• by Laurie Sullivan  @lauriesullivan, May 10, 2024

Through matching data logs and the Chrome developer toolkit, Adalytics reports it has documented Colossus SSP, a supply-side platform owned by Direct Digital Holdings (DDH), repeatedly misrepresenting IDs in openRTB fields.

The report suggests that information from the altered IDs consistently replicated cookie IDs that were recently bid on by The Trade Desk, the DSP used by Adalytics in the report to verify the flaw.

The report, which is now available on its website, suggests systemic problems with programmatic and browser cookies.

It appeared that the user ID declared to Trade Desk at ad-auction time was markedly different from the actual user ID stored in the user's Chrome browser cookie storage.

For one SSP -- Colossus SSP -- the majority of observed impressions had a mismatch between the declared "tdid=" query string parameter and the actual
.adsrvr.org (http://adsrvr.org/) TDID user ID in the user's chrome browser storage.

“This particular so-called report is riddled with false and misleading information and demonstrates a fundamental misunderstanding of ad technology and many industry-standard concepts including indirect connections, user id, buyerrids, EID, and the process of data flows between partners, among others,” DDH wrote in a statement to Media Daily News.

DDH went on to explain how the report’s flawed methodology contains no “statistical empirical data or quantitative impact to draw its various conclusions,” and how this report is “the most recent evidence that Adalytics is motivated not by a desire to report the facts accurately but operates merely to raise its own profile in order to sell its own products.”

A three-page documented response from DDH to a dozen claims basically refutes each in detail.

For example, the report states that in three screenshots shown in the Adalytics report, the “declared TDID value as submitted by TrustX or Open Path to Trade Desk DSP and observed in the “tdid=” query string parameter win notifications matches perfectly with the Trade Desk .adsrvr.org TDID cookie value stored in the user’s Chrome browser.”

DDH said that this statement is misleading because there is no statistical information to back this claim, adding that “Colossus did not see this same result in our testing to replicate above result.”

The Adalytics report also analyzed TrustX and MediaGrid, other supply-side vendors that use BidSwitch, a Criteo-owned company to manage traffic and demand.

The report said it found no ID injection, but testing done by Colossus has found ID mismatch in other SPPs. (The screenshot at the top of the page is related to this topic. The screenshot represents testing by Colossus SSP showing similar behavior among other SSPs that refute the Analytics claim.)  

"As a long standing partner of Bidswitch for the past five years, we are confident they are following protocol and honoring their position in the value chain, the only issue here is the false and misleading research report from Adalytics," a spokesperson told Media Daily News.

Reportedly, Google has raised issues with Colossus, per the report. Google Display & Video 360 flagged this problem last year, but the problem was fixed and Colossus was reinstated.