Anonymous and Authenticated: Digital Identity on the Open Internet
The internet has always been split between the “anonymous” and “authenticated” versions in one way or another.
Even in the early days of social networks with MySpace and Facebook, the internet was rooted in different philosophies around identity. There are a few social networks such as Reddit and Telegram that thrive by offering anonymity, but most of the other players are taking the opposite route. The basic approach of identity on the internet lies in different value exchanges with the consumer, with some players such as Twitter allowing for the two options simultaneously.
I would argue that there is value in both, as they satisfy different consumer needs. But with this post, I won’t focus heavily on the walled gardens, but rather on the loosely called “open internet”.
Identity Starts With the Consumer
Before we get into the specifics of the anonymous and authenticated internet, it makes sense to acknowledge where it all started — with the consumer. For those of us in advertising, it is the consumer’s identity we are trying to determine digitally and it is the consumer who chooses to be identified or not. It is our task to figure out how to educate users about their rights and understand what their choices mean. In our industry, the publisher is positioned closest to the consumer so effective communication between the two is necessary in order to deliver successful messaging throughout the user journey. When this initial message is communicated to the user, it kicks off the journey of the advertising dollar around the ecosystem and all of its players. However, the consumer has always had a split personality on the internet — between anonymous and authenticated — creating two parallel pipelines carrying the money bag.
It is worth noting that there is a disparity between the average consumer and the ad tech industry in understanding “digital identity”. Digitally identifying an individual for advertising purposes does not mean knowing everything about that person, something that is obvious for people in ad tech, but far from obvious for the average consumer, who only sees the headlines related to its misuse. Likewise, the anonymous internet does not refer to the “dark web” — it could simply mean navigating while using an incognito browser mode or a VPN. In short, ad tech cannot personally identify users on the basis of IDFA, cookies, GAID, or others. Taking this discussion forward, we should be aware of the existing differences and the need for clarification.
The Two Diffused Internets: Form and Function
The web started off as anonymous (e.g., Craigslist, MySpace, and mIRC), but it evolved to become authenticated with AOL, MSN, Yahoo Messenger, and later with the likes of Facebook, Google, and YouTube. Today, we experience an increased separation between “two internets”: the authenticated (logged-in) web and the anonymous or private (open) web.
From the consumer perspective, there are very specific and important use cases for sharing personally identifiable information (PII) such as email addresses or phone numbers. These can be broadly categorized under four groups:
- Cross platform/device access
- Advertising business model
If we look at the gaming industry up to this day, most user names are aliases — a representation of ourselves as part of an imaginary world. However, this is changing as games are no longer a niche market but rather a mass-market phenomenon spanning across all platforms and consumer demographics. For instance, Oculus now demands a Facebook login for accessing its VR platform, while on Snapchat — although requiring a phone number or email — consumers can keep their identities concealed.
For most of the use cases above, players within the open internet — and with it, advertising — rely on the now (in)famous third-party cookie, either for their own analytics or for exchanging information with third parties for retargeting and other marketing purposes. But most of the aforementioned objectives don’t apply in an equal manner to, let’s say, news outlets, niche websites, or pure mobile casual games and apps that neither have lengthy user sessions nor many touch points in the user journey.
What both the walled gardens (with their authenticated web) and their counterpart (the anonymous open web) have in common is the same business model: advertising. With this, we include both brand and direct response ads (e-commerce or app installs).
And this is what I am going to focus on in today’s article, as advertising is and will continue to be the lifeblood of content creators on the internet as well as an incentive for the open web — a playground that even the walled gardens need to share. And it’s our job to make it thrive.
The authenticated internet
The authenticated internet is mostly split between the walled gardens which take only 34% of consumers’ time spent online but is still considered more valuable to advertisers. This is due to the ability to build profiles around those identities across the web and ultimately increase addressability, as well as measurement for brands and advertisers, which results in a higher return on ad spend (ROAS), including potential optimizations/self-attribution. The majority of this part of the identity spectrum is composed of the walled gardens — Google, Facebook, and Amazon (with Twitter, Snapchat, and TikTok trailing behind in the western world).
