Identity in AdTech: A Guide to Universal ID Solutions
The proliferation of universal ID solutions over the past several years reflects a genuine structural crisis in programmatic advertising. Leading AdTech vendors have rushed to fill the gap left by the decline of third-party cookies, promising better alternatives to cookie syncing, a way to compete with walled gardens like Google and Meta, and a durable path forward for open-web identity.
This guide explains why universal ID solutions and ID graphs exist, how they work mechanically, and what challenges they face.
What Is a Universal ID?
A universal ID — also called an alternative ID or alt ID — is a unique user identifier that allows AdTech companies to recognize users across different websites and devices. Universal IDs are created using deterministic data, such as an email address or phone number. That raw data is then hashed and encrypted, producing an identifier that lets companies recognize an individual without exposing the underlying personal information.
Some universal IDs operate within a single environment, such as web browsers. Others aim to identify users across environments — web browsers and mobile devices, for example. For cross-environment matching, device graphs are used to connect IDs generated in browsers with identifiers generated on other devices, such as mobile advertising IDs on smartphones.
Universal IDs have emerged primarily in response to the erosion of third-party cookies in Safari, Firefox, and eventually Google Chrome, which is slated to deprecate them in 2025. In functional terms, universal IDs perform the same roles as third-party cookies — targeting, frequency capping, measurement, and attribution — but differ in how they are created and stored.
Why Online Advertising Needs an ID Solution
Several interconnected problems drive the demand for standardized identity infrastructure in AdTech.
Identifying users across the web is fundamental to how the industry operates. Publishers earn higher CPMs when their inventory is addressable. Advertisers achieve better campaign performance when they can target, retarget, and measure. AdTech platforms derive much of their value from enabling these activities.
Web browsers do not emit a persistent device ID. Mobile devices — smartphones and tablets — emit a persistent advertising ID that changes only if a user manually resets it. AdTech companies can access this device ID during ad requests for in-app inventory, making user identification relatively straightforward in that environment.
Web browsers on laptops, desktops, and mobile devices have no equivalent persistent identifier. AdTech companies have historically filled that gap using third-party cookies.
Third-party cookies are disappearing. They are increasingly blocked or deleted by ad-blocking software, browser privacy settings (Apple's Intelligent Tracking Prevention, Firefox's Enhanced Tracking Protection), manual deletion, or private browsing modes. Google Chrome has committed to removing third-party cookie support in 2025, meaning all major browsers will soon operate without them.
Cross-platform cookie reading is impossible by design. A DSP cannot read a cookie set by an SSP on a different domain. This creates a fundamental interoperability problem for behavioural targeting and retargeting campaigns.
To bridge that gap, AdTech companies have relied on cookie syncing — a process that matches user cookie IDs across vendors. But cookie syncing carries its own costs:
- It is resource-intensive. Hundreds of web calls are made with every page load, slowing sites and degrading user experience.
- Its match rates are poor. Typical match rates between different AdTech and MarTech platforms fall in the range of 40–60%, and deteriorate further as more platforms are added to the chain.
Walled gardens have a structural identity advantage. Google and Meta operate with deterministic, people-based IDs derived from login data. This gives them targeting and measurement capabilities that open-web programmatic vendors simply cannot replicate with cookies alone — which is one reason advertisers and publishers have increasingly concentrated spend inside those environments.
Mobile ID access has tightened on iOS. In 2020, Apple changed how app developers can access a user's IDFA (Identifier for Advertisers). Developers must now obtain explicit user consent before passing the IDFA to AdTech and mobile measurement partners. Without the IDFA, individual-level targeting and attribution on iOS is largely unavailable.
The First Universal ID Solutions
Dozens of universal ID solutions now exist, but the category evolved from simpler efforts that predated the cookie deprecation wave. Early solutions were designed primarily to reduce the latency caused by cookie syncing, not to replace cookies entirely.
The Trade Desk's Unified ID 1.0
The Trade Desk, a leading demand-side platform, created Unified ID 1.0 (UID) to reduce the volume of cookie syncs executed on web pages. Cookie syncing is necessary because every AdTech vendor assigns its own identifier to each user, creating both slow page loads and poor match rates. Unified ID 1.0 aimed to standardize user identification by using a single cookie ID across the open web, improving match rates and targeting efficiency.
The first iteration used the adserver.org and adsrvr.org domains to power its ID-resolution service across web and mobile browser environments.
The fundamental weakness of Unified ID 1.0 was its reliance on third-party cookies. As those cookies began disappearing from the AdTech landscape, the solution became untenable. The Trade Desk responded by developing Unified ID 2.0 — an architecture designed to work without third-party cookies entirely.
Advertising ID Consortium
The Advertising ID Consortium was an independent governance body drawing representatives from AdTech companies including Index Exchange, LiveRamp, The Trade Desk, and Dataxu. It used a combination of cookie IDs — including The Trade Desk's Unified ID, DigiTrust's ID, and AppNexus's domain-based cookie ID — alongside people-based identifiers from LiveRamp's IdentityLink.
The Consortium ultimately collapsed due to internal disagreements about the direction of the identity solution, and the ID project was shut down.
