A Brief History of Tracking — From Golden Age to Data Decay
The story of identity tracking technology begins, in earnest, around 2010. That year marked a tipping point: smartphones had reached mainstream adoption, social media was exploding, and the infrastructure for tracking individuals across the internet was maturing rapidly. The third-party cookie — a small text file placed on a user’s browser by a domain other than the one they were visiting — had existed since the mid-1990s, but the ecosystem that monetized it was only now reaching industrial scale.
Between 2010 and 2015, a constellation of data management platforms (DMPs), demand-side platforms (DSPs), and data exchanges emerged to create what the industry grandly called “the addressable web.” Companies like BlueKai (acquired by Oracle in 2014), Lotame, and Acxiom built enormous databases of user profiles stitched together from browsing history, purchase signals, location data, and demographic inferences. The promise was simple and seductive: know who your customer is, follow them everywhere, and serve them the right ad at the right moment.
At the same time, cross-device identity graphs became a priority. Companies like Tapad, Drawbridge, and LiveRamp attempted to connect a single person’s phone, tablet, laptop, and smart TV into one unified profile.
By 2016, the marketing industry was spending billions on data-driven advertising predicated on the assumption that these profiles were accurate and productive. They were not.
Accuracy of Profile Data is Lower Than Anyone Wants.
A landmark 2019 study by the MIT Sloan School of Management found that the accuracy of third-party audience data was shockingly low. Researchers tested data segments purchased from major brokers and found that gender was correctly identified only about 42% of the time for some providers — barely better than a coin flip (Neumann, Tucker, and Whitfield, “How Effective Is Third-Party Consumer Profiling?”, MIT Sloan, 2019).
A separate investigation by Forrester Research in 2020 concluded that nearly 30% of data records in enterprise CRMs contained inaccuracies, from outdated email addresses to wrong job titles, and that this “data decay” cost U.S. businesses an estimated $3.1 trillion annually (Forrester, “The State of CRM Data Management,” 2020).
Nielsen’s own research acknowledged that many digital audience segments were only 20–30% on-target — meaning that for every dollar spent targeting a segment, 70 to 80 cents effectively went to waste (Nielsen Digital Ad Ratings benchmarks, various years 2017–2021).
Finally, a McKinney survey highlighted by Ad Age found that up to 67%of individuals targeted by brands as “parents” did not actually have children.
What other industry could tolerate such high data inaccuracy rates? None but we are not done.
Productivity of Data is Not What Brands Can Tolerate for Any Hope of an ROI
There are a couple of dynamics that all work against a brand’s profitable use of profile data.
1) Fraud. A 2020 study by the Incorporated Society of British Advertisers (ISBA) and PwC audited the programmatic advertising supply chain and found that roughly 15% of advertiser spend could not be attributed to any identifiable party — it simply vanished into the pipes (ISBA/PwC, “Programmatic Supply Chain Transparency Study,” 2020).
Here is the real show stopper.
Put together – bot traffic, spoofed domains, and fabricated user profiles, accounts for more than 53% of all web traffic. This officially surpassing human activity (47%) for the first time in over a decade, according to Imperva’s 2026 Bad Bot Report.
This marks a structural shift where bots outpace humans online, driven by the surge in AI-powered tools
That means before a single ROI calculation can be completed, about half of a marketer’s budget goes poof. It cannot generate revenue for the brand. It did, however, generate a lot of revenue for adtech firms.
The real kick in the head is that all these fake assets inflated the illusion of reach while degrading the signal quality that marketers depended on.
2) Privacy concerns. This is a perennial concern. The industry’s primary response in its early years was self-regulation. The Digital Advertising Alliance (DAA) introduced the AdChoices icon in 2010, a small blue triangle meant to give users transparency and control over behavioral advertising. Adoption was high among publishers, but consumer awareness remained low — a 2014 study by researchers at Carnegie Mellon found that only 11% of internet users recognized the icon (McDonald and Cranor, “Americans’ Attitudes About Internet Behavioral Advertising Practices,” 2014). The Do Not Track (DNT) browser header, championed by the Federal Trade Commission and implemented by Mozilla in 2011, was largely ignored by the ad tech industry and was officially abandoned as a standard by the W3C in 2019.
Real regulatory pressure arrived with the European Union’s General Data Protection Regulation (GDPR), enforceable from May 2018, followed by the California Consumer Privacy Act (CCPA) in January 2020. These laws did not kill tracking, but they fundamentally changed the consent architecture around it and signaled that the era of unchecked data collection was closing.
Even with all the privacy talk by adtech folks, they were slow walking any real commitment to privacy. It goes without saying that the more personalized an online experience was for a user, the more likely their privacy was compromised.
