Itay Gonshorovitz Foundation of privacy Targeted Online Advertising.

Itay GonshorovitzFoundation of privacy

Targeted Online Advertising

Topics

Introduction to online advertisement Understanding the participants and their

roles. Targeted advertising.

Privacy Issues Solutions

User based solutions Collaborative solutions

Conclusions

Introduction

Online Advertising plays a critically important role in the Internet world.

advertising is the main way of profiting from the Internet, the history of Internet advertising developed alongside the growth of the medium itself

Facts and short history

First internet banner, 1994, AT&T.

Also in 1994, the first commercial spam, a "Green Card Lottery".

The first ad server was developed by FocaLink Media Services and introduced on 1995.

In March 2008, Google acquired DoubleClick for US$3.1 billion in cash.

Parties Advertiser

Got money, wants publicity e.g., Coca-Cola

Publisher Got content, wants money Cnn.com

Ad-network Got advertising infrastructure, wants money e.g., Google AdSense, Yahoo

Consumer Wants free content

Business Model

CPM = Cost Per thousand impressions Impression: user just sees the ad. Rates vary from $0.25 to $100

CPC = Cost Per Click This is the cost charged to an

advertiser every time their ad is "clicked" on

Rates around 0.3$ per click

Click fraud

clicking on an ad for the purpose of generating a charge per click without having actual interest.

Might be: The publisher Advertiser’s competitor The publisher’s competitor

Ad-networks deal with it by trying to identify who clicks on the ads.

Online behavioral advertising

Online behavioral advertising refers to the practice of ad-networks tracking users across web sites in order to learn user interests and preferences.

Benefits Advertisers targets a more focused

audience which increases the effectively.

Consumer is “bothered” by more relevant and interesting ads.

How ad-networks match ads Most behavioral targeting systems work

by categorizing users into one or more audience segments.

Profiling users based on collected data Search history – analyzing search keywords Browse history - analyzing content of visited

pages Purchase history Social networks Geography

How Ad-Networks track users Cookies

3rd Party cookies Flash cookies

Web bug IP address User-agent Headers

Browser + OS More than 24,000 signatures

Levis.com case study

Privacy

Tracking and categorizing users by the ad-networks tend to violate user’s privacy.

The gathered information, linked with the users real identity, form a violation of privacy in its most basic form.

For example, if a person is searching the web for information on a serious genetic disease, that information can be collected and stored along with that consumer's other information - including information that can uniquely identify the consumer.

So… What we have so far?

User - Preserve his privacy Ad-Network & Publisher –

Maintain targeting and preserve their effectiveness and income

Still want to be able to fight click fraud Questions:

Do the two goals necessarily conflict? Or can they be both achieved?

Naive (paranoid) solution

Surf only across anonymizing proxies. TOR

Surf in private mode Advantages

Effective from the user’s perspective. Disadvantages

Are proxies really anonymizing? Very awkward Slower Damages targeted advertising

TrackMeNot (Howe, Nissenbaum, 2005)

Implemented as a Firefox plugin. Achieves privacy through obfuscation. Generates noisy queries. Starts with fixed a seed query list and

evolve queries base on previous results. Mimics user behavior so fake queries be

indistinguishable: Query timing Click through behavior

TrackMeNot

Advantages Simple

Disadvantages Still the real queries can be connected to

real identity. Might have problems with offensive

contents. Again, damages targeted advertising

Privad (Guha, Reznichenko, Tang , et al., 2009)

Require client software: saves locally database of ads (served

by the ad-network)

Learn user interests in order to match ads.

Match add from the local database according to the User interests.

Privad

Introduce new party – Dealer: Proxies anonymously all communication

between the user and the ad-network. might be government regulatory

agency. hides user’s identity from the ad-

network, but itself does not learn any profile information about the user since all messages between the user and ad-network are encrypted.

Privad

Advantages Ad-Networks can still target ads without

violates user privacy. Disadvantages

Complicated to add the new party. Ad-Network has to trust the dealer in order

to fight click-fraud which might unmotivated them to cooperate.

Adnostic (Toubina, Narayanan, Boneh, et al., 2009)

Two party solution: Client side: Implemented as a Firefox plugin. Server side: requires Ad-Network support

User’s preferences and interests are stored locally by the plugin, instead of at the Ad-network.

The targeted ad is selected by the plugin locally at the users computer, instead of at the Ad-Network servers.

Adnostic - Accounting

“charge per click” model remains unchanged.

“charge per impression” is harder. It uses homomorphic encryption scheme.

given the public key and ciphertexts , anyone can calculate

given the public key and ciphertexts , and scalar c, can be calculated.

Adnostic - charge per impression protocol

Client: Track user activity and maintains the data locally.

Visits an Ad supported website. Server: Sends a list of n ads ids along with

public key The browser chooses an ad to display to the

user. Then creates that matches the selected ad, then send , Along with zero-knowledge proof that and each is 0 or 1.

Adnostic - charge per impression protocol

Validates the proof. If the proof is valid then using homomorphic encryption calculates

when c is the price of viewing the ad. The server save encrypted counter for each ad and

add to it the previous values. Only one counter’s real value change.

At the end of the billing period, say a month, each counter is decrypted (should be done by trusted authority) and the advertisers pays for the ad-network.

Adnostic

Advantages Ad-networks can still target ads without

violates user privacy. Ad-networks can still detect click fraud

though it will be difficult without gathering information on IP even for a short time.

Disadvantages Ad-networks become weaker. Ad-networks can still track user if they are

willing to, and the protocol is built on trust.

Conclusions

In my opinion, It is hard to believe that ad-networks will give up the power of tracking users without legislation.

Nevertheless, There are reasonable solutions that still support targeted advertising without violating users privacy.

Questions?

References

[1] Daniel c. Howe and Helen Nissenbaum. Trackmenot: resisting surveillance in web search. 2005.

[2] Saikat Guha, Bin Cheng, Alexey Reznichenko, Hamed Haddadi, and Paul Francis. Privad: Rearchitecting online advertising for privacy. 2009.

[3] Vincent Toubiana, Arvind Narayanan Dan Boneh, Helen Nissenbaum, and Solon Barocas. Adnostic: Privacy preserving targeted advertising. 2009.

[4] Catherine Dwyer. Behavioral targeting: A case study

of consumer tracking on levis.com. In 15th Americas

Conference on Information Systems, 2009..