B (6:09)

There's a bit of a natural experiment here that took place that revealed the, the lack of impact of, of UID2. So.

C (6:18)

And it wasn't just the lack of impact also because like this publisher also said like this whole episode really made them like doubt the integrity of the data that was underlying UID 2 and like email based identifiers more broadly. Because their whole thing was like the Trade Desk is the administrator of the UID2 protocol. They're a DSP that's seeing all of our bid requests. They should be able to figure out that like hey, there's something wrong here that's not producing like an uptick in demand or, or like there's something wrong with like The U. The UID 2s that they can't be reconciled to like other data graphs. And because the Trade Desk never raised any red flags on this implementation for a period of three months, like it gave them serious doubts about like well, what's going on with UID2s that the trade Desk isn't catching, you know, and I'm like a legitimate publisher that made like a good faith like error, you know. What this source was saying was like they're not confident that after this, this incident that the Trade Desk would catch like bad faith things that like shady publishers are doing passing like bad, bad IDs third party data instead of first party data, you know, just to try and drum up demand for their, for their bid request.

A (7:28)

It does seem like that is the bigger issue here rather than the technical mistake. The fact that nobody appears to have a good way to validate all of this stuff at scale, I mean on the revenue question is also really, really fascinating. But one of your sources said that maybe three months was too short a time so we could throw them that bone because it wasn't that long of a period of time where they didn't realize what was going on.

C (7:52)

Yeah. And on the revenue like impact piece like that was like, you know, when I talked to the Trade Desk about this, like their big takeaway was like we might have noticed something was wrong if there was like a, either a big like like questionable spike in demand or like some kind of like steep drop off in demand resulting from like a flawed UID 2 setup but like because there was no big spike either way, it was something that just basically flew under their radar.

B (8:18)

I personally believe in the idea of doing email matches for targeting. When I was on the publisher beat, I always thought there was so much potential there. People would use Liveramp to do matches so like you could match, I don't know, New York Times subscribers against news Netflix subscribers and maybe not target the people who were already subscribed to Netflix, for example. So it feels like there's so much potential with CTV because you do have a lot of email addresses. So it's kind of I guess a

C (8:52)

bummer you need something because cookies don't work in ctv.

D (8:56)

Yeah.

B (8:56)

So yeah, it just feels like a bummer that it, it couldn't work as a concept. It makes me wonder is it, is it the technology? Is it buyers? Is there some kind of data fidelity issue? Like I mean where, what do you think are the factors or non factors here?

C (9:14)

So I mean as far as like you know, criticisms about using email based identifiers for ctv, there's like this has been like a years long conversation and like you know, a lot of it goes back to just like the idea of having to marry all these different data sets. Like I was saying before, like a lot of CTV and TV publishers, they're more focused on you know, household IDs and IP addresses. But in order to kind of like match that against email based identity graphs, you have to do like some extra work that they don't really like correspond one to one. And there's been some like recent findings like I know SIM published something at the end of last year that cast a lot of doubt on like you know, the IP address to like to email matching. I think they said it was like only flip. Yeah. And it wasn't even, it was like even worse than that when they saying it was like only accurate in like 16% of cases or something like that.

A (10:07)

I'll have to look it up, keep going and I'll do a little Google search to look at our past story. But yeah, it's just, I mean the takeaway.

C (10:14)

Yeah. And the 16% thing is a stat I have rattling around in my head from that that some reports I think that was what it was. But. But yeah, basically like you know there's been more research recently around like you know how viable is like this kind of like stitching together of these like different ID graphs and you know some indications are that there's a lot to be desired there.

A (10:37)

What I would love to know just to do A little behind the scenes on how this story came to be. Tell us how the sausage was made because you've been working on it for a really long time. It's very well sourced, very well reported, you took your time, you talked to all the principals. So maybe you can just give listeners a little behind the scenes look at your, at your process. Like, how did this even come to be?

