The Identity Crisis: How Cookies and IDs Revolutionized (and Undermined) Digital Advertising
In June of 1994, an engineer at NetScape Communications named Lou Montulli created an innovation that would forever change the internet. Lou wanted to provide a way for websites to store stateful information such as whether or not the user had visited a website. Lou called his innovation a “cookie.” Why cookie? In a 2022 reddit AMA thread, Lou said the inspiration for the name came from a fortune cookie — a message wrapped in a container.
Just four months later, the cookie went primetime. Its first practical and documented use came during the development of an e-commerce application for Netscape. The goal was simple, allow users to store items in a virtual shopping cart. Soon cookies became a way to check whether visitors to a website had already been to the site, making it possible to offer a personalized browsing experience to the returning visitors. Keep in mind that the year was 1994 and the very first us use of the cookie was to fulfill a promise of personalization — the same promise still eludes many brands and marketers today.
The rise of the cookie coincided (and enabled) the exponential growth of the internet. In fact, became a foundational component of the internet itself. Cookies revolutionized how activity on the internet was tracked, how website were built, and how to prove traffic metrics — this data was the currency of the internet. No industry benefitted more or was reliant on cookies than digital advertising. Up to that point in time, advertisers places ads based on their ability to reach people, but lacked the ability to true determine if the ad was seen. For the first time brands could see actual ad exposure data. They could see if an ad was seen, clicked, and if a user visited the desired destination— it was a gold mine that gave rise to many of the world’s largest and most recognizable brands. The cookie made the internet a commercially viable endeavor. While it helped give rise to the modern internet it did not come without unintended consequences. While the cookie stored browser information the ability to track activities online create data-hungry advertising ecosystem. For many advertisers, knowing what people are doing online is not enough — they need to know who they are.
As advertisers sought to connect user activity across devices and platforms, the concept of unique identifiers (IDs) was born. Unlike cookies, which were tied to a browser, IDs track users (i.e. people). Cookies could be cleared essentially deleting the histoical record, but IDs offered a clear and persistent picture of intenet users behaviors. The idea is simple, connect digital identity to a real identity (name, email, address). The desire for greater fidelity and online tracking companies called identity providers emerged to fulfill this need. Identity providers built software and services on their identity data. These are called “data management platforms (DMPs)”. These DMPs allows agencies to buy “audiences” combining data from multiple providers as well as integrating any client or first party data. This was a massive leap from buying individual ad units across providers. You could now by people and target them with ads as they moved aacross the web. DMPs gave way to private DMPs. Later these solutions became attractive investments holding companies and agencies looking to build differentiated products and services.
The shift to IDs allowed agencies to provide clients with new services designed to enhance performance and measurement. With real identity they can:
- Build Profiles: Aggregate user behavior across websites, apps, and devices into rich, detailed profiles and package in the form of audience intelligence
- Enable Retargeting: Follow users from one platform to another, serving ads for products they browsed but didn’t purchase in an attempt close nearest in sales.
- Measure Attribution: Track the effectiveness of campaigns with precision, linking ad exposure to purchases.
For advertisers, this was the Holy Grail. With IDs advertisers have the ability to target, personalize, and optimize campaigns with unprecedented accuracy. However, for users, it marked a shift toward an increasingly invasive digital experience.
The Privacy Backlash
By the late 2010s, cookies and IDs had become ubiquitous. Advertisers celebrated the improved efficiency, but users began to feel the weight of constant surveillance. The targeted ads that once seemed helpful became unsettling. How did Facebook know what you searched on Google? Why were you seeing ads for shoes you browsed just yesterday?
The backlash and consequences to these privacy concessions soon followed.
- Data Breaches: Massive leaks of personal data, such as the Cambridge Analytica scandal, exposed how deeply user data was being mined and misused.
- Regulatory Response: Governments stepped in, enacting sweeping privacy laws like the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in the United States.
- Consumer Awareness: Users began demanding transparency and control over how their data was collected and used.
While there has been significant changes and improvements to manage privacy, the average consumer has little knowledge of the technical inter-workings. I do concede that but even if consumers had the knowledge of just how much their personal infomation is being used, it is unlikely that there would be a rebellion. The concession of data has become so rooted to the web experience that I personally believe that most just don’t care or don’t know what to do about it.
The Shift to Privacy
The shift away from cookies began with browsers like Safari and Firefox implementing third-party cookie blocking in the late 2010s. Google’s announcement to phase out third-party cookies in Chrome by 2024 marked a definitive turning point. At the same time, Apple introduced App Tracking Transparency (ATT), requiring apps to ask users for permission to track their data. These changes sent shockwaves through the advertising industry — and still do.
Without cookies and IDs, advertisers faced a new challenge: how to deliver relevant ads and measure performance without compromising user privacy. The cracks in the cookie-driven model became a chasm, forcing a reevaluation of how digital advertising should work. This is a massive change being navigated today.
The Dual Legacy of Cookies
On one hand, cookies and IDs paved the way for an era of unprecedented innovation. They enabled the growth of digital marketing, made the internet a viable marketplace, and provided the foundation for measuring advertising success. On the other hand, they opened the door to overreach, eroded trust, and sparked a global movement toward data privacy.
As the advertising industry now stands at this crossroads, a new paradigm is emerging — one that focuses not on tracking users but on understanding the context in which ads appear.
Looking Ahead
The cookie is crumbling, and the age of identity-based advertising is still strong but it is one that is ripe for disruption. In its place, a privacy-first world is taking shape. Over the course of this series I will dive into the evolution of targeting, major innovations. I will also lay out practical solutions and alternatives that not only respect user privacy, but offer a more personalized, better performing, and healthier advertising ecosystem.
Stay tuned for the next article in this series: “The Instability of Cookies and the Rise of Privacy Walls.”