A major national connected television publisher spent three months sending improperly encrypted Unified ID 2.0 tokens through programmatic bid requests. The Trade Desk, which serves as the sole administrator of the UID2 protocol, never detected a problem. The publisher fixed the error on its own - and then noticed something equally troubling: adopting UID2 had made no measurable difference to its ad revenue anyway.

The story, reported on May 7, 2026 by AdExchanger journalist Anthony Vargas, puts fresh scrutiny on both the practical mechanics of UID2 integration and the governance structure of an identity protocol that The Trade Desk controls while simultaneously using to power its own demand-side platform.

The encryption error and how it stayed hidden

The CTV publisher source, who contacted AdExchanger anonymously, explained that their organisation had resisted UID2 adoption for years. Television and CTV platforms have traditionally relied on one-to-many targeting methods - household IDs and IP addresses - rather than the email-address-based, one-to-one approach that UID2 enables. After sustained pressure from The Trade Desk to include alternative IDs in bid requests, the publisher moved forward with UID2, choosing to become a private operator rather than delegating encryption to a public operator such as The Trade Desk itself or another authorised third party.

Private operators are responsible for hashing and encrypting audience data - typically email addresses - to generate UID2 tokens themselves. Hundreds of publishers have taken on this role. The process involves specific cryptographic requirements, and the CTV publisher's team made inadvertent errors during implementation.

According to Waseem Basheer, SVP of engineering at The Trade Desk, those errors would have produced UID2 tokens that were irreconcilable for ad targeting. "If one party is messing up the signal by mistake," Basheer told AdExchanger, "then matching will be very difficult to achieve, a lot of information will be lost in those signals and you will not get the right valuation of the [bid requests]."

Three months passed. The publisher's account representatives at The Trade Desk provided positive feedback for the publisher beginning to pass the signals. When the publisher's internal team eventually identified the flaw and corrected the encryption, the account reps did not appear to notice any difference in the data quality either. Neither the broken tokens nor their replacement prompted any comment from the DSP.

No revenue lift - positive or negative

What followed the correction was arguably more telling than the error itself. The publisher reported no noticeable impact on ad revenue - no uplift from the fixed tokens, and no degradation during the three months when bad tokens were flowing. That outcome led the publisher to conclude that advertisers were simply not decisioning on UID2 at all, and were instead defaulting to legacy signals already present in bid requests.

This creates a measurement problem with structural roots. According to the source, The Trade Desk does not provide publishers with reporting on which data signals buyers are actually transacting against. The company has told publishers it is unable to provide such reporting because of the sheer number of different signals contained within each individual bid request. Without that transparency, publishers have no mechanism to verify whether investing in UID2 infrastructure is producing any commercial return.

The absence of a revenue signal is precisely what prevented TTD from detecting the error in the first place, according to Basheer. The Trade Desk's post-approval monitoring relies on detecting anomalies - unusual fluctuations in demand that would suggest something had gone wrong with a publisher's setup. "If there is no anomaly, it is very difficult to identify the problem," he said.

How TTD describes its oversight role

During the initial approval process for private operators, Samantha Jacobson, chief strategy officer and EVP at The Trade Desk, told AdExchanger that TTD conducts extensive vetting to confirm a publisher has the proper contracts and protocols in place to create UID2 tokens. The company also provides testing tools for operators to check their setups. Beyond that initial stage, however, oversight shifts to anomaly detection rather than active monitoring.

Jacobson drew a firm distinction between TTD's role as a DSP and its role as UID2 administrator. Publishers and advertisers, she said, should not expect TTD to catch errors in UID2 setups during its ordinary DSP operations, because those two functions are separate. Even when acting as UID2 administrator, she added, it would be impractical to decrypt every UID2 token in every bid request to verify correct implementation. "There is nothing that requires any third party to sit in the middle and look at every single impression," Jacobson said, "because that just would not make sense given the volume of impressions that are considered."

The publisher found these explanations insufficient. "Even if 'administrator' and 'DSP' are separate roles, they are both roles owned by TTD's business," the source told AdExchanger.

A former Trade Desk employee, who also spoke to AdExchanger anonymously, offered a more pointed interpretation. As a DSP, they argued, TTD should have recognised that the publisher's UID2s were not driving the expected increase in demand. If account representatives had examined the data behind ad transactions rather than simply confirming that UID2 signals were being passed, they said, the representatives would have noticed that something was off. Furthermore, in the administrator role, TTD holds the cryptographic key for reconciling encrypted UID2s between buy-side and sell-side systems without exposing underlying personally identifiable information. If TTD were actually applying decryption on every applicable bid request - as might reasonably be expected of the protocol's administrator - it would have recognised that the improperly encrypted tokens could not be reconciled.

