Presentation on theme: "Itay Gonshorovitz Foundation of privacy Targeted Online Advertising."— Presentation transcript:
Itay Gonshorovitz Foundation of privacy Targeted Online Advertising
Topics Introduction to online advertisement Understanding the participants and their roles. Targeted advertising. Privacy Issues Solutions User based solutions Collaborative solutions Conclusions
Introduction Online Advertising plays a critically important role in the Internet world. advertising is the main way of profiting from the Internet, the history of Internet advertising developed alongside the growth of the medium itself
Facts and short history First internet banner, 1994, AT&T. Also in 1994, the first commercial spam, a "Green Card Lottery". The first ad server was developed by FocaLink Media Services and introduced on 1995. In March 2008, Google acquired DoubleClick for US$3.1 billion in cash.
Business Model CPM = Cost Per thousand impressions Impression: user just sees the ad. Rates vary from $0.25 to $100 CPC = Cost Per Click This is the cost charged to an advertiser every time their ad is "clicked" on Rates around 0.3$ per click
Click fraud clicking on an ad for the purpose of generating a charge per click without having actual interest. Might be: The publisher Advertiser’s competitor The publisher’s competitor Ad-networks deal with it by trying to identify who clicks on the ads.
Online behavioral advertising Online behavioral advertising refers to the practice of ad-networks tracking users across web sites in order to learn user interests and preferences. Benefits Advertisers targets a more focused audience which increases the effectively. Consumer is “bothered” by more relevant and interesting ads.
How ad-networks match ads Most behavioral targeting systems work by categorizing users into one or more audience segments. Profiling users based on collected data Search history – analyzing search keywords Browse history - analyzing content of visited pages Purchase history Social networks Geography
How Ad-Networks track users Cookies 3 rd Party cookies Flash cookies Web bug IP address User-agent Headers Browser + OS More than 24,000 signatures
Privacy Tracking and categorizing users by the ad-networks tend to violate user’s privacy. The gathered information, linked with the users real identity, form a violation of privacy in its most basic form. For example, if a person is searching the web for information on a serious genetic disease, that information can be collected and stored along with that consumer's other information - including information that can uniquely identify the consumer.
So… What we have so far? User - Preserve his privacy Ad-Network & Publisher – Maintain targeting and preserve their effectiveness and income Still want to be able to fight click fraud Questions: Do the two goals necessarily conflict? Or can they be both achieved?
Naive (paranoid) solution Surf only across anonymizing proxies. TOR Surf in private mode Advantages Effective from the user’s perspective. Disadvantages Are proxies really anonymizing? Very awkward Slower Damages targeted advertising
TrackMeNot (Howe, Nissenbaum, 2005) Implemented as a Firefox plugin. Achieves privacy through obfuscation. Generates noisy queries. Starts with fixed a seed query list and evolve queries base on previous results. Mimics user behavior so fake queries be indistinguishable: Query timing Click through behavior
TrackMeNot Advantages Simple Disadvantages Still the real queries can be connected to real identity. Might have problems with offensive contents. Again, damages targeted advertising
Privad (Guha, Reznichenko, Tang, et al., 2009) Require client software: saves locally database of ads (served by the ad-network) Learn user interests in order to match ads. Match add from the local database according to the User interests.
Privad Introduce new party – Dealer: Proxies anonymously all communication between the user and the ad-network. might be government regulatory agency. hides user’s identity from the ad-network, but itself does not learn any profile information about the user since all messages between the user and ad-network are encrypted.
Privad Advantages Ad-Networks can still target ads without violates user privacy. Disadvantages Complicated to add the new party. Ad-Network has to trust the dealer in order to fight click-fraud which might unmotivated them to cooperate.
Adnostic (Toubina, Narayanan, Boneh, et al., 2009) Two party solution: Client side: Implemented as a Firefox plugin. Server side: requires Ad-Network support User’s preferences and interests are stored locally by the plugin, instead of at the Ad-network. The targeted ad is selected by the plugin locally at the users computer, instead of at the Ad-Network servers.
Adnostic - Accounting “charge per click” model remains unchanged. “charge per impression” is harder. It uses homomorphic encryption scheme. given the public key and ciphertexts, anyone can calculate given the public key and ciphertexts, and scalar c, can be calculated.
Adnostic - charge per impression protocol Client: Track user activity and maintains the data locally. Visits an Ad supported website. Server: Sends a list of n ads ids along with public key The browser chooses an ad to display to the user. Then creates that matches the selected ad, then send, Along with zero-knowledge proof that and each is 0 or 1.
Adnostic - charge per impression protocol Validates the proof. If the proof is valid then using homomorphic encryption calculates when c is the price of viewing the ad. The server save encrypted counter for each ad and add to it the previous values. Only one counter’s real value change. At the end of the billing period, say a month, each counter is decrypted (should be done by trusted authority) and the advertisers pays for the ad- network.
Adnostic Advantages Ad-networks can still target ads without violates user privacy. Ad-networks can still detect click fraud though it will be difficult without gathering information on IP even for a short time. Disadvantages Ad-networks become weaker. Ad-networks can still track user if they are willing to, and the protocol is built on trust.
Conclusions In my opinion, It is hard to believe that ad-networks will give up the power of tracking users without legislation. Nevertheless, There are reasonable solutions that still support targeted advertising without violating users privacy.
References  Daniel c. Howe and Helen Nissenbaum. Trackmenot: resisting surveillance in web search. 2005.  Saikat Guha, Bin Cheng, Alexey Reznichenko, Hamed Haddadi, and Paul Francis. Privad: Rearchitecting online advertising for privacy. 2009.  Vincent Toubiana, Arvind Narayanan Dan Boneh, Helen Nissenbaum, and Solon Barocas. Adnostic: Privacy preserving targeted advertising. 2009.  Catherine Dwyer. Behavioral targeting: A case study of consumer tracking on levis.com. In 15th Americas Conference on Information Systems, 2009..