Outside of the big three, there are apps and sites offering login options both with and without ads. The main idea behind this business model is pinned in the clear value exchange for the consumer — either getting free content for seeing ads (including the use of search engines or social messaging) or paying a monthly subscription to access the content unrestrictedly.
For example, Facebook generated on average $140 per consumer in advertising within the US in 2019 — with individual consumers spending over two hours per day across Facebook’s various platforms. At the opposite end of the spectrum, we have hyper casual games with an average revenue per user (ARPU) of less than 50 cents and around four minutes of time spent per day in the app (and with a much shorter lifespan).
The anonymous internet
Hyper casual games (which rely almost entirely on advertising) are not the only category affected. Around 95% of apps in the app stores are free and most of them monetize via advertising. For instance, within Verve Group’s programmatic exchange, we have over 200,000 apps monetizing with ads and that’s just on our own platform.
According to OpenX’s report on the open web vs. the walled gardens, consumers spent more time overall on the open web than inside the walled garden’s platforms, and that gap is only set to grow in the future.
At the same time, the identifiers are the pillars of the open internet and are now collectively being deprecated, including Apple’s blocking of third-party cookies in its Safari browser, the IDFA opt-out, and Google Chrome’s third-party cookie ban soon to come.
As Facebook has found out in its testing, the loss of a unified identifier such as the IDFA, comparable to cookies on the web, is expected to have an impact on advertising revenues by at least 50%.
It’s clear that there is a gap in monetization and that the survival of the open web is at risk.
In order to bridge this gap, the first and most important step is explaining the value exchange to the consumer between what is offered to them, what data is being used, as well as the purpose for which it is being used for. This is a critical first step and needs to be done with a privacy-first mindset — with transparency and consumer choice at the forefront. Not all consumers have the same needs. While some do explicitly want targeted advertising, others do not want to be tracked at all. What specific value the offering can bring to an individual is up to the publisher as well as the advertiser to communicate these values effectively to different consumer groups.
Coming back to the points above and covering the advertising use case, the first thing a consumer sees when they open an app or a website is the privacy pop-up. At Verve Group, we have covered this case in-depth in one of our previous articles and there are also detailed overviews from Adjust and Adikteev on this topic. What I encourage everyone to do is to start testing and share best practices.
Solutions: What the (Open Web) Industry Is Doing
Once we (the open web) take the first step towards the consumer, the next step is on us — the participants within the open ecosystem. If there is one thing I have learned working in this industry for over a decade is that it employs some of the most creative and adaptable minds that I have ever met. Our industry has always been in constant motion and evolution and these new challenges will hopefully bring us all closer together. We can already see signs of collaboration between industry players such as LiveRamp and Nielsen’s partnership with The Trade Desk for their Unified ID. We have seen vendors pulling together to form the SKAdNetwork Alliance, including Fyber, Aarki, Liftoff, AdColony, and others. Other industry initiatives such as IAB’s Project Rearc (tackling addressability and identity) and Prebid (with an identity Product Management Committee (PMC) and a taxonomy PMC) are also emerging and evolving.
Before we dive deeper into the technical solutions, there are a few things to differentiate:
Web (including mobile web) vs. mobile apps
- Web, as well as mobile web, are actual websites, whether they are accessed from a computer or a mobile device.
- Mobile apps, on the other hand, refer only to the actions that happen inside a specific app. When the consumer leaves the app and accesses a mobile website from the device, it can be categorized under the point above.
Authenticated vs. anonymous
- Authenticated means the consumer’s identity is revealed when they are using this app or website, whether through an email address, phone number, or IP address.
- Anonymous means the consumer’s identity is not revealed, and the app or website cannot identify this individual.
Consent vs. opt-in
- Consent refers to privacy law, foremost the GDPR or CCPA, and is something that has to be actively asked for by law.
- Opt-in is a platform-specific rule where the consumer can choose whether they want to opt-in or not (e.g., for tracking).
