

In your example you are inserting Nike or a comparable into a process where it doesn’t exist and saying that TTD is sharing data in a way in which their privacy policy doesn’t say they can do, and inferring Nike is doing something in which the terms and conditions prohibit.

So unless you have a reportable instance of this occurring and not a made up hypothetical can we close this out and move on to another topic.

Darth