What Is Unified ID?
A Unified ID is a standardized, privacy-conscious identifier used in digital advertising to recognize users across publishers, platforms, and devices without relying on third-party cookies. Rather than assigning a browser-specific tracking cookie, a Unified ID ties a pseudonymous token to a hashed, consented signal such as an email address, allowing advertisers to target, frequency-cap, and measure campaigns across the open web.
The concept gained urgency when Google announced plans to phase out third-party cookies in Chrome, which holds roughly 65% of global browser market share. Google reversed that decision in 2024, opting instead for a user-choice model, but third-party cookies remain blocked in Safari and Firefox. The push for authenticated, consent-based identity has continued regardless, and the industry needed a portable, interoperable alternative that worked across all browsers and honored user consent.
How Unified ID Works
The most widely adopted standard is Unified ID 2.0 (UID2), an open-source framework originally developed by advertising technology company The Trade Desk and later transferred to the independent governance of Prebid.org. Here is the basic flow:
- A user authenticates on a publisher’s site, typically by logging in or providing an email address.
- The publisher hashes the email using SHA-256 encryption, producing a fixed-length string that cannot be reverse-engineered to the original address.
- That hash is submitted to a UID2 operator (such as The Trade Desk or a certified cloud provider) and exchanged for a rotating, time-limited UID2 token.
- The token travels through the programmatic advertising supply chain, allowing demand-side platforms, data clean rooms, and measurement vendors to match audiences without exposing raw personal data.
Tokens rotate on a schedule, typically every 30 days, which limits exposure if a token is ever intercepted. The underlying email hash remains stable, preserving match rates while the token itself carries no personally identifiable information on its face.
The Core Formula: Match Rate and Addressability
Advertisers evaluating Unified ID adoption often focus on addressable reach, the share of impressions where a valid ID is present and matchable.
Addressable Reach (%) = (Impressions with Valid UID / Total Impressions) × 100In practice, publishers with strong logged-in audiences achieve UID2 match rates of 60–80%, while anonymous, cookied-only inventory may see rates below 20% as cookie support erodes. The Washington Post, an early UID2 adopter, reported that authenticated users generated CPMs roughly 3 to 4 times higher than unauthenticated inventory, illustrating the direct revenue impact of high match rates.
Unified ID vs. Third-Party Cookies
| Attribute | Third-Party Cookie | Unified ID 2.0 |
|---|---|---|
| Signal basis | Browser-set cookie | Hashed, consented email |
| Cross-device | No (browser-scoped) | Yes (tied to user identity) |
| Browser support | Blocked in Safari, Firefox; retained in Chrome with user controls (2024) | Browser-agnostic |
| Consent model | Implicit (often) | Explicit user authentication required |
| Token lifespan | Up to 13 months (varies) | Rotating, typically 30 days |
| Governance | Browser vendor | Open-source / industry consortium |
Key Players and Competing Standards
UID2 is not the only game in town. Competing identity resolution frameworks include:
- LiveRamp RampID: A people-based identifier from data connectivity company LiveRamp, used by over 900 publisher and tech partners. RampID operates through LiveRamp’s Authenticated Traffic Solution (ATS) and is widely used in direct publisher deals.
- ID5: A shared identity infrastructure that generates a single ID from multiple first-party data signals. ID5 claims more than 70 billion monthly ID syncs across its network.
- Criteo’s PAIR: Publisher Addressability in Real-Time, a clean room protocol that matches advertiser and publisher first-party data without sharing raw records.
- Google’s Privacy Sandbox: Google’s own suite of browser-based APIs, including the Topics API, designed to deliver interest-based targeting without individual-level identifiers. Unlike UID2, Privacy Sandbox processes data inside the browser rather than through a shared token ecosystem.
The fragmentation is intentional to a degree: no single commercial entity controls the identity layer, reducing systemic risk. However, it also creates interoperability challenges for advertisers running cross-platform campaigns.
Publisher and Advertiser Implications
For Publishers
Publishers implementing UID2 typically integrate through their existing header bidding wrapper or a certified operator SDK. The incentive is direct: authenticated inventory commands premium CPMs. Dotdash Meredith, one of the largest U.S. digital publishers, reported that UID2-enabled impressions outperformed anonymous inventory by a significant margin in early A/B tests, making authentication prompts a revenue strategy rather than just a compliance checkbox.