C (10:59)

Yeah, I think my initial conversations for this story like stretch back to like February. So like, I've been, I've really been like working on this for like the bulk of the year. And so like, you know, a big part of it was like, like I said, like this, like the CTV publisher like brought this to our attention. It wasn't like we were like going out like looking for like publishers to, you know, to poke holes in like UID 2 or anything like that. This was something that just completely came, you know, like landed on our laps. But then like, because it was like, you know, I, I only really had like one, one publisher source like, to begin with. Like, I wanted to like bounce this off like a lot of like knowledgeable people to get a sense of like, how widespread could this be? How big of a problem does this seem to be? Like all these kinds of different things. And when I was talking to my sources, like that was like where like this angle about like, you know, these like more widespread concerns about like email based identifiers, like came out. And then like, you know, everybody was basically saying like, yeah, you know, like what this publisher sources is describing is like totally within the realm of possibility because like under that private operator set up under the UID 2 protocol, it really is publishers who are responsible for, if they are private operators for encrypting this information and passing it into the, into the bitstream and the trade desk. Like basically as the administrator of UID 2, they hold the keys for like de. Encrypting this information between the buy side and sell side to make sure that like, you know, these ID graphs can communicate. But you know, as we kind of like see here, they're not necessarily like looking at like, you know, decrypting every single bid request that comes in to check that like the UID 2 implementation was done properly on the publisher's part. And again like what the trade desk was kind of telling me there was like, you know, we have tools for private operators to test their setups and make sure they're accurate and we do like extensive vetting when they first sign up as private operators to make sure they have all their contracts in place and they have like, you know, the control of the, of the data that's going to be used and like all these things to make sure that that stuff is properly set up at the outset. But then like when it comes to like vetting this stuff, like over time it feels like it's like kind of, you know, only when we have reason to look into it are they really kind of like, you know, digging deeper. They do some like periodic reviews of like private operators. But like the expectation that a lot of people that I talked to was like, well they're dsp, they're seeing everything and they're the administrator. They must be like double checking this stuff more consistently. But then what the trade Desk was telling me was like we view our roles as a DSP and as the UID2 administrator to be completely separate things. So people shouldn't necessarily expect us to catch flaws in UID 2 setups just during the day to day processes of running a DSP. We look for that stuff when we're acting as UID2 administrator to vet the things. But that being said, the original CTV publisher I spoke to, when I brought that kind of take from the Trade desk back to them, they were not sure.

A (14:00)

They were not impressed.

C (14:01)

Yeah, it was just their take was whether they look at that as two different roles. They're still both roles that are owned by their business. So like they should.

A (14:13)

So to be fair, the Trade desk did try and find, they wanted to find somebody else to be the administrator. They tried the IB Tech Lab and the IB Tech Lab thought about it for a while. We covered that back and forth, multiple stories and then it just never came to be. So I don't know. I mean, do you think the trade Desk won? Do they have a chance of finding another independent administrator? Because I really can't imagine who would do it other than the Ivy Tech Lab. And two, is there almost some dispensation for them because they made this thing, they intended to have someone else be the administrator, but now they're sort of stuck doing it. In a way, yes, it was their own creation, but it's not, this is not the vision really for how it would be administered.

C (14:58)

Yeah, and like I did like this was like another thing that came up in my conversations with my sources because there was like a lot of like confusion about like is the trade desk like the only administrator here? Because we heard all this stuff about the Tech lab was involved and there was a point where Prebid was also in the conversation. Although to be clear, Prebid was never considering being the administrator of UID2. They were only considerating being a private operator like I described. But yeah, I bounced this off the IB Tech Lab. Shelly Singh over there told me the only role that the Ivy Tech Lab has in overseeing UID2 is just making sure that the protocol remains open source. Beyond that, they have no other responsibility. And they declined to take on the administrator role back in the day. And yeah, you know, I bounced this also off. Like I was saying, it bounces off pre bid, you know, like why, like, you know, what were their kind of concerns? And like, because they also opted not to be a private operator of UID2. So they're really not involved in UID too. And I was talking to Garrett McGrath who's you know, the chair of previt.org and he was saying basically like they would have been a private operator if the trade desk wasn't the administrator. But because like nobody else took on the administrator role and the trade desk kind of became the de facto administrator, they kind of walked away from it. And like his take was like, you know, it feels kind of weird with the trade desk grading its own homework on all that. So there's, we didn't really want to be involved.