We’ll start with the web space — which has often been seen as the leading platform in the advertising industry — and compare it with the mobile app space. Similar to third-party cookies on the web, mobile app consumers are pseudo-authenticated, however not by choice, but rather by design via MAIDs (mobile identifiers, such as IDFA and GAID). Today, apps are able to track consumers with implied opt-ins. In certain jurisdictions, their usage is regulated, similar to third-party cookies via local legislation (EU: GDPR, US: CCPA).
These all consequently lead to lower eCPM rates for marketers in the open ecosystem. Safari’s Intelligent Tracking Prevention (ITP) leads to 30% lower eCPM rates than on Google Chrome, which has not deprecated the use of third-party cookies yet. Most websites already discount Safari traffic in their monetization mix. Within the in-app environment, Apple’s other enforcement — the IDFA opt-out — can lead to up to 50% lower revenues for publishers.
Hence, independent creators don’t only face competition for advertising dollars from the platform gatekeepers, but they also face additional challenges due to privacy regulations or platform changes (iOS 14, third-party cookies), which require investment from the open ecosystem’s vast number of players.
Let’s now see how we are resolving these identity challenges when it comes to anonymized vs. authenticated consumers in our ecosystem. The digital identity landscape looks somewhat like the image below (inspired by Prebid’s version by Stefanie Layser).
Looking at authenticated solutions, the most predominant one on the market is the Single Sign-On (SSO) from The Trade Desk, known as Unified ID 2.0. It’s closely followed by solutions from LiveRamp (ATS) as well as ZeoTap and Kochava, and also by an open-source Shared ID donated by Magnite (previously Rubicon) to Prebid. These are all governed by Project Rearc from the IAB Tech Lab in terms of mediating, aligning, and moving forward the common roadmap and goals. Previously available solutions also include OpenAudiences by OpenX and Identity Hub by PubMatic.
As we know, first-party data has a high value and it will become even more so, as industry-wide identifiers and third-party cookies become unavailable. Much of the first-party data will now come directly from publishers, however, in order to monetize it, they need a data management platform (DMP), which can analyze the data points and optimize campaigns. For instance, UK-based DMP Permutive suggests that publishers create their own ID within their consumer base. This way, publishers become their own walled gardens, because data goes in — but doesn’t come out.
ID5 adds another layer — which is ‘inferred IDs’, or probabilistic attribution/ fingerprinting (if IDs are inferred).
ID5 suggests a solution for the web where authentication is not limited to first-party data, but rather uses an algorithm to send passive signals — what they call inferred IDs. However, this method will not be allowed on mobile, at least not for iOS consumers for now.
The most recent industry solution is from Prebid — the SharedID — which bridges the gap to The Trade Desk’s Unified ID 2.0, and it can be used as either a first-party or a third-party identity tool. Just as The Trade Desk’s Unified ID 2.0 aims to be open-source when released, the SharedID is a community-owned solution donated by Magnite.
From the anonymized side, looking at the web space in the bottom middle of the pyramid, there are solutions on how to create anonymized segments or cohorts without tracking a specific person, such as Turtledove or Sparrow. These methods do not rely on consumer login or PII data but instead generate audiences through contextual and behavioral data derived locally on the device. These practices are not only privacy-centered but also future-oriented, allowing consumers to enjoy free content while preserving their privacy. However, they too have their limitations.
In mobile advertising, building audiences based on contextual data is still in its early stages. However, the broader concept is not new — if we look at gaming apps, consumers are put into cohorts for analytics, user acquisition, and optimization purposes. Cohorts are usually defined based on their behavior within the game or their predicted value (through in-app purchases) as they progress and engage with the content. The idea of building audiences based on contextual and behavioral parameters is similar to segmenting players into cohorts, but in this case, we look at it from a publisher perspective, rather than from an advertiser perspective.
Although more prominent on the web vs. within apps, there are a few companies who have already made this work. Some publishers such as Vice rely heavily on contextual advertising. Even if it’s not as effective as behavioral targeting, it can contribute well to a diversified strategy.