The governance problem behind UID2

The dual role at the centre of this dispute - DSP and protocol administrator - has attracted criticism since UID2's initial rollout in 2020. Some in the industry view the arrangement as a structural conflict of interest.

The Trade Desk has tried to address this before. The IAB Tech Lab was once considered as a candidate for the UID2 administrator role but declined. Today, according to Shailley Singh, COO and EVP of product at IAB Tech Lab, the organisation's role is limited to ensuring the UID2 protocol remains open source. It exercises no oversight authority beyond that.

Prebid.org was also at one point considered as a potential UID2 operator - a role distinct from administrator. According to Garett McGrath, chair of Prebid.org, the organisation would only have accepted that role on the condition that TTD did not serve as administrator. When no third party agreed to take on the administrator function, Prebid declined to become an operator. McGrath was direct about the reasoning. "Grading your own homework, being in control of that, seems a little funky," he told AdExchanger.

Jacobson acknowledged the concern but argued the private operator model has helped address perceived conflicts of interest. She added that TTD would likely still be open to a third-party administrator if the right candidate presented itself.

The governance question has practical implications that go beyond this single publisher's integration error. The OpenTTD portal launched in March 2026 consolidates UID2 alongside EUID, OpenPass, OpenAds, and OpenPath under a single developer access point - deepening TTD's structural position as both infrastructure operator and market participant. Jeff Green's $150 million bet on The Trade Desk includes a thesis that companies with deep data infrastructure will accumulate the most value in an agentic advertising environment. UID2 adoption figures are part of that narrative.

Incentives and the bidstream

Several sources who spoke to AdExchanger raised questions about the incentives surrounding UID2 adoption data. One buy-side source speculated that bid requests containing UID2 tokens might attract higher CPMs from buyers, which would in turn generate more revenue for TTD's DSP. Jacobson pushed back. Buyers typically come to TTD with fixed campaign budgets rather than target impression volumes, she explained, meaning higher CPMs on UID2-enriched impressions would reduce the number of impressions bought rather than increase TTD's total revenue from those campaigns.

The same buy-side source raised a second concern: that UID2s embedded in bid requests might give TTD's DSP a more complete picture of bidding behaviour across the programmatic ecosystem, which could be used to its advantage in auctions. Basheer acknowledged that UID2 is "a powerful signal for us to base our decisioning on," particularly for cross-device identity resolution. Jacobson noted that TTD derives similar insights from other alternative IDs that the company does not administer.

The former Trade Desk employee offered the sharpest framing. According to this source, UID2 adoption figures serve a corporate storytelling function rather than a commercial measurement function. "The company is not evaluating the actual impact of UID2 in the bidstream," they told AdExchanger. Adoption growth, in this reading, exists to validate TTD CEO Jeff Green's investment in the protocol and to maintain a public narrative around the ID's momentum.

The Trade Desk rejected that characterisation. "We have had endorsement from all of the major broadcasters," Jacobson said. "The hundreds of participants that not only are using it but have been public about their endorsement of it speaks to that."

Broader concerns about data quality in CTV

Everyone interviewed for the AdExchanger story - the publisher, The Trade Desk, and multiple outside sources - agreed that neither the publisher nor its advertisers appear to have been materially harmed by the three-month period of broken tokens. Demand continued to flow. The ad market did not penalise the error.

But the episode pointed toward a wider concern. Several sources raised the likelihood that some CTV publishers - particularly those operating FAST channels, which typically lack direct first-party access to email logins - could be generating UID2 tokens using data from third-party data brokers or otherwise unreliable sources. These concerns, the sources noted, extend beyond UID2 to the alt ID ecosystem across the CTV market more broadly.

The CTV publisher source was direct about their overall assessment: "UID2s are giving a false sense of confidence in identity in an environment where there is a lot of garbage data going in and out, with a significant amount of opacity in the middle that The Trade Desk has purposely built to eliminate accountability. There might be legitimate data there as well, but nobody ever knows, because you cannot audit and you cannot track it."

Prebid's McGrath offered a more measured view. He did not see anything necessarily wrong with TTD not decrypting every UID2 token it processes, and suggested three months is an insufficient window to draw firm conclusions. He agreed, however, that more could be done to shore up oversight of the protocol.

The CTV publisher, for their part, said their motivation for raising the issue was not to undermine UID2 or advocate for a competitor identity solution. "I am a legitimate publisher, so I hope they would build a better UID2, and then find some scammers and get rid of them. [That way], there will be more money in the marketplace for my inventory to be sold." Their account of TTD's response was less encouraging. "At a senior level, they are like, 'We have our strategy, and you have to get on board.'"