DigiTrust ID
DigiTrust launched as a neutral, industry-wide initiative with the goal of standardizing and simplifying cookie-based user identification. It distributed encrypted, standardized IDs to members through a vendor-agnostic approach.
Despite its neutrality and broad industry backing, DigiTrust could not survive the structural decline of third-party cookies. The DigiTrust ID was shut down in June 2020.
The Universal IDs of Today
The Trade Desk's Unified ID 2.0 (UID2)
The Trade Desk launched Unified ID 2.0 in July 2020 as the successor to Unified ID 1.0.
The UID2 framework is designed to provide deterministic identity for advertising across the open internet. It serves a broad range of participant types:
- Advertisers
- Publishers
- Demand-side platforms (DSPs)
- Supply-side platforms (SSPs)
- Single sign-on (SSO) providers
- Customer data platforms (CDPs)
- Consent management providers (CMPs)
- Identity providers
- Third-party data providers
- Measurement providers
Rather than relying on third-party cookies, UID2 creates identifiers from encrypted email addresses and phone numbers — deterministic data supplied by users. This makes the identifier persistent even when third-party cookies are blocked.
Beyond the hashed email mechanism, The Trade Desk's CEO Jeff Green outlined four main elements that define the UID2 framework at the AdWeek Spotlight Event.
Further reading: More than 200 entities are listed on the Unified ID 2.0 partners list.
Core Administrator and Operators
Within the UID2 workflow, two key participant types handle distinct functions:
The Core Administrator manages the UID2 Core Service — the central service controlling access to secured data within the UID2 ecosystem. The Core Administrator provides UID2 operators with encryption keys and salts, and notifies operators and DSPs of user opt-out requests. This role is currently held by The Trade Desk.
Operators manage the Operator Service via the UID2 APIs. They obtain and retain encryption keys and salts from the UID2 Core Service, salt and hash personal data to return raw UID2s, produce UID2 tokens, and distribute decryption keys for those tokens.
UID2 distinguishes between two operator types:
- Open operators (also called public operators) run public instances of the Operator Service and make them available to all UID2 participants. Demand for public operators has been relatively low in practice, and most UID2 operators operate privately.
- Private operators (also called closed operators) run internal versions of the UID2 service. They process and hash first-party data — either their own or from clients — entirely within their own tech stack to generate UID2 IDs.
The Trade Desk has integrated with a range of prominent private operators, including IPG, Paramount, Disney, Optable, Salesforce, Adobe, Snowflake, and Amazon Web Services.
UID2 workflows. Source: unifiedid.com
Further reading
- Working Together to Support UID2 — IAB Tech Lab
- Unified ID 2.0 Faces Roadblocks In Europe As A Result Of GDPR — AdExchanger
- AdExchanger's Regularly Updated Guide to UID 2.0 — AdExchanger
- Unified ID 2.0 Overview — Unified ID 2.0
ID5
ID5 is an independent identity provider that enables publishers, data providers, and AdTech companies to run addressable and measurable advertising campaigns.
In July 2019, ID5 made its identity solution available through Prebid.js, allowing publishers and AdTech vendors to incorporate the ID directly into header-bidding auctions.
ID5 has partnered with a wide range of ad agencies, SSPs, and AdTech vendors, including OpenX, The Trade Desk, and TransUnion. Its stated goal is to build identity infrastructure that spans multiple channels — web/display, in-app mobile, and CTV. The company processes around 10 billion signals per day and also offers a licensable device graph and an SDK for in-app mobile.
A notable differentiator: unlike solutions that rely exclusively on deterministic data, ID5 creates IDs using both deterministic and probabilistic signals. ID5 claims to be the most widely present and persistent ID in programmatic transactions.
Secure Web Addressability Network (SWAN)
The Secure Web Addressability Network (SWAN), also known as SWAN.community, is an open-source, decentralized identity solution with some structural differences from UID2.
Key characteristics of SWAN:
- It is open source and decentralized.
- It produces an identifier called a Secure Web ID (SWID).
- Publishers and consent management platforms (CMPs) must work with at least one SWAN Operator to use the system.
- Users can audit which companies have handled their data and reset their identifier at any time.
- The main companies behind SWAN.community include Zeta Global, 51Degrees, OpenX, ENGINE Media Exchange (EMX), PubMatic, Rich Audience, and Sirdata.
The SWAN Ecosystem
SWAN operates through two participant categories:
SWAN Operators facilitate the use of SWAN data by publishers within the SWAN Network.
SWAN Senders and Receivers use pseudonymous identifiers to recognize users and their preferences during media-buying transactions. SWAN data is passed from Sender to Receiver, and each transaction must be cryptographically signed by both parties to ensure transparency.
How SWAN Works
When a user visits a SWAN-participating website for the first time, they are presented with a consent interface where they can reset their SWID, opt into personalized advertising (optional), and provide an email address (optional).
If an email address is provided, it can be used with other ID solutions that generate identifiers from hashed email addresses — such as UID2.