The Cookie That Refused to Crumble
If the profile was built on shaky data, the infrastructure holding it together — the third-party cookie — proved to be equally entrenched and equally hard to dismantle. The history of attempts to kill the cookie are, at this point, comical in its repeated failed attempts over about four years.
Apple fired the first meaningful shot in 2017 with Intelligent Tracking Prevention (ITP) in Safari, which limited the lifespan of third-party cookies and restricted cross-site tracking. Mozilla followed in 2019 with Enhanced Tracking Protection (ETP) in Firefox, blocking third-party cookies by default. Because Safari and Firefox collectively held less than 30% of global browser market share, the ad tech industry adapted rather than reformed. The real question was always about Chrome, and Chrome meant Google.
In January 2020, Google announced its intention to phase out third-party cookies in Chrome within two years. The industry convulsed. Google proposed its Privacy Sandbox initiative, a suite of browser-based APIs meant to replace the functions of cookies — targeting, measurement, fraud detection — without exposing individual user data. The most prominent proposal, Federated Learning of Cohorts (FLoC), would group users into interest-based clusters rather than tracking them individually. The Electronic Frontier Foundation called FLoC “a terrible idea,” arguing it created new fingerprinting risks and still enabled discrimination (EFF, “Google’s FLoC Is a Terrible Idea,” 2021). Advertisers complained it was too opaque. Regulators, particularly the UK’s Competition and Markets Authority (CMA), worried it would entrench Google’s dominance by making Chrome the sole gatekeeper of targeting data.
Google delayed. The original 2022 deadline slipped to late 2023, then to the second half of 2024. FLoC was quietly shelved and replaced by the Topics API, a simplified version that assigned users to broad interest categories. Still, the CMA raised concerns. Advertisers remained skeptical. And in July 2024, Google announced that it would not, in fact, deprecate third-party cookies in Chrome. Instead, it would offer users a choice-based mechanism — a prompt that would let individuals opt in or out.
The decision was met with a mix of relief and exasperation. After four years of preparation, investment in alternative identity solutions, and the construction of entirely new data architectures, the cookie survived. The failure to kill it came down to three interlocking forces:
- Google’s conflicting incentives as both the largest seller and largest buyer of digital advertising;
- regulatory pressure that paradoxically slowed the transition by demanding Google not consolidate too much power;
- the industry’s deep structural dependency on a technology it simultaneously acknowledged was broken.
Meanwhile, the market for alternative identity solutions had boomed in the cookie’s shadow. Unified ID 2.0, led by The Trade Desk, proposed an open-source framework based on hashed and encrypted email addresses. LiveRamp’s Authenticated Traffic Solution took a similar approach. ID5, Lotame’s Panorama ID, and dozens of others vied for market share. Yet adoption remained fragmented. A 2023 survey by Digiday found that fewer than 40% of publishers had implemented any single alternative ID, and interoperability between competing solutions remained poor. The industry had built lifeboats, but no one could agree on which one to board.
Where We Are Today — Privacy and the Personalization Paradox
Right now, the identity landscape in marketing technology exists in a state of managed contradiction.
Third-party cookies persist in Chrome but are blocked in Safari and Firefox. Consent management platforms (CMPs) blanket the web, presenting users with opaque banners that technically comply with GDPR and similar regulations while optimizing for “accept all” clicks. Google’s Privacy Sandbox APIs — Topics, Protected Audiences, and Attribution Reporting — are live but unevenly adopted. First-party data strategies, built around direct relationships between brands and consumers via logins, loyalty programs, and email capture, have become the consensus best practice, though they inherently favor large platforms with existing user bases.
The operational reality is that profile-based tracking still works but it has simply become more fragmented, more consent-dependent, and more reliant on probabilistic methods and data clean rooms where aggregated datasets can be matched without exposing individual records. Brands use server-side tracking, conversion APIs (like Meta’s Conversions API and Google’s Enhanced Conversions), and first-party cookie strategies to maintain measurement and targeting capabilities.
But the fundamental tension has not been resolved: personalization and privacy are, in practice, inversely correlated. The more precisely a brand tailors an experience to an individual — the right product recommendation, the perfectly timed email, the ad that seems to read your mind — the more data about that individual had to be collected, stored, analyzed, and acted upon. Every impressive moment of personalization is, by definition, evidence that someone, somewhere, knows something about you that you may not want.
This is the personalization paradox.
Consumers say they want relevant experiences. Surveys by McKinsey (2021) and Salesforce (2022) consistently show that 70% or more of consumers expect personalization from brands. But consumers also say they are uncomfortable with how their data is used — Pew Research Center’s 2023 study found that 81% of Americans believe the risks of data collection outweigh the benefits. Both things are true simultaneously. The current consent-based regime attempts to square this circle, but the result often feels like privacy theater: the appearance of control without the substance.