A (16:21)

No one else is willing to grade it.

B (16:23)

And I think the reason why no one will do it I think is because of privacy concerns around email based targeting. I mean, I said I was pro in the sense that like I think it's cool for a publisher to use their data and match it with someone else's data. Like that feels like a clean, roomy type implementation. But I think with UID too, when you're trying to scale that across the open web, it does introduce privacy concerns. And I remember many years ago being at an IB event where they were talking about a predecessor to this idea that the Ivy Tech Lab was working on. And that room was like spicy. People were really up in arms about this. And I think a lot of people's personal moral compasses felt, you know, they were spinning, they were feeling the disturbance and the force there because it was just something that they felt strongly about, that it shouldn't be done where we're like kind of hashing emails at scale across the whole open web, you know, which I think if you squint it kind of, you know, there's definitely similarities but important differences between the those two things. So it's just, I think that's kind of where, where it's landed is that,

C (17:44)

yeah, when I kind of dug into this, like you Know, like the trade desk was very like, you know, like we can't ever see like the PII that underlies the stuff. Like all we can kind of do is just like de encrypt it to make sure that the two different like sides can communicate with each other. But that being said, like I pointed out before, like when they were, when they're vetting like private operators, like they have to do like all this like vetting of like their contracts that are in place to make sure that they have the proper data permissions and all this stuff. That's a lot of responsibility and a lot of liability which like speaks to like, you know, why people maybe would not have wanted to be involved as the administrator. And I did bounce the question of like, is the trade desk still open to finding a third party administrator off of the trade desk? Samantha Jacobson. And what she was telling me was yes, you know, if the right third party administrator presented itself, she didn't really get into details of what that meant but like you could kind of infer like, you know, if, if the IAB Tech lab changed their mind maybe, you know, there might be something there or

A (18:43)

send in your applications.

C (18:44)

Yeah, or so yeah, you know, they're open, they're open to hearing pitches I guess. But you know, in the absence of a viable third party, the responsibility falls on the trade desk. And also like, you know, when it comes to concerns around like, you know, what's going on here, it's not just the privacy concerns around hashing all these email addresses at scale. People have also expressed like, you know, competitive concerns like potential conflicts of interest on the trade desk part where it's like, you know, it's a DSP that's decisioning on data fields that are included in bid requests. So like, is it really proper for the trade desk to be decisioning on the presence of UID2 is when it serves as the administrator of UID2 and like, you know, they've invested a lot of resources in backing the protocol. So it's like, do they have incentives to drive adoption of UID 2 even if it's not really producing the results that it's supposed to?

B (19:35)

Thank you, Anthony. There's a lot to get into there. You can go read the story for a bit more detail and, and when we come back, we're going to talk about Code Java and what's next now that it can't share sensitive location data. Stay with us. I'm Sarah Sluice, editorial director of Ad Exchanger, and with me today is Samantha Dasher, SVP of Publisher Strategy at Verve, where she works with publishers on audience development and what may be one of the most interesting moments that Open Web has had in a decade. So welcome, Samantha.

D (20:16)

Thanks so much, Sarah. It's great to be here.

B (20:19)

Audience development is going through a real shift right now. How are you seeing discovery actually happen today?

D (20:27)

Discovery is no longer a one way highway and honestly I think that's a very good thing for publishers. A reader might find a story through Google, a friend texting them a link, a newsletter, a podcast mentioned TikTok, or increasingly through ChatGPT, Perplexity, or Gemini. What's changed is that there are now more surfaces rewarding quality content instead of fewer. If you create something useful, authoritative or genuinely interesting, there are multiple ways for that content to travel to the consumer. At Verve, we have a unique lens into this because we see roughly a billion publisher searches and LLM prompts every day. That means we can watch behavior shift in near real time. And, and what we're seeing is that the strong content tends to win everywhere. A well reported article might rank in search, get cited by an AI assistant, show up in a newsletter and spark discussion elsewhere. And that compounding effect is real. And for publishers, it means the opportunity today is broader than it was during the era where everyone relied too heavily on one channel. So diversified discovery is healthier, more durable, and frankly, way more exciting.