IAB is working on a common language to translate and define context between publishers and advertisers with their so-called IAB Taxonomy. This will help the whole open ecosystem to trade within it, something that is becoming a growing challenge.
In terms of audiences provided to buyers, there are two taxonomies that the IAB is developing:
They are well diversified but do not have a high adoption rate yet, mainly due to previously limited necessity. This will likely change very soon. Additionally, Prebid is working on a solution which is chaired by Permutive, mentioned above. Verve Group’s audiences are not far from that and I think there will still be a big market for custom audiences in the future. If we look at Verve Group’s privacy-first audiences, NumberEight, and IAB Taxonomy, we see that there is a lot in common.
We have summarized and regrouped the information above (and a few other data points) in the table below. It is not exhaustive by any means but should prove a guiding tool in navigating the increasingly complex topic of digital identity on the internet.
A hybrid approach
The resurgence of the digital identity slump will consist of a hybrid combination of some of the proposed solutions above. As with free apps, which need both in-app purchases (IAP) as well as ads for a high-performing monetization strategy, the advertising industry also needs both authenticated and anonymized solutions for digital identity in order to make it function. Even though there is a lot of work to do and many hurdles yet to overcome, it is a sustainable approach that will benefit both the consumer and the open web as a whole. Until we get there, in addition to tackling the challenges and following the proposed solutions, here are three steps I want to suggest to master digital identity:
- Start testing for consumer opt-ins
a. A/B test, collaborate, share!
- Start testing solutions for anonymized consumers
b. Buying LAT users
c. On-device audiences
- Start diversifying through different business models (advertising just got harder)
a. Platform expansions (decrease dependency)
b. IAP (especially for indie devs on iOS)
d. Diversify existing advertising revenue streams (programmatic, direct sponsorships, contextual advertising, etc.)
Across the Identity Gradient But With the Consumer in the Center
At the beginning of this exploration into digital identity, I pointed out that it all starts with the consumer. While we are working on determining the potentially lost identity of the consumer — and at the same time saving the open web as the last instance of competition in digital advertising — there are reasons for robust optimism in the future of our industry. The first one is that, in an attempt of survival, our open ecosystem is collaborating with each other as never before, which is vital in the fight for our industry’s continued existence. Not only some, but all players should participate in this collaboration — publishers, advertisers, ad networks, and industry bodies alike. The other reason is actually providing a better space for the consumer, through educating them about their rights and providing services that fit their needs, at the same time working for all corners of the open ecosystem. After all, what consumers want is full transparency and control.
We have consumers from both worlds — the anonymized and the authenticated — and together they not only make up the internet as a whole but also build upon each other. Without the authenticated consumers, the amount of content that is offered for free today would not have been possible. At the same time, the anonymous internet can foster freedom of speech, dialogue, and make platforms such as Reddit possible. Next, the open internet will shift from previously being predominantly addressable (via third-party cookies) to being more anonymized — closer to how it was in the early days of the web, while another significant part will transition to authenticated. However, both will remain equally important. Digital identity is not drawn in black and white, it’s a gradient. One that has become more clearly defined as digital services become an increasingly integral part of our lives.
What has always been the origin of life on the open web is the user, exploring the worldwide web for entertainment, communication, shopping, or collecting knowledge, and we have learned to rely on the internet with advertising — and identity — as the core funding mechanism. Almost five billion consumers participate in this through their privacy choices. As they do, it is our job to educate them, optimize their digital experience, and find ways to overcome the upcoming challenges for the betterment of the open web.
Further Reading Materials:
- AdMonsters Identity Playbook
- Quantcast webinar “A Rallying Cry for the Open Internet”
- Wired article on “Can Killing Cookies Save Journalism?”
- Mobiledevmemo — Eric Seufert on “Apple and Facebook’s sparring over IDFA helps no one”
- Identity 2021 webinar with industry experts by ID5
- True data video series “The Series”
- Tapad webinar on identity resolution
- The Trade Desk on identity