Privacy and Targeted Online Advertising

Download Report

Transcript Privacy and Targeted Online Advertising 

Targeted Online Advertising
Itay Gonshorovitz
Foundation of privacy
Topics

Introduction to online advertisement
 Understanding
the participants and their roles.
 Targeted advertising.


Privacy Issues
Solutions
 User
based solutions
 Collaborative solutions

Conclusions
Introduction


Online Advertising plays a critically important role in
the Internet world.
advertising is the main way of profiting from the
Internet, the history of Internet advertising developed
alongside the growth of the medium itself
Facts and short history




First internet banner, 1994, AT&T.
Also in 1994, the first commercial spam, a "Green
Card Lottery".
The first ad server was developed by FocaLink
Media Services and introduced on 1995.
In March 2008, Google acquired DoubleClick for
US$3.1 billion in cash.
Parties

Advertiser
 Got
money, wants publicity
 e.g., Coca-Cola

Publisher
 Got
content, wants money
 Cnn.com

Ad-network
 Got
advertising infrastructure, wants money
 e.g., Google AdSense, Yahoo

Consumer
 Wants
free content
Business Model


CPM = Cost Per thousand impressions
 Impression: user just sees the ad.
 Rates vary from $0.25 to $100
CPC = Cost Per Click
 This is the cost charged to an advertiser every
time their ad is "clicked" on
 Rates around 0.3$ per click
Click fraud


clicking on an ad for the purpose of generating a
charge per click without having actual interest.
Might be:
 The
publisher
 Advertiser’s competitor
 The publisher’s competitor

Ad-networks deal with it by trying to identify who
clicks on the ads.
Online behavioral advertising


Online behavioral advertising refers to the practice
of ad-networks tracking users across web sites in
order to learn user interests and preferences.
Benefits
 Advertisers targets a more focused audience
which increases the effectively.
 Consumer is “bothered” by more relevant and
interesting ads.
How ad-networks match ads


Most behavioral targeting systems work by
categorizing users into one or more audience
segments.
Profiling users based on collected data
 Search
history – analyzing search keywords
 Browse history - analyzing content of visited pages
 Purchase history
 Social networks
 Geography
How Ad-Networks track users

Cookies
 3rd
Party cookies
 Flash cookies



Web bug
IP address
User-agent Headers
 Browser
+ OS
 More than 24,000 signatures
Levis.com case study
Privacy



Tracking and categorizing users by the ad-networks
tend to violate user’s privacy.
The gathered information, linked with the users real
identity, form a violation of privacy in its most basic
form.
For example, if a person is searching the web for
information on a serious genetic disease, that
information can be collected and stored along with
that consumer's other information - including
information that can uniquely identify the consumer.
So… What we have so far?


User - Preserve his privacy
Ad-Network & Publisher –
 Maintain
targeting and preserve their effectiveness and
income
 Still want to be able to fight click fraud

Questions:
 Do
the two goals necessarily conflict?
 Or can they be both achieved?
Naive (paranoid) solution

Surf only across anonymizing proxies.
 TOR


Surf in private mode
Advantages
 Effective

from the user’s perspective.
Disadvantages
 Are
proxies really anonymizing?
 Very awkward
 Slower
 Damages targeted advertising
TrackMeNot (Howe, Nissenbaum, 2005)





Implemented as a Firefox plugin.
Achieves privacy through obfuscation.
Generates noisy queries.
Starts with fixed a seed query list and evolve
queries base on previous results.
Mimics user behavior so fake queries be
indistinguishable:
 Query
timing
 Click through behavior
TrackMeNot

Advantages
 Simple

Disadvantages
 Still
the real queries can be connected to real identity.
 Might have problems with offensive contents.
 Again, damages targeted advertising
Privad (Guha, Reznichenko, Tang , et al., 2009)

Require client software:
 saves locally database of ads (served by the
ad-network)
 Learn user interests in order to match ads.
 Match add from the local database according
to the User interests.
Privad

Introduce new party – Dealer:
 Proxies anonymously all communication between
the user and the ad-network.
 might be government regulatory agency.
 hides user’s identity from the ad-network, but
itself does not learn any profile information about
the user since all messages between the user and
ad-network are encrypted.
Privad

Advantages
 Ad-Networks
can still target ads without violates user
privacy.

Disadvantages
 Complicated
to add the new party.
 Ad-Network has to trust the dealer in order to fight
click-fraud which might unmotivated them to cooperate.
Adnostic (Toubina, Narayanan, Boneh, et al., 2009)

Two party solution:
 Client
side: Implemented as a Firefox plugin.
 Server side: requires Ad-Network support


User’s preferences and interests are stored locally
by the plugin, instead of at the Ad-network.
The targeted ad is selected by the plugin locally at
the users computer, instead of at the Ad-Network
servers.
Adnostic - Accounting



“charge per click” model remains unchanged.
“charge per impression” is harder.
It uses homomorphic encryption scheme.
 given
the public key
and ciphertexts
, anyone can calculate
 given the public key
and ciphertexts
scalar c,
can be calculated.
, and
Adnostic - charge per impression protocol




Client: Track user activity and maintains the data
locally.
Visits an Ad supported website.
Server: Sends a list of n ads ids along with public
key
The browser chooses an ad to display to the user.
Then creates
that matches the
selected ad, then send
, Along with zero-knowledge proof that
and
each is 0 or 1.
Adnostic - charge per impression protocol



Validates the proof. If the proof is valid then using
homomorphic encryption calculates
when c is the price of viewing the ad.
The server save encrypted counter for each ad and
add to it the previous values. Only one counter’s real
value change.
At the end of the billing period, say a month, each
counter is decrypted (should be done by trusted
authority) and the advertisers pays for the adnetwork.
Adnostic

Advantages
 Ad-networks
can still target ads without violates user
privacy.
 Ad-networks can still detect click fraud though it will be
difficult without gathering information on IP even for a
short time.

Disadvantages
 Ad-networks
become weaker.
 Ad-networks can still track user if they are willing to,
and the protocol is built on trust.
Conclusions


In my opinion, It is hard to believe that ad-networks
will give up the power of tracking users without
legislation.
Nevertheless, There are reasonable solutions that
still support targeted advertising without violating
users privacy.
Questions?
References




[1] Daniel c. Howe and Helen Nissenbaum. Trackmenot:
resisting surveillance in web search. 2005.
[2] Saikat Guha, Bin Cheng, Alexey Reznichenko, Hamed
Haddadi, and Paul Francis. Privad: Rearchitecting online
advertising for privacy. 2009.
[3] Vincent Toubiana, Arvind Narayanan Dan Boneh, Helen
Nissenbaum, and Solon Barocas. Adnostic: Privacy preserving
targeted advertising. 2009.
[4] Catherine Dwyer. Behavioral targeting: A case study
of consumer tracking on levis.com. In 15th Americas
Conference on Information Systems, 2009..