Back to Blog

CNAME, Fingerprinting, & a Different Way Forward

  • - Max Parris
  • 4 min read

In the advertising ecosystem, as in the real world, sometimes companies try to take the short cut. With the end of third-party cookies, some unscrupulous companies have decided to increase scale at the cost of consumer privacy. We’ve seen this through technical solutions trying to take advantage of CNAME and fingerprinting tactics. While these solutions sometimes evade browser protections, we as an industry must condemn these tactics and move beyond them to restore consumer trust in the ecosystem. Here, we’ll go into some detail on each of the tactics and why it doesn’t protect consumer trust. 

What is CNAME cloaking?

Despite CNAME cloaking not being a solution that furthers consumer privacy or trust, and not complying with the spirit of recent regulations, CNAME cloaking continues to live on.

In short, CNAME cloaking disguises third-party trackers as first-party trackers to evade ad-blocking techniques. CNAME’s proponents assign subdomains for data collection and tracking, enabling them to link to external servers and attempt to connect a user across websites without getting the right consent or authentication for that user. In addition to being a misleading practice, this also exposes consumers to increased risks due to the additional layers that are inserted for tracking purposes.

At LiveRamp, for many years we’ve viewed CNAME as not meeting the standards of a new advertising ecosystem built on consumer trust. While some see CNAME as a workaround for third-party cookies, we have never viewed this as a solution, and in recent years, major browsers have taken turns unveiling their own solutions for blocking CNAME cloaking, further reinforcing our beliefs. For example, Safari’s ITP dramatically reduced the effectiveness of CNAME blocking over five years ago.

We view the best solution for a new ecosystem as one that is based on trusted, transparent value exchanges of content or services in return for authenticated data, such as email addresses. By being transparent about who gets consumers’ data and how it is used, we can bring all parts of the ecosystem closer together. CNAME does not deliver on any part of this.


Fingerprinting is another partial solve for the end of third-party cookies that refuses to be put to rest. In contrast to ATS, fingerprinting deepens the trust deficit between marketers, browsers, and consumers.

Fingerprinting aggregates browser and/or network signals, including user agent, screen resolution, installed fonts, operating system, and device model to create a “synthetic” ID in place of a cookie. The opaque collection and use of these signals, and the creation of these identifiers, are not transparent to consumers, and consenting or opting out is difficult at best.

Any benefits that fingerprinting offers come at enormous cost: the trust of the consumer. Fingerprinting has already been condemned by every major browser, and is under regulatory scrutiny as well. Beyond being a nefarious option for the ecosystem, we don’t expect it to be an enduring solution to build your advertising stack on, or reach your consumers with. As consumers continue to become more savvy about online advertising, companies that continue to rely on this outmoded solution will find their trustworthiness and value in the market, and in consumers’ minds, dropping rapidly.

How LiveRamp is different

There’s no clearer way to say this: LiveRamp has nothing in common with CNAME or fingerprinting, and never has. 

Our Authenticated Traffic Solution (ATS) gives control back to publishers and consumers by providing authenticated first-party connectivity. By grounding the entire ecosystem in trust and transparency, publishers, marketers, and consumers are able to develop direct relationships with each other, and to gain control over their data and how it is used.

When users authenticate on publisher sites, publishers use LiveRamp javascript or call the LiveRamp API to look up LiveRamp’s corresponding people-based identifier. The identifier is returned to the publisher in an encrypted envelope and stored as a first-party cookie, which the supply side and demand side can transact on. Critically, for tighter security and to maintain consumer privacy, identifiers are encoded differently for each platform the data is sent to, and most importantly, directly identifiable personal data never leaves the publisher. 

Unlike CNAME and fingerprinting, publishers maintain control over every step of this process, integrating ATS into their first-party log-in processes. 

Furthermore, ATS is rooted in a trusted, transparent value exchange where authenticated consumers have consented to share their identity with the publisher. It does not co-op data and it doesn’t use log-ins from one site to power another. ATS helps publishers stay in the driver’s seat, control the activation and use of their data, and rebuild trusted relationships with individuals.

We’ve already publicly pledged to stand against fingerprinting. We will continue to reject solutions that do not uphold consumer trust, transparency, and control, and will continue to call on publishers, platforms, and marketers to do the same, whether the “solutions” in question are CNAME, fingerprinting, or others. 

No matter how many times these would-be solutions pop back up, the answer stays the same: the consumer and their privacy always come first.

Demo LiveRamp's Clean Room

Discover the power of LiveRamp's Clean Room, powered by Habu

Get Started