The debate is ongoing. Privacy advocates argue that even anonymized or aggregated data can be re-identified with sufficient effort, citing research from institutions like Imperial College London, whose 2019 study demonstrated that 99.98% of Americans could be re-identified in any anonymized dataset using just 15 demographic attributes (Rocher, Hendrickx, and de Montjoye, “Estimating the Success of Re-Identifications in Incomplete Datasets Using Generative Models,” Nature Communications, 2019). Industry groups counter that modern privacy-enhancing technologies — differential privacy, secure multi-party computation, on-device processing — make meaningful anonymity achievable. Neither side has won the argument definitively.
The AI Horizon — A Future Without Profiles?
With all the debate about who/ how/ why profile tracking should be even implemented at all, there is a plausible future in which this entire identity debate becomes moot. It is not because privacy is perfectly enforced but because tracking individuals becomes unnecessary.
That future is now being conceptualized and shaped by artificial intelligence.
The logic is straightforward. Today, brands track individuals to predict behavior: what will this person buy, click, watch, or ignore? Tracking is a proxy for understanding intent. But if AI can infer intent in real time, from contextual signals available in the moment of interaction — the content on a page, the time of day, the device being used, the phrasing of a search query, the tone of a conversation — then the historical profile becomes redundant. You do not need to know who someone is if you can understand what they need right now.
This is not purely theoretical. Contextual advertising, once dismissed as a relic of the pre-programmatic era, has experienced a renaissance driven by natural language processing and computer vision. Companies like Topic Intelligence (contextual topic data and analytics) and Seedtag (CTV platform), use AI to analyze the semantic meaning of web pages, videos, and even images in real time, placing ads based on content relevance rather than user identity.
In other words, the days of ad adjacencies is making a comeback because it worked 20 years ago in the analog media world and it works in digital media too.
Generative AI extends this further. Imagine a world in which a consumer visits a brand’s website based on very specific topics the user expresses interest in. PPC-like but expressed in the wider digital world outside of search. The content the user is currently engaging with, the questions they ask a conversational interface are all blind to a user profile since it is irrelevant.
To deliver a contextual as experience, AI does not need to know the person’s name, purchase history, or demographic segment. It simply needs to be good enough at reading context to be relevant.
Large language models are already demonstrating this capability in adjacent domains. Conversational commerce platforms use AI to guide purchasing decisions through dialogue, adapting in real time without relying on stored profiles. Recommendation systems are beginning to experiment with session-based models that prioritize immediate behavioral signals over historical data. The newest research suggests that models can increasingly make accurate predictions about preferences with minimal prior information.
Taking this model one step further, the future will include an AI-driven Personal AI Trust Agent (PAITA)
A personal AI Trust Agent acts as a sophisticated digital “buffer” between an individual and the often-predatory digital ecosystem. Instead of navigating the web with its invasive surveillance, the AI Agent serves as a locally hosted, private intelligence layer evaluating every interaction, data request, and piece of content before it reaches your eyes or device storage.
The PAITA functions across the digital world using an Identity Gatekeeper, a.k.a. the “Zero-Knowledge” Bridge.
Instead of handing over your email, location, or age to every website, the Trust Agent manages your Decentralized Identity (DID). Using Zero-Knowledge Proofs, it verifies you meet a site’s requirements (e.g., “Yes, this user is a New York resident”) without revealing who you are—ending “shadow profiles” by keeping data on your hardware.
The AI Trust Agent also acts as a real-time fact-checker and provenance scanner, automatically inspecting metadata across images, videos, and news articles, flagging content lacking verified history. In the future, these Agents could provide a “Predictive Score” to distinguish authentic discourse from propaganda. Applying this scoring technology to images and videos will be incredibly important.
A Future Free of Identity Data Architecture
Many, many data firms have a huge stake in propping up the industrial surveillance complex. Yet, the implications of a surveillance free marketing ecosystem would be profound. If AI can deliver personalization without persistent identity, the entire data supply chain — the DMPs, the identity graphs, the data brokers, the consent management infrastructure — becomes less necessary. Brands would compete not on who has the most data, but on who has the best models. Privacy would improve not through regulation alone, but through architectural change: if no profile exists, there is nothing to leak, breach, or misuse.
This future is easy to see. It does depend on continued advances in AI capability, on brands’ willingness to abandon the sunk costs of their data infrastructure, and on whether the advertising ecosystem’s incumbents — who profit enormously from the current identity-dependent model — will allow the transition to occur.
While we all know the current tech stakeholders will fight this with every breathe, the rewards for brands are immense. Brand costs to manage profile tracking put enormous strain and cost to a marketers’ performance metrics.
But the trajectory is clear. The marketing industry spent the last fifteen years building an identity infrastructure that was inaccurate, fragile, privacy-hostile, and ultimately dependent on a technology — the third-party cookie — that it could neither fix nor abandon.
AI offers a way out: not a better way to track people, but a reason to stop trying.
