The Company that Killed the Cookie

In this post we’ll elaborate on targeting via internet cookies versus 1-to-1 IP targeting--the El Toro way, and why one is immeasurably more sound and accurate than the other.

A Brief History on Cookies

When we say “cookie” we’re not referencing the dough creations one bakes in their oven. We are referring to the bite-sized pieces of data passed from a web server to a web browser when you visit a website. This could be represented by the action of filling out a form, or creating user preferences on a website application. Cookies were first baked up at Netscape in 1995 by Lou Montulli. The solution was designed to combat functionality issues he was experiencing within the online shopping cart while building an “ecommerce” application.

By the early 2000’s third-party cookies were already being utilized to place digital advertisements in front of Internet users. The idea of targeting based upon site visitation behavior, as well as creating custom online experiences for users derived from cookie data, was groundbreaking for the times. It also was quite controversial. Many advocated against cookie targeting due to privacy concerns and vulnerabilities (several notable anti-cookie tracking campaigns still exist today). In time these disputes gradually dissolved in intensity and frequency, and what was once was an ingenious engineering solution for online shopping, soon became the main vessel by which digital advertising was served to targeted Internet users. Nonetheless, as the programmatic marketplace for digital media buying and ad placement has evolved, cookies’ original architectural design has not diverted greatly, making the technology rather archaic, and subsequently exposing it to fraud and non-human traffic. Because of this, targeting accuracy for the digital advertising industry has never been more important, and that’s why we plead for media buyers to not get their hands stuck in the cookie jar.

Cookies Never Jailed Anyone: Cyber crime isn’t afraid of the Cookie

No one was ever convicted of a crime because of their cookies. So what does that really mean? Well for example, in the Napster lawsuits, in which both individuals and companies throughout the world were sued or fined millions of dollars for illegally downloading and sharing licensed media, the incriminating evidence came from IP addresses not cookies.

The FBI routed site requests back to users’ IP addresses and matched them to physical home addresses from public record databases. This mapping was then coupled with alternative sources of evidence, such as site activity levels, to convict Napster users of copyright infringement.

Of course this is relatively intuitive. How else would you accurately assess if someone could be convicted of a crime like peer-to-peer music file sharing over the Internet without mapping them to a physical location of where the crime occurred, or where the defendant happened to be located during the crime? The FBI knew site cookie behavior is not an accurate tool to assess cyber crime. Much less to know if a Napster user was “guilty beyond a reasonable doubt” of actually distributing and ripping music files. All that cookie information would divulge is if the user visited the Napster website, and perhaps the time spent on site. Cookies are not built with the functionality to identify Internet users 1-to-1 at the household level. They’re behavioral trackers, not location trackers--and more or less aggregate data, rather than delineate it.

So with all things said, cookies were not an appropriate system to identify people uniquely at the household level in order to build lawsuits against Napster users. When it comes to building compelling legal evidence that an individual has committed a crime, accuracy is everything. Only an IP address mapped to a home address provided precision to endure the courtrooms. And advertisers should demand similar targeting effectiveness when running digital display campaigns.

A Notion On Why the Cookie Crumbled

While writing our first comprehensive post regarding fraudulent Internet traffic, we were continually asking the question, “How did this all run away?” The story isn’t necessarily just how shockingly excessive fraud is in the digital advertising world. That’s old news. Newspaper headlines have gradually cited the increase in internet fraud over the years--with each published number more scandalous than the next. The compelling story is both “how” and “why” this happened. And why so many people don’t seem to really care.

If we are to divulge exactly how this house of cards was propped up, we need to start with the fundamental incentives that drive the digital advertising industry. The whole business model is inexcusably backwards.

For starters, the exchanges don’t value Internet traffic at the household level. Rather, traffic is accepted from publishers with very little screening. This means that rather than quantifying how much traffic could feasibly be available in a given geo-parameter, and arbitrating traffic from those households to guarantee the placement of impressions in front of real people--media buyers rely on the benevolence of publishers and ad networks to validate their inventories, and then proceed to purchase digital ad placements from them. If this sounds crazy--you’re not alone, we think it is too. It’s actually in the ad networks and publishers best interest to purchase that traffic at the lowest amount possible (almost always signifying extremely poor quality of inventory--bots, fraudulent human traffic, etc.) and sell high. This subsequently means more profit for them. This is why publishers won’t divulge much information about the traffic on their sites which is usually limited to their monthly active users, and general country demographics of site visitors. The expectation is that media buyers on ad exchanges are sophisticated and have the technology to cipher the traffic themselves--which we know is just not the case--So brands and agencies end up getting ripped off.

