Every so often the trade press stops reprinting the press release and prints the true thing, and AdExchanger just did it on email-based identity in connected TV. Credit where it's due. The piece confirms what anyone who actually buys CTV has muttered in a hallway for two years: email IDs, the entire Unified ID 2.0 religion, do not work on the television. Not because the tech is fake. Because the television is the wrong place for it, and a lot of powerful people have a lot of money riding on you not noticing.

Start with the physics, because the physics is the whole story. Email is a one-to-one signal. The TV is a one-to-many device. An email is one person, one inbox. A connected TV is a couch, a household, four people watching the same screen, and exactly one of them, whoever set the thing up, is the email on file. Aim an email ID at a television and you're aiming a sniper rifle at a living room.

Everyone in the business knows it, which is why, as former monetization exec Mike Richter put it, "there's no CTV targeting out there that's solely based on a one-to-one email. You're still graphing that on a greater household." Always. WTF? The email gets dragged back onto the household it was supposed to improve on.

Now the number that should end the conversation. A landmark Truthset study for CIMM and Go Addressable, across nearly a billion IP records from six data providers, found that IP-to-email matching is accurate, on average, 16% of the time. Sixteen. The providers doing the matching agree with each other 2.8% of the time. In plain English: a campaign trying to reach ten specific households this way may have to buy roughly ten thousand impressions to find them. You are paying premium identity CPMs for something that is wrong five times out of six, and the vendors selling it agree with each other almost never.

Here's the part that turns a technical failure into a scandal: the people defending email IDs in CTV mostly aren't defending the targeting. They're defending their investment. The alt-ID space is a web of interlocking bets that this stuff becomes essential infrastructure, and those bets only pay off if everyone keeps believing the IDs work. Look at who's holding the chips. ID5, the most prominent defender, raised a Series B led by TransUnion, the credit bureau, which also took a board seat, and by Sir Martin Sorrell's S4S Ventures. ID5 called it the largest investment the identity space had ever seen. Its CEO has openly said the market will consolidate to "between three and five" scaled alt-IDs and that ID5 intends to reach 90% market penetration. A credit bureau and an ad-industry legend did not write those checks to watch the thesis quietly die. They wrote them to own a toll booth on the future of targeting.

And here is the tell, the thing that should make every buyer sit up. The defenders' own best argument is that email IDs only work when you layer them with household IDs, IP, and device graphs, never alone. Read that slowly, because it's a confession dressed as a feature. If the email ID only works when it's propped up by the household and device signals doing the actual labor, then the email ID is not doing the work. The people whose money depends on email IDs are, in their strongest defense, admitting email-only targeting on CTV doesn't work. They're just hoping you hear "use it as one signal" instead of "it can't stand on its own."

So put it together. The signal is wrong for the medium. The matching is right one time in six. The defenders concede it can't work alone. And the loudest voices insisting it's the future are the ones with money in the toll booth. Which leaves exactly one question, the one AdExchanger was too polite to ask: if it doesn't work, why are you still buying it, and who profits when you do?

That's Part Two. It's the part with the FAST-channel broker emails, the screens on your toaster, and the reason this broken thing refuses to die.

The ad tech industry has spent the post-cookie years selling a replacement, and a big piece of that replacement runs on email. Hash an address, pass it between partners, and you can supposedly recognize the same person across the web without the old third-party cookie. It is cleaner in the pitch deck than it is in practice, and a handful of people who study this closely have been saying so, each for a different reason.

Start with scale. Deterministic email matching only works for people who are logged in. That is a minority of traffic on most sites, which means the technique is accurate exactly where it has the least reach. Michael P. Greco, writing for AdExchanger, has framed match rates as the real addressability problem rather than a footnote to it, with particular skepticism toward IP-to-email matching, which he argues is often inaccurate. The signal is strong when present and simply absent the rest of the time.

Then there is decay. An email identifier rarely travels from publisher to buyer in one hop. It passes through partners, and each handoff is a chance for the match to weaken. Digiday's reporting has described how accuracy declines as more ad tech intermediaries get involved, and Digital Content Next has warned that hashed email is more fragile and limited in reach than its boosters suggest, a problem made worse by changes like Apple's Hide My Email.

The privacy researchers are making a separate argument, and it is worth keeping it separate. Ed Felten, the former FTC Chief Technologist, has long argued that hashing does not make data anonymous, a point the FTC echoed in 2024: a hash still produces a unique signature that can follow a person over time. The Princeton CITP team made the sharper version in "Four cents to deanonymize," arguing that hashed emails can be reversed and that calling them anonymous is misleading. Note that this is not a complaint that matching fails. It is a complaint that it works well enough to track you while being marketed as if it does not.

That distinction matters. The accuracy critics say the system catches too few people. The privacy critics say it identifies them too well. Those are close to opposite worries, and lumping them into one verdict would flatten what is actually going on.

Vendors are not hiding all of this, which is the genuinely interesting part. ID5, one of the larger identity providers, says plainly that deterministic matching depends on publisher-provided signals like hashed email, and that the logged-in universe is small enough to create a scale problem. The Adstra critique goes further, arguing that current deterministic matching is nowhere near fully accurate and sometimes only pretends to be.

None of this means email matching is broken. It means the honest version of the pitch is narrower than the marketing one: accurate where people are logged in, leaky as it moves between systems, and never as anonymous as the word "hashed" is meant to imply. The replacement for the cookie turns out to have limits of its own, and the people who know the technology best are the ones saying so.

Author's note: I have been in contact with the FTC about these issues. The agency has expressed interest and asked me to provide further information, technological and otherwise.

While the trades were politely calling CTV identity "an evolving space," ADOTAT+ ran the autopsy.

This month, subscribers got the two-part investigation the rest of the industry won't print: the technical teardown of why hashed email was never built for the living room, and the follow-the-money piece on who's keeping the broken thing alive anyway.

The stuff your $99 bought, that nobody else is saying out loud:

The 16% number. A 2025 Truthset study across a billion emails found IP-to-email matching accurate one time in six, with 90% of vendor linkages not even overlapping. Six companies, six versions of you, agreeing almost never. We put it where it belongs: tattooed inside every media plan.

The CEO who can't explain his own product. We walked through ID5's Mathieu Roche reaching for four definitions of one product, describing his database as "decentralized but one central repository," and quoting match accuracy as "high enough." When the category's loudest CEO needs a language, a currency, and a contradiction to describe the thing, that's the story.

The FTC angle nobody connected. A French-owned company sitting on a central repository of American consumers' identity data, at the exact moment Washington treats foreign control of citizen data as a national concern. We confirmed the regulator is asking.

The company nobody will buy. Sources tell us ID5 and its investors have shopped the company and found no buyer. You don't buy a toll booth on a road that goes nowhere. The market is voting with its wallet, and the vote is no.

The fraud tell. Why manufacture an identity for a screen at all? Because a logged-in human doesn't need one. We drew the through-line the polite coverage won't: in the ugliest corners of CTV, the token isn't there to find your viewer, it's there to convince you a fraudulent impression was a person.

And the part actually worth the subscription: the five-point buyer's playbook. Go direct to logged-in inventory. Treat a standalone email ID as a red flag, not a feature. Make them prove the human, not the token. Make them explain it in one sentence and tell you who holds the data. Pay for the audit, it's a rounding error against what you're being charged.

Everyone else gave you the diagnosis. ADOTAT+ gave you the wiring, the names, the regulator, and the exit strategy.

The next one is already in the works. Subscribe before you find out what it costs to have missed it.