Once a user updates their preferences, those preferences are passed to SWAN Operators, who propagate them across the SWAN Ecosystem. The SWID is stored in a first-party cookie and can be used for ad targeting, frequency capping, measurement, and attribution.
Users who have set their preferences will not see the consent interface again on SWAN-participating sites, but can update their preferences on any participating site at any time, with changes propagating across the network.
An example of how the SWAN consent box could look. Source: swan.community
Note: This SWAN initiative is distinct from the Storage With Access Negotiation (SWAN) proposal submitted by 1PlusX to the W3C Business Group as part of Google's Privacy Sandbox effort.
Flashtalking Identity Management
Flashtalking, an ad-management and analytics-technology company, offers a cookie-less tracking solution called FTrack.
FTrack incorporates data from multiple devices and across web and mobile app environments, producing a probabilistic ID that supports both audience targeting and conversion attribution. Unlike deterministic solutions, it does not depend on users providing email addresses or other login data.
Other notable providers in the ID resolution space include LiveIntent, Throtle, Lifesight, Novatiq, and Adara.
ID Solutions and ID Graphs
Many of the leading data platform vendors have developed their own universal ID solutions, connected to ID graphs. The distinction matters: ID graphs allow companies — advertisers, publishers, and AdTech platforms — to identify individuals across different devices, not merely across different websites.
LiveRamp
LiveRamp offers a range of data services, including first-party data onboarding and identity resolution. Its RampID is a persistent, privacy-compliant identifier designed to recognize users across devices and channels.
RampID integrates both first-party and third-party data, relying heavily on deterministic sources such as email addresses and phone numbers. It maps user interactions across mobile, desktop, and offline environments, enabling consistent audience recognition across touchpoints.
Tapad
Tapad operates in the ID graph and cross-device resolution space. The Tapad Graph enables marketers to run cross-device targeting, personalization, and attribution by identifying users at both the individual and household level, creating a unified customer view.
In February 2021, Tapad launched a product called Switchboard, designed to provide interoperability across cookieless identifiers — first-party cookies, mobile IDs, CTV IDs, and others — that are expected to replace third-party cookies. Switchboard uses machine learning and probabilistic matching to link these disparate identifiers.
Neustar (TransUnion)
Neustar, part of TransUnion, developed TruAudience — an identity graph solution for omnichannel marketing. Powered by Snowflake, TruAudience ingests and integrates data from multiple channels into a single customer view.
The solution links fragmented data using a persistent ID built on historical and current attributes for over 250 million individuals. This encompasses both traditional identifiers (addresses, emails, phone numbers) and digital identifiers (IP addresses, Mobile Ad IDs).
Epsilon
Epsilon is a data and digital marketing company acquired by Publicis Group in April 2019. Epsilon operates an ID graph drawing on both cookies and mobile IDs, and also maintains its proprietary CORE ID.
CORE ID is an identity resolution solution built primarily on deterministic offline identifiers — name and address data — giving it claimed accuracy in mapping consumer identities across touchpoints for both publishers and advertisers.
Zeotap
Zeotap is a customer intelligence platform that allows brands and publishers to connect CRM data with identifiers in its ID+ product.
ID+ works across both web and app environments on mobile and desktop by linking a universal ID to every customer profile in Zeotap's CDP. Built on top of a deterministic identity graph, it is designed to be interoperable with other identifier systems.
How ID Graphs Work
ID graphs have existed for years but have gained significant traction as third-party cookie deprecation has made cross-device identity resolution a more pressing need.
Rather than tracking users across websites, ID graphs aim to create a single customer view (SCV) — a consolidated picture of an individual's behaviour and data points across multiple devices and channels.
Here is how most ID graphs function in practice:
Step 1 — Data collection: A company sends its first-party customer IDs to the ID graph. These IDs can originate from websites, mobile apps, CRMs, CDPs, or DMPs.
Step 2 — Matching: The company's first-party IDs are matched against the other IDs already present in the graph, using a combination of deterministic and probabilistic matching techniques.
Step 3 — Activation: With matching complete, the company can identify its customers across devices and channels and execute cross-device activities such as ad targeting, personalization, and attribution.
Challenges Facing These ID Solutions
Beyond the scaling limitations — hashed email addresses are not as ubiquitous as third-party cookies were — all identity solutions share a deeper structural challenge: they still depend on identification. They have replaced one type of tracking mechanism with another.
The problem is that companies controlling key platforms — Apple and Google in particular — are continuously strengthening their privacy posture. Apple's ITP and changes to IDFA access have already constrained mobile identification significantly. Google has made iterative changes to Chrome's handling of third-party cookies and is committed to deprecating them entirely.
The pattern suggests that AdTech companies are in a cycle of moving from one identification method to the next, with platform operators eventually closing each avenue in turn. Many industry observers have concluded that current universal ID solutions are best understood as transitional rather than permanent.
The broader directional view gaining traction in the industry is that effective advertising will ultimately shift toward privacy-preserving, cohort-based, or contextual approaches — where individuals are not identified at all. Whether and when that transition becomes dominant is still an open question.
In the interim, identity solutions of the kind described above remain the practical means by which companies maintain audience addressability, targeting accuracy, and measurement capability across the open web.