On the side of the equation lie advertising agencies. Agencies typically serve as the campaign organizers and media buyers on behalf of their clients, but they too are improperly incentivised. Agencies are given a budget by their clients to spend, which subsequently makes them revenue consumers--not producers. The performance measurements of an agency typically aggregates click through rates (CTR), time on site, and cost per acquisition (CPA).

The problem with this is that none of these key performance indicators (KPI’s) tell us very much about who was engaging with the advertisements, and if that traffic actually converted to real sales dollars. John Wanamaker famously said that half of what he spent on advertising is wasted, the problem is he didn’t know which half. This is because sales attribution is impossible to measure without knowing who your targets are on a 1-to-1 level.

So with exchanges improperly incentivised to increase traffic, and most agencies -- the primary media buyers-- not incentivized to optimize ROI for client’s ad-spend due to the very nature of their business model, the industry is left with a mechanism primed for people to take advantage of programmatic inefficiencies. But it doesn’t stop there.

The industry has relied so heavily on outdated, incomplete performance measurement systems, such as CTR and viewability (a metric designed to “prove” if an ad was seen or not by a human) that players have lost complete perspective on the goal of a digital advertising campaign. The goal of digital advertising is, and should always be, to generate revenue. This happens in the form of sales conversions. Some will argue that branding awareness plays an important role in all of this--which as a former graphic designer, I will not rule out completely. However, branding awareness is just a distant cousin of a firm's goal to drive revenue. What else would it be worth if that were not the case?

With all things said, the industry has been dying for a sophisticated buyer to emerge onto the market. One that breaks the incentives of all the other players. One that vests interest by producing ROI for clients, has incentive to purchase from premium human traffic, and is empowered with the technology to navigate the complexities of programmatic exchanges.

The Bull that Ran Over the Cookie

Internet Protocol Addresses (IP Addresses), are essentially like the street addresses of the Internet. IP’s are used to identify a device, or devices, connection point to the Internet. The early concept of geo-targeting was built upon the assumption that IP’s are relatively stable, and are also a pretty good signifier that the traffic routed via the address is “most likely” human. When the industry decided to begin targeting via IP addresses, their motivation largely stemmed from having the ability to build better segmentation models. For example, if one were to run a geo-targeted campaign around a local restaurant--one could choose to set fencing parameters of IP’s within a five mile vicinity from that restaurant. That granular level geo-targeting could then be coupled with cookie data, (such as how the Google Adwords platform is built) to “accurately” place ads in front of Internet users.

The idea of geo-targeting is not necessarily “new”. However, its original form was sorely lacking one crucial component: bypassing the cookie pool and instead map the IP address to an actual home address. Part of the reason why geo-targeting has subsequently failed (unbeknownst to most advertisers) in the past is because relying on just an IP for targeting, while also assigning value to the impression through the cookie pool in the exchanges, can be atrociously inaccurate. Here’s why:

Cookies Skew User Data

Let's examine my browser history to better understand how advertisers could bid on my cookie profile.

Some popular sites I visit frequently are,,,, and (where I curate my reading selection which includes books on business, economics, mathematics, design and engineering, as well as novels on business titans such as John D. Rockefeller). I'm also prone to window shop on for homes I can’t afford for pure amusement. Recently I've been spending time on jewelry sites as well in search of the optimal Mothers day gift. So what would my cookie profile look like to marketers?

Well considering I read my news on the New York Times and Forbes, to an advertiser I would be someone of affluence. Coupling that with my time spent looking at fancy watches and cars, their assumption would be that I am a top tier earner in terms of gross income and available disposable income. My reading preferences signal a more mature reader profile, and the expensive house perusing is the real kicker. Heck who wouldn’t want to advertise to me, I'm probably cash flush right? And the jewelry shopping would probably flag me as married with respects to the other variables mentioned earlier.

I can promise you I do not have the income to purchase a Mercedes-Benz S-Class Coupe in the near future. Nor will I be purchasing a yacht, million-dollar home, or a Rolex. I am not married either. Just about the only thing that would make sense is re-targeting me with the books I'm shopping for. This example is rather facetious--I'm aware. But nonetheless, that really does prove my point. Advertisers relying on programmatic ad targeting via internet cookies are wasting impressions on someone like me, who will not be buying those things any time soon. I regularly receive display ads for all of those items mentioned above. Wouldn’t it make more sense to target me based upon legitimate demographic data or data compiled from CRM’s, not just my browsing history?

I.P. Traffic Anomalies

Since El Toro is an ad tech company, we’re plugged into the largest, invitation-only programmatic exchanges. So one could consider it a dark market, meaning many media buyers (and most advertisers) will never know what happens behind the curtain.