For the marketing community, the case illustrates a structural tension that runs through the current phase of programmatic CTV advertising. As The Trade Desk's growth has decelerated - 18% full-year in 2025, Q1 2026 guidance of $678 million implying roughly 10% growth - the company continues to cite UID2 adoption as a core indicator of platform health. The Galileo first-party data matching platform, launched in January 2023, was designed to work in concert with UID2 to provide omnichannel identity across all publishers, platforms, and devices. The entire commercial architecture depends on the premise that UID2 tokens in the bidstream are valid, consented, and matched against real user signals.

The CTV publisher's case suggests the architecture has gaps - and that the mechanisms for detecting those gaps are less robust than the market may have assumed.

IAB Europe's programmatic CTV guide published in April 2026 documented that 466 vendors have registered to the Transparency and Consent Framework supporting the CTV environment, and that 18 consent management platforms are validated for CTV. The question this case raises is not whether frameworks exist, but whether the data flowing through them is actually being verified.

Timeline

  • 2019: The Trade Desk's original Unified ID solution gains early SSP adoption, with BidSwitch and SpotX among first partners
  • 2020: UID2 protocol launches; The Trade Desk's dual role as DSP and sole administrator draws early criticism; Prebid.org declines to become a UID2 operator without a third-party administrator
  • January 2023The Trade Desk launches Galileo, a first-party data matching platform designed to work alongside UID2 for omnichannel identity resolution
  • 2024 (approx. early): The major national CTV publisher begins passing UID2 tokens in bid requests after years of pressure from The Trade Desk; encryption errors go undetected by TTD
  • 2024 (approx. Q2): Publisher identifies and corrects its own encryption errors after approximately three months; reports no revenue impact from either the broken or corrected tokens; TTD account reps make no comment on the change
  • February 12, 2025The Trade Desk reports its first earnings miss in 33 quarters, triggering a 27% stock decline and internal reorganisation
  • August 27, 2025: Prebid.org disables cross-exchange transaction ID functionality; The Trade Desk responds with OpenAds, a forked version of Prebid
  • February 25, 2026The Trade Desk reports full-year 2025 revenue of $2.896 billion, with 18% growth decelerating from 26% in 2024; Q1 2026 guidance of $678 million implies approximately 10% growth
  • February 28, 2026FreeWheel publishes analysis warning IP-based CTV targeting can miss 87% of households, highlighting broader identity reliability problems across programmatic CTV
  • March 4, 2026The Trade Desk launches OpenTTD, consolidating UID2, EUID, OpenPass, OpenAds, and OpenPath under a single developer portal
  • April 2026IAB Europe publishes its most detailed programmatic CTV guide to date, documenting 466 TCF-registered vendors and 18 validated CMPs for CTV environments
  • May 7, 2026: AdExchanger publishes investigation by Anthony Vargas detailing the CTV publisher's broken UID2 integration and TTD's failure to detect it; TTD confirms the errors would have made UID2 tokens useless for targeting

Summary

Who: A major national connected television publisher (anonymous), The Trade Desk (DSP and sole UID2 administrator), represented by Waseem Basheer (SVP of engineering) and Samantha Jacobson (chief strategy officer and EVP), along with Garett McGrath (chair of Prebid.org) and Shailley Singh (COO of IAB Tech Lab)

What: The publisher made inadvertent encryption errors when generating UID2 tokens as a private operator, passing invalid tokens for approximately three months. The Trade Desk, despite its dual role as DSP and UID2 administrator, did not detect the errors. After the publisher self-corrected, it reported no measurable revenue impact from UID2 adoption either before or after the fix - raising questions about the protocol's commercial value in CTV environments and the robustness of TTD's oversight mechanisms

When: The integration errors occurred in approximately early 2024 and ran for roughly three months before the publisher corrected them independently; the AdExchanger investigation was published on May 7, 2026

Where: The CTV programmatic advertising ecosystem, specifically within bid requests passing through The Trade Desk's DSP; The Trade Desk is headquartered in Ventura, California and administers the UID2 protocol globally

Why: The case matters because UID2 is the industry's most widely adopted alternative identity solution following third-party cookie deprecation, and The Trade Desk is its sole administrator while simultaneously operating the DSP that transacts on it. If errors in private operator implementations can persist undetected for months without commercial consequence - and without any reporting mechanism for publishers to verify performance - the industry's confidence in UID2 as a durable identity layer for CTV advertising may rest on assumptions that are less well-supported than its adoption figures suggest

Share this article
The link has been copied!