For Advertisers
Advertisers gain cross-site frequency capping, audience extension from first-party data, and deterministic attribution. A retailer can, for instance, suppress recent purchasers from prospecting campaigns by matching its CRM list against UID2 tokens, limiting wasted spend. They can also build suppression lists and lookalike models that persist across browsers and devices.
For measurement, UID2 enables more accurate multi-touch attribution on the open web by linking ad exposures to outcomes without requiring a cookie to bridge sessions. Advertisers plugging into a demand-side platform that supports UID2 can apply these capabilities programmatically at scale.
Privacy and Regulatory Considerations
UID2 is consent-dependent by design. Publishers are required to disclose how email addresses are used and obtain explicit agreement before generating a token. This structure aligns with GDPR Article 6 lawful basis requirements and CCPA opt-out obligations, though compliance ultimately depends on how individual publishers implement their consent interfaces.
The Information Commissioner’s Office (ICO), the UK data protection regulator, has scrutinized hashed email identifiers, noting that hashing alone does not necessarily render data anonymous under UK GDPR. The concern is not that SHA-256 can be mathematically reversed. It is that email addresses occupy a finite, enumerable space, meaning an adversary with a list of candidate emails can hash and compare them against a known token, making re-identification feasible through precomputation. Publishers operating in regulated markets should treat UID2 tokens as pseudonymous data rather than anonymous data, applying the full suite of data subject rights accordingly.
Adoption Benchmarks
As of mid-2025, more than 1,000 publisher and technology partners had integrated UID2 globally, according to The Trade Desk’s public disclosures. SSP adoption includes Magnite, PubMatic, and OpenX. On the buy side, most major DSPs, including DV360, Amazon DSP, and Xandr, support the standard in some form, enabling a largely interoperable ecosystem for open-web programmatic.
Match rates vary significantly by vertical. Media and publishing sites with login walls report the highest authenticated traffic shares. Retail and finance publishers also see strong performance given natural account-based user flows. Pure content sites with no registration requirement tend to have the lowest UID2 penetration without a dedicated authentication incentive such as a newsletter or personalized experience.
Frequently Asked Questions About Unified ID
What is Unified ID 2.0 (UID2)?
Unified ID 2.0 (UID2) is an open-source identity framework that uses hashed, consented email addresses to create a pseudonymous token for digital advertising. Developed by The Trade Desk and now governed by Prebid.org, UID2 allows advertisers to target and measure audiences across the open web without relying on third-party cookies.
How is Unified ID different from a third-party cookie?
A third-party cookie is a browser-specific identifier that is blocked in Safari and Firefox. Unified ID is browser-agnostic, works across devices, and requires explicit user consent through email authentication, making it more durable and privacy-compliant than cookie-based tracking.
Who governs Unified ID 2.0?
Unified ID 2.0 is governed by Prebid.org, an independent nonprofit consortium. The Trade Desk originally developed the framework but transferred governance to Prebid.org to ensure neutral, open-source control by the industry rather than a single commercial entity.
Does Unified ID comply with GDPR?
Unified ID 2.0 is designed to align with GDPR and CCPA requirements by requiring explicit user consent before generating a token. However, regulators including the UK’s Information Commissioner’s Office classify hashed email identifiers as pseudonymous, not anonymous, meaning publishers must apply full data subject rights in regulated markets.
What match rates can publishers expect with Unified ID?
Publishers with strong logged-in audiences typically achieve UID2 match rates of 60–80%. Sites without registration requirements often see rates below 20%. The Washington Post reported that UID2-enabled authenticated inventory generated CPMs 3 to 4 times higher than unauthenticated inventory.
Bottom Line
Unified ID represents the industry’s primary bet on a scalable, consent-based alternative to cookie-dependent targeting. Its effectiveness scales directly with publisher authentication rates, making user login and value exchange strategies central to any addressable media plan in the post-cookie environment. Advertisers and publishers that build around authenticated first-party data now are likely to face less disruption as the identity transition accelerates.