Targeted Advertising… and Privacy Too

Targeted Advertising… and Privacy Too

Ari Juels RSA Laboratories

Buy me!

Targeted advertising: One View

Anti-

dandruff

Buy me!

Anti-wrinkleCream

Buy metoo!

An example

Special Report:October 5th is America's

most popular birthday.

Anybirthday.com targeted gift recommendations

Hiking/sports book

Anti-aging cream

Targeted advertising: The benign view

AdvertiserConsumer

What shall

I read next?

Anna Karenina

Red ChamberWild Things

Bleak House

Here are some

novels you might

enjoy

The other view: Consumer privacy

Consumer

Browser cookies

Our Goal

AdvertiserConsumer

+

Privacy Efficiency

Private Profile

Physical characteristics:

Age: 30

Weight: 120

Height: 5’ 4”

….

Hobbies:

Butterfly collecting

Tai Chi

Archery

Favorite foods:

Chocolate

Sushi

Broccoli

Financial (from Quicken):

$110,000 / year income

House worth $300,000

$20,000 butterfly collection

Web sites recently visited (from browser):

aclu.org

yahoo.com

anybirthday.com

Negotiant

NegotiantNegotiant

Advertiser

Profile

Ad request

NegotiantNegotiantAdvertiser

if annual income > $100,000

if likes funny clothes or CEO

output “golf ad”

else

if female

output “spa ad”

else

output “cigar ad”

else

output “Walmart ad”

Alice

“spa ad”

Private Information Retrieval (PIR)

Alice’s computer

NegotiantNegotiant

“spa ad”Ads

Advertiser’s server

Spa ad

Problem: Expensive!

Scheme 1: Naïve PIR

Alice’s computer

NegotiantNegotiant

“spa ad”Ads

Advertiser’s server

Ads

Spa ad

Problems: Inefficient; no idea what ads were distributed

Scheme 2: Direct request

Alice’s computer

NegotiantNegotiant

“spa ad”Ads

Advertiser’s server

“spa ad” pleaseSpa ad

Spa ad

Basic tool: Mix network

plaintext 1

plaintext 2

plaintext 3

plaintext 4

Randomly permutes and encrypts inputs

Mix network

Opposite direction

Randomly permutes and decrypts inputs

Mix networkplaintext 1

plaintext 2

plaintext 3

plaintext 4

Scheme 3: Semi-private PIR

Alice’s computer

Ads

Advertiser’s serverBob’s computer

Carol’s computer

Darius’s computer

Mix network

“Walmart ad”

“Walmart ad”

“golf ad”

“spa ad”

“spa ad”

“golf ad”

“Walmart ad”

“Walm

art ad”

Scheme 3: Semi-private PIR

Alice’s computer

Ads

Advertiser’s serverBob’s computer

Carol’s computer

Darius’s computer

Mix network

Walmart ad

Walmart ad

golf ad

spa ad

Spa ad

spa ad

golf ad

Walmart ad

Walm

art ad

Scheme 3: A little more detail

Alice, ad requestname , “spa ad”

name , “spa ad”

Scheme 3: A little more detail

name Spa ad

,Alice, ad

Remarks We assume advertiser may collude with

some mix servers (if not, one-server mix will do)

Ads are long, so we need a hybrid mix network– New constructions: OA00,JJ01

Other tools– Quorum controlled threshold proxy re-encryption

Aggregation and mixing can be offline

Malicious negotiant

NegotiantNegotiant Advertiser

Profile

“ad $110,000”

please

ad number =

annual income

Spotting Malicious Negotiants

Open source negotiants “Sandbox” approach Third-party validation

Scheme 4: Threshold PIR

Full set of ads mixed Full privacy Plaintext Equality Testing (PET) primitive needed High cost (still better than PIR)

What are the (hoped for) benefits?

More consumer trust – Higher “opt in” rate– Truth in (requested) advertising

Complementary with P3P Mobility possible through encrypted

profile on server

Questions?