An example
Special Report:October 5th is America's
most popular birthday.
Targeted advertising: The benign view
AdvertiserConsumer
What shall
I read next?
Anna Karenina
Red ChamberWild Things
Bleak House
Here are some
novels you might
enjoy
Private Profile
Physical characteristics:
Age: 30
Weight: 120
Height: 5’ 4”
….
Hobbies:
Butterfly collecting
Tai Chi
Archery
Favorite foods:
Chocolate
Sushi
Broccoli
Financial (from Quicken):
$110,000 / year income
House worth $300,000
$20,000 butterfly collection
Web sites recently visited (from browser):
aclu.org
yahoo.com
anybirthday.com
NegotiantNegotiantAdvertiser
if annual income > $100,000
if likes funny clothes or CEO
output “golf ad”
else
if female
output “spa ad”
else
output “cigar ad”
else
output “Walmart ad”
Alice
“spa ad”
Private Information Retrieval (PIR)
Alice’s computer
NegotiantNegotiant
“spa ad”Ads
Advertiser’s server
Spa ad
Problem: Expensive!
Scheme 1: Naïve PIR
Alice’s computer
NegotiantNegotiant
“spa ad”Ads
Advertiser’s server
Ads
Spa ad
Problems: Inefficient; no idea what ads were distributed
Scheme 2: Direct request
Alice’s computer
NegotiantNegotiant
“spa ad”Ads
Advertiser’s server
“spa ad” pleaseSpa ad
Spa ad
Basic tool: Mix network
plaintext 1
plaintext 2
plaintext 3
plaintext 4
Randomly permutes and encrypts inputs
Mix network
Opposite direction
Randomly permutes and decrypts inputs
Mix networkplaintext 1
plaintext 2
plaintext 3
plaintext 4
Scheme 3: Semi-private PIR
Alice’s computer
Ads
Advertiser’s serverBob’s computer
Carol’s computer
Darius’s computer
Mix network
“Walmart ad”
“Walmart ad”
“golf ad”
“spa ad”
“spa ad”
“golf ad”
“Walmart ad”
“Walm
art ad”
Scheme 3: Semi-private PIR
Alice’s computer
Ads
Advertiser’s serverBob’s computer
Carol’s computer
Darius’s computer
Mix network
Walmart ad
Walmart ad
golf ad
spa ad
Spa ad
spa ad
golf ad
Walmart ad
Walm
art ad
Remarks We assume advertiser may collude with
some mix servers (if not, one-server mix will do)
Ads are long, so we need a hybrid mix network– New constructions: OA00,JJ01
Other tools– Quorum controlled threshold proxy re-encryption
Aggregation and mixing can be offline
Malicious negotiant
NegotiantNegotiant Advertiser
Profile
“ad $110,000”
please
ad number =
annual income
Scheme 4: Threshold PIR
Full set of ads mixed Full privacy Plaintext Equality Testing (PET) primitive needed High cost (still better than PIR)
What are the (hoped for) benefits?
More consumer trust – Higher “opt in” rate– Truth in (requested) advertising
Complementary with P3P Mobility possible through encrypted
profile on server