B (21:32)

So one of the biggest shifts that you just alluded to is that if I'm looking for information, I'm not typing it into a search engine as often anymore. I'm putting it in a prompt and it's giving me that full answer. So what does that open up? How does that change things?

D (21:50)

Oh, a lot. Search queries were often really shorthand, two or three words with very little context. And prompts are very different from that. People are telling AI systems exactly what they want, often in full sentences with details, preferences, constraints and intent layered in. And that gives a much richer understanding of what consumers actually care about. Someone isn't just typing running shoes anymore. They're saying that they need marathon shoes under a certain budget because they over pronate and train four days a week. That's a completely different level of signal. Because we sit across both search and LLM activity at scale, we get to see that evolution happen side by side. It's one of the clearest indicators of where audience behavior is going. And for publishers, I think this creates real opportunity. The sites with actual expertise, niche, authority and content that answers nuanced questions well are positioned to win. This is a much better environment than the old game of chasing keywords and volume for the sake of volume.

B (22:56)

So with discovery changing so much and happening in so many places and new places, how are the publishers that you think are the most forward looking and innovative thinking about where to invest?

D (23:10)

The smartest publishers we work with are doing two things at once. They're protecting and optimizing the channels that still matter today, while also investing in assets that compound tomorrow. So search still matters, it drives meaningful traffic and revenue, and publishers doing it well should absolutely stay focused there. But we're also seeing real momentum behind newsletters, registered users, first party data strategies, direct relationships and content built to perform across AI surfaces. Those investments travel further because they create value across multiple channels at once. And part of what we help publishers do at Verve is understand where they already appear in search and LLM environments, where white space exists and where they can grow. When you can see a billion of these moments a day, patterns become very clear. I genuinely think this is one of the most interesting moments publisher has had in years. And I've been doing this for 16 years now. There are way more ways to reach audiences, more ways to monetize quality, and more value being placed on what great publishers do best.

B (24:15)

So audience development is expanding and it's important to think of audience development as something that's encompassing AI as well as all of these other tactics that people have been using for a long time. So thank you, Samantha, and thank you to VERB for supporting Ad Exchanger podcast.

D (24:33)

Thanks so much, Sarah. It was a real treat.

B (24:42)

And we're back. So, Allison, it feels like you've been covering this coachava ad tech case for some time and it, it kind of all sprang up when there was a lot of concerns when Roe v. Wade was overturned. People were like, oh, there's all these ad tech providers that are sharing sensitive location data. We see the FTC take action there. Feel like we're in a different political climate now, you know, almost four years later. But I think there still remains sensitivity around sensitive location data. So I'm wondering, like, what is this? Let's talk about the settlement, but also, like what it means for coachava specifically, but also ad tech providers more generally.

A (25:23)

Well, what I will say is that it's not that coachava can't share sensitive information, sensitive location data. It's that coachava and any company needs permission to do it. You need consent, and if you have consent, then you're okay. And to my mind, as I was reading the settlement, it's enforcing what really should have been a practice anyway. And it's a good practice for any company to get consent to do anything with sensitive location data. And that prohibition is encoded in a lot of state laws and more and more all the time. So I mean, it might impede some aspect of their business, but yeah, I mean, get the consent and then go forth. Right. The other issue for Kotava is that they are going to be monitored and they have this consent order. A court still has to give its thumbs up, but I'm sure it'll, it'll go through, but it has to, you know, be careful because it'll be scrutinized. But this is good practice for any company.

B (26:25)

So what do you, I mean, as a consumer though, like, if I'm opting in to share my location, I might not be thinking through that that location would be something sensitive. Right. Like that if I'm sharing my location, that would include the whole shebang. The time that I go to the er, the time that I, you know, go with my friend to the mosque,

A (26:49)

like, all of that, it can only be for a service that somebody asked for that's in there. So there can't be additional uses. It has to be asked for to do X and then you do X with it and that's all you can do with it.

