Project Rearc – Everything You Need to Know

Updated on: December 18, 2023
“We are not advocating for the broad collection, use or sharing of email addresses or phone numbers as IDs across the ecosystem. We specifically proposed this should NOT happen.”

The third-party cookie has been the backbone of the open web for more than two decades. It helped the industry in tracking and identifying users so that personalized ads can be targeted to the right audience. The revenue from the advertising has funded the free and open internet so far. The cookie had many benefits but many shortcomings as well.

One of the problems with the third-party cookie was the extensive amount of pixel-syncing for identification. The number of pixel syncing events rises exponentially with every addition of a third-party vendor. For instance, 4 parties involved in tracking a user will sync pixels 12 times, whereas when the number of parties rises to 8 then the syncing process will take place 56 times. This exponential growth of third-party requests (pixel syncing) also grows the risk for the user’s privacy.

More and more browsers are now coming up with a promise of letting users surf the Internet without tracking. To deliver the promise, the browsers are blocking the third-party cookie. Apart from the smaller players like Brave, prominent browsers like Safari and Mozilla Firefox have pulled their plugs on the third-party cookie. In the coming 18 months, Google’s Chrome Browser, the biggest browser in the market, will also stop supporting the cookie.

If tracking becomes impossible then advertisers will start going to publishers with first-party data because it’ll be very difficult to show relevant ads to the users on the open web. Only the walled gardens and big publishing brands would survive because not every publisher is capable of convincing its users to solicit their personal information.

Many publishers would lose their businesses. Project Rearc (Re-architecture) is one of the many initiatives in the industry that are being taken to avoid this from happening. The initiative is being carried out by the Interactive Advertising Bureau (IAB).

What is Project Rearc?

First announced in February 2020 at IAB’s annual meeting in California, Project Rearc is an initiative to develop a framework for the post-cookie era. If it is adopted by the industry, the framework will help in saving the current state of online advertising. As a result, the open web will be saved from the existential crisis brought by the death of the third-party cookie. 

The project is at its infancy stage where the potential solutions are being proposed. 

The technology required to implement the suggestions has not been deployed so far. The project has a long way to go and no one can definitively say anything about the final outcome. So, there are possibilities that the current proposals get scrapped down and new methods may come up. 

What does Project Rearc Suggest?

There has been a lack of clarity in the industry about what the probable solution would be. When Adexchanger released its article on Project Rearc, it gave emphasis as using email and phone numbers as the basis of the identifiers for targeting.

“The IAB’s proposal hinges on using a hashed, encrypted email address, or phone number. That ID will be passed through the normal programmatic chain: publisher to SSP to DSP to the marketer.”


The IAB already has NetID as one of its members. NetId is known for providing a similar single login setup to university students for accessing multiple university services like Office 365 email, student records, payroll information, etc. It can make us think that the project will result in a solution that uses a single login system for users to browse across the open web. Logged-in users can later be targeted by advertisers via the encrypted IDs. The users can also have the required controls to manage privacy settings and permitting ad buyers to target them.

As one can expect, the above description brought a lot of skepticism in the industry. “The idea of tying advertising to something as permanent as an email address or phone number alarmed some in the room.”, says Adexchanger referring to the press conference where the CEO of IAB spoke about Project Rearc.

So is Project Rearc proposing an ID-based solution?

We cannot say because the SVP from IAB specifically said that hashes are not secure and they are not proposing an ID product.

IAB - Project Rearc - Industry Response - Twitter

To declare it officially, the IAB said the same thing on their blog:

Tech Lab is not creating an identifier product/service. We are not advocating for the broad collection, use or sharing of email addresses or phone numbers as IDs across the ecosystem. We specifically proposed this should NOT happen.”

In the same blog, the IAB explains what it is doing but the explanation is still vague. It says that addressability in the future might only exist in the future via “a consumer-provided, consented identifier tied to privacy preferences”. Email is just an example of how brands and publishers use such “consumer-provided identifiers” today. It further gives three more points about what it is doing but they aren’t specified yet.

IAB What we are doing - Project Rearc

So far what we could conclude from IAB’s clarifications is that it is trying to build a solution that’ll rely on the user’s consensually provided information. We cannot be sure that this information will be in the form of an email address or phone number.

Project Rearc is about Standards

The concept of consumer-provided identifiers was later clarified in the first Project Rearc webinar and it turns out that the project is more about industry standards rather than emails and phone numbers. The IAB will facilitate the formation of technical standards and guidelines that’ll help in identifying the consumers without the third-party cookie.

Role of IAB in Project Rearc

At the technical level, IAB will work with browsers and W3C to form stands to enable cross-platform interoperability. At the site level, it’ll develop content taxonomies. And at the first-party level, it’ll develop audience taxonomies. When the first-party data holders, other publishers, and browsers will define the audience in the same standard, then it’ll be possible for the third-parties to identify users across multiple publishers.

When the first-party data holders, other publishers, and browsers will define the audience in the same standard, then it’ll be possible for the third-parties to identify users across multiple publishers.

Role of IAB in Project Rearc 2

So, say you have subscribed to the NYT with your email address (consumer-provided identifier), and you have also subscribed to the WSJ in the same way then the third parties working between both the publishers can identify you without the use of any third-party cookie.

So, what about the publishers with no consumer-provided identifiers? Well, it was one of the initial questions during the webinar and IAB’s response is that such publishers will have lesser addressability. They’ll have to rely on platforms and solutions like Google’s Privacy Sandbox.

What’s Next?

IAB has been working for the industry for a long time. It has provided many solutions in the past. The cookie problem may go on for a long time but there’ll definitely be a solution for it. People are skeptical about the dependency on emails and phone numbers but IAB was referring to the consumer-provided identifiers that many publishers are already collecting successfully.

So far the Project Rearc has only talked about how the third parties can be enabled to serve personalized experiences to the audience without third cookies. But such personalization is limited to publishers with first-party data. A true solution for the open web is the need of the hour, but it hasn’t been addressed yet.

News and Tips for Publishers

Get the inside scoop on publishing and programmatic with our 5-minute newsletter.