One thing we find particularly fascinating is when we observe extremely high traffic volumes coming from a singular home. In our previous article about fraudulent Internet traffic, we estimated that the average internet user will see about 73 banner ads a day--give or take 5-10 impressions based on relative activity levels. So a household, depending on how many people live there, could really only have a few hundred available impressions for purchase on any given day. However, there are times when we’ll see a singular home that has 10,000-30,000 available impressions in a given weekend. How could that possibly be? Clearly this is highly suspect traffic, so we choose not to serve to it. But considering most media buyers will not bypass the cookie pool in the exchange to even have a chance of observing this anomaly, they’re left to bid on questionable and suspect impressions unbeknownst to them.

Other times we’ll see an IP appear in multiple different states over the course of a week, and then also see that same IP pushing traffic in high volume from a foreign country such as India. Again, this is extremely fishy behavior, and to us, most likely would signal click farm activity. The only way we’re able to validate this assumption is by matching the IP’s to actual physical addresses. To the folks bidding in the cookie pool, this would look like normal purchasable impressions.

The Magic Equation: To El Toro -- IP Address = Home Address

So why does El Toro choose to target based upon an IP Address matched to a physical address? Well if street addresses are the identifier for where a household is positioned on the physical globe, and an IP address is the identifier for where an individual is accessing the Internet, then correlating the two would give us an extremely confident sense of who we’re advertising to and where they are located.

Additionally, since we know the households we’re targeting prior to serving digital advertisements, we can customize audiences for our clients based upon their CRM data or actual demographic data. We then bypass the cookie pools and bid on the impressions via the desired IP addresses, which truly is the only 1-to-1 100% cookie free targeting methodology available on the market. Finally, considering we have identified our targets before campaigns have launched, we can calculate Return On Ad Spend (ROAS) for our clients based upon who actually converted to real sales dollars post campaign. This would eliminate John Wanamaker’s fear of not knowing where half his ad-budget went to use and his other fear of half of it being wasted.

In this day and age of complex programmatic ad placement buying and excessive Internet fraud--there’s just no other system built to the El Toro standard of veracity. Are you losing your appetite for cookies?


The point of this article was to address that advertisers lackadaisical disposition towards Internet fraud can no longer be grounded upon “lack of solutions.” Although we stand to benefit from the validity of our arguments, please understand that our great commission is to ratify the way digital advertising occurs--in order to create a more honest, transparent, and results driven industry. Our plea is that buyers don’t continue to subject themselves, and their clients, to the cookie scam. Precious resources are being wasted on mechanisms unintentionally designed to fail. And they will continue to fail.

A popular slogan you’ll hear and see in El Toro marketing materials is: “We dreamed with you, and evolved for you.” We stand by that undertaking and responsibility, for we too have endured the frustrations of media buying. We saw the sinister repercussions of an ill-aligned and mis-incentivised industry and chose to build something to alleviate that tribulation. We’ll continue to innovate and disrupt relentlessly to secure a better future for the world of digital advertising.

The digital advertising industry has operated under false perceptions and inefficient mechanisms for far too long. The players have accepted this as just the cost of doing business, but it doesn’t need to be that way! When running digital advertising campaigns with El Toro, you won’t have to deal with not knowing where 50% of your ad budget goes. You’ll know who you're targeting, and who actually converted to real sales dollars. You’ll know if your campaigns are producing meaningful results that won’t be measured by just arbitrary metrics. And that’s how the cookie crumbles.


Related Blog Posts
  • Defeating Ad Fraud: How to Protect Your Campaigns

    In the world of digital advertising, ad fraud is a pervasive challenge, casting shadows over the integrity and effectiveness of online marketing campaigns. As advertisers allocate budgets to digital channels, the prevalence of fraud threatens...

  • El Toro’s Guide to Targeted Political Advertising in 2024

    Happy 2024 everyone! We at El Toro hope you had a fantastic start to the new year! Now that it is 2024, it's time to talk about one of our favorite things at El Toro:...

  • Why Doesn’t Digital Advertising Work Better?

    There is no more important and existential question in marketing than “Did my digital ad campaign work?”  Digital advertising holds the promise of eliminating waste and increasing Return on Investment (ROI) by targeting the best...

  • El Toro in the World of Ad Tech

    In the Beginning… In the beginning of the ad tech world, all was chaos. Ad fraud ran rampant, offline results were impossible to measure for an online ad campaign, and people used inaccurate cookie and...

El Toro Logo Bull

Ready to Run With the Bull?

Contact Us