C (27:05)

In other, in other words, like, if I consent to having my location tracked for like, you know, my map app or like my ride share app, you can't then like use door dash ads to me?

A (27:16)

Yes, well, yes, you can't use it for anything else.

B (27:20)

Yeah, I am, I, I'm going to get philosophical here because just kind of, you know, I didn't read the settlement, so I'm here hearing what you say, which makes me kind of just have these standard consumer questions around, like, what is, what is sensitive? Like what, what would I be consenting to when I just click agree to that, you know, 10 page document.

C (27:38)

But I guess the practical answer to your question there, Sarah, is like, what constitutes sensitive is what regulators say constitutes sensitive. And like, I know that like, you know, more recently, like when it comes to location data that is now, like, I'm pretty sure the state of California considers that sensitive data. I'm pretty sure there are like a number of like people in the federal government that have like gone on record as saying that they consider location data to be sensitive data. Correct me if I'm wrong on this, Alison.

A (28:07)

Location is considered sensitive almost across, across the board.

B (28:12)

And I think that I've, you know, actually, so speaking of the Health care situation. I went to our local hospital to get like imaging done like a month or two ago. And then when I opened up a couple different social media apps, all of a sudden I was getting served like nurse talk, you know, Dr. TikTok, like all these things. And I was like, is this because I was just like in the same location pinging, you know, the same as like these nurses and doctors and now I'm getting like doctor talk or whatever, like.

C (28:48)

And did you log into their wi Fi?

B (28:52)

Well, I did. Yes, I did because I was, I was using my lap, my. My work laptop so I could get work done while I was in the waiting room.

C (29:01)

That could have been part of it too. Yeah.

B (29:03)

Could have been the WI Fi. And you know, in that case there was also. You love the pit. Yeah, I do love the pit. So I was like, not bothered at all. And I will say also have, you know, prior to that, I have been a fan of, you know, nurse and doctor talk type videos and face, you know, whatever, any kind of vertical video format there. But I just remember thinking, right? And then it's like, why am I seeing this? Like, very interesting timing because I was literally just in this hospital and although it wasn't crossing any line, I could very much see that location data, you know, maybe. Yeah.

A (29:44)

Sarah, you just said that you love watching nurse and doctor content. So the perception, and this is important. I mean, consumers, regular people, I'm not going to call them consumers. I hate calling people consumers. People would assume that they're being tracked via their location and it would creep them the hell out. Very likely the targeting they're seeing is based on their consumption patterns and their interests. But the perception is, I mean, or they're being tracked to within an inch of their life.

B (30:12)

I think that what's. I guess for me, the interesting nuance is that I think it's sometimes not just the location, but also the people that you are around and in the. Taking off the same place. And you know, especially as you think about people's right to gather the right to dissent or do things like, there's very, there's very interesting examples there. And I will give one example, which is that I was house hunting like five years ago and I went to this open house and I think my mom, I can't remember my mom came with me and she's like, oh my gosh, I like, know this woman. Like, we actually. They went to the same church. And then she's like, oh, this is like weird. Like, I, I didn't realize their House was for sale or whatever. And. And then later I go on Facebook and the. The woman is a suggested friend, the homeowner. Right. And maybe Facebook did that because we had a mutual friend, like my mom. Right. Like, so there was some level of perhaps opt in or like, lack of creepiness. But it's kind of similar to like the. When all the people who were like, in the waiting room for the same psychologist were like getting recommended. Like all the patients were getting recommended to connect with each other. Like, there's just weird stuff that can happen that is definitely not the intended effect. And I feel like that's what adtech has encountered time and time again. Is that because it's collecting this data, like, there's funky ways that people can use it, which I feel like speaks to what you've written about with data minimization and other things else.

C (31:48)

Just to add a quick like, you know, additional input there. Like, I feel like regular consumers, you know, sorry to use the phrase, are catching onto this stuff like, more and like the security concerns around it and like the potential implications for like, being connected with people you may not necessarily want to be connected with and all these different things. Like, I always see like, you know, you brought up the point of like, dissent. I always see like, whenever people are talking about like one of these big, like, protests that's going on, the advice is don't bring your device. And it's not just because, like, you know, on the off, off, off chance you get arrested and you know, like law enforcement's trying to get into your device for evidence or whatever. It's also like, to protect against like the, the idea that you get caught up in some big like, government surveillance dragnet where they're making connections between like, different organizers and different things like that. So I mean, it's really a concern for sure.

A (32:40)

That's why you got to bring a burner, because you have to film things.

B (32:43)

Yeah. And check if you opted in or not to coach Hava. And I think that's. That's a stretch, I think, to make that conclusion. But I also think that's the fuzzy part, that it's hard. It's hard to understand as a consumer, like, what you are giving consent to. And you know, is that going to include something that is sensitive, you know, in general or sensitive to you specifically?

A (33:09)

You know, something interesting that's happening right now. The Supreme Court is weighing the, the privacy implications of geofence warrants. I haven't read about what's going on in too much detail, but basically like court orders that let police ask tech companies for location data from, like, every phone in a specific area and during a specific time frame. Ostensib to solve crimes. That's with the Supreme Court right now as we speak.

B (33:36)

And what could, what do you. What do you think the ad tech implication is for that, Allison?

A (33:41)

Well, I mean, it's drawing connections, right. Between people and places. And sometimes that's to sell you Burger King, because you're near the Burger King, and sometimes it's to tag you as a dissenter and. Or maybe you get caught in some sort of dragnet and you're not doing anything wrong. So there's always a second order effect. And it's important to think about these things whilst not being alarmist. It is important to always have that in your mind. Right. It's a little bit of like, we can't have nice things or this is why we can't have nice things. Maybe we can, but just always think of the implications. Like, that's a good practice.

B (34:16)

Yeah. Or maybe you got to impersonate a doctor. Nurse with your content. Like, I'm like, I'm getting the doctor. The doctor and nurse talk.

A (34:24)

Don't impersonate a doctor. That's my point

C (34:28)

of legal violation.

B (34:32)

Doctor and nurse comedy. Like, I'm like, I want to know what you think are ridiculous about patients. Stereotypes of the different doctors. I love a good stereotype talk. Who doesn't? Right? Okay, Allison, Any. Any part. I mean, we. Yeah, if it's done the right way, of course. So, okay, let's. So speaking of stereotyping and data and location data, let's. Let's kind of quiet our laughter with a closing thought, Allison. Like this settlement, the way it progressed, the whole case, like, what is this? What. Where do you think we are going forward? Are there going to be more of these? And, you know, are people looking over their shoulder now not wanting to be the next Kochava? Oh, I.

A (35:25)

It's an interesting question because I do know that coachava felt singled out because it isn't the only company that did this kind of data sharing and selling. So probably the best thing for other companies to do is to use cochava as the example that was made of it and have that dictate how you go forward with your data practices. And it sounds so kind of bland. It sounds bland to make this point. But just look at, look at a few settlements, not just the Kochava settlement, and see what is being required of companies. Minimize your data, ask for consent. I mean, these are such obvious things. To do. So have a look, even just at the press release about the settlement. You don't have to read the whole thing, look at the bullet points and be like, do I do that? Do I do that? Okay, cool. I mean, it's just we live in a society or we should.

B (36:23)

Well, thank you, Allison, and thank you, Anthony. Both really good stories. Read them on our website. And as we briefly alluded to, Anthony has been doing a LinkedIn series, Normie's post about advertising, which is hilarious. I don't know how you find all these screenshots, but I think it's an interesting connection point for us as we think about how consumers are interpreting advertising. Sometimes we forget that as people who are pros in this business. So a little bit of a shout out for that one and we'll see you next week. We're going to be talking about FIT TV upgrades. Today's episode was sponsored by Verve. Find out more@verve.com that's V E R-V E.com.

D (37:19)

It.