Targeted Online Advertising Itay Gonshorovitz Foundation of privacy Topics п‚Ё Introduction to online advertisement п‚¤ Understanding the participants and their roles. п‚¤ Targeted advertising. п‚Ё п‚Ё Privacy Issues Solutions п‚¤ User based solutions п‚¤ Collaborative solutions п‚Ё Conclusions Introduction п‚Ё п‚Ё Online Advertising plays a critically important role in the Internet world. advertising is the main way of profiting from the Internet, the history of Internet advertising developed alongside the growth of the medium itself Facts and short history п‚Ё п‚Ё п‚Ё п‚Ё First internet banner, 1994, AT&T. Also in 1994, the first commercial spam, a "Green Card Lottery". The first ad server was developed by FocaLink Media Services and introduced on 1995. In March 2008, Google acquired DoubleClick for US$3.1 billion in cash. Parties п‚Ё Advertiser п‚¤ Got money, wants publicity п‚¤ e.g., Coca-Cola п‚Ё Publisher п‚¤ Got content, wants money п‚¤ Cnn.com п‚Ё Ad-network п‚¤ Got advertising infrastructure, wants money п‚¤ e.g., Google AdSense, Yahoo п‚Ё Consumer п‚¤ Wants free content Business Model пЃ± пЃ± CPM = Cost Per thousand impressions п‚¤ Impression: user just sees the ad. п‚¤ Rates vary from $0.25 to $100 CPC = Cost Per Click п‚¤ This is the cost charged to an advertiser every time their ad is "clicked" on п‚¤ Rates around 0.3$ per click Click fraud п‚Ё п‚Ё clicking on an ad for the purpose of generating a charge per click without having actual interest. Might be: п‚¤ The publisher п‚¤ AdvertiserвЂ™s competitor п‚¤ The publisherвЂ™s competitor п‚Ё Ad-networks deal with it by trying to identify who clicks on the ads. Online behavioral advertising п‚Ё п‚Ё Online behavioral advertising refers to the practice of ad-networks tracking users across web sites in order to learn user interests and preferences. Benefits п‚¤ Advertisers targets a more focused audience which increases the effectively. п‚¤ Consumer is вЂњbotheredвЂќ by more relevant and interesting ads. How ad-networks match ads п‚Ё п‚Ё Most behavioral targeting systems work by categorizing users into one or more audience segments. Profiling users based on collected data п‚¤ Search history вЂ“ analyzing search keywords п‚¤ Browse history - analyzing content of visited pages п‚¤ Purchase history п‚¤ Social networks п‚¤ Geography How Ad-Networks track users п‚Ё Cookies п‚¤ 3rd Party cookies п‚¤ Flash cookies п‚Ё п‚Ё п‚Ё Web bug IP address User-agent Headers п‚¤ Browser + OS п‚¤ More than 24,000 signatures Levis.com case study Privacy п‚Ё п‚Ё п‚Ё Tracking and categorizing users by the ad-networks tend to violate userвЂ™s privacy. The gathered information, linked with the users real identity, form a violation of privacy in its most basic form. For example, if a person is searching the web for information on a serious genetic disease, that information can be collected and stored along with that consumer's other information - including information that can uniquely identify the consumer. SoвЂ¦ What we have so far? п‚Ё п‚Ё User - Preserve his privacy Ad-Network & Publisher вЂ“ п‚¤ Maintain targeting and preserve their effectiveness and income п‚¤ Still want to be able to fight click fraud п‚Ё Questions: п‚¤ Do the two goals necessarily conflict? п‚¤ Or can they be both achieved? Naive (paranoid) solution п‚Ё Surf only across anonymizing proxies. п‚¤ TOR п‚Ё п‚Ё Surf in private mode Advantages п‚¤ Effective п‚Ё from the userвЂ™s perspective. Disadvantages п‚¤ Are proxies really anonymizing? п‚¤ Very awkward п‚¤ Slower п‚¤ Damages targeted advertising TrackMeNot (Howe, Nissenbaum, 2005) п‚Ё п‚Ё п‚Ё п‚Ё п‚Ё Implemented as a Firefox plugin. Achieves privacy through obfuscation. Generates noisy queries. Starts with fixed a seed query list and evolve queries base on previous results. Mimics user behavior so fake queries be indistinguishable: п‚¤ Query timing п‚¤ Click through behavior TrackMeNot п‚Ё Advantages п‚¤ Simple п‚Ё Disadvantages п‚¤ Still the real queries can be connected to real identity. п‚¤ Might have problems with offensive contents. п‚¤ Again, damages targeted advertising Privad (Guha, Reznichenko, Tang , et al., 2009) п‚Ё Require client software: п‚¤ saves locally database of ads (served by the ad-network) п‚¤ Learn user interests in order to match ads. п‚¤ Match add from the local database according to the User interests. Privad п‚Ё Introduce new party вЂ“ Dealer: п‚¤ Proxies anonymously all communication between the user and the ad-network. п‚¤ might be government regulatory agency. п‚¤ hides userвЂ™s identity from the ad-network, but itself does not learn any profile information about the user since all messages between the user and ad-network are encrypted. Privad п‚Ё Advantages п‚¤ Ad-Networks can still target ads without violates user privacy. п‚Ё Disadvantages п‚¤ Complicated to add the new party. п‚¤ Ad-Network has to trust the dealer in order to fight click-fraud which might unmotivated them to cooperate. Adnostic (Toubina, Narayanan, Boneh, et al., 2009) п‚Ё Two party solution: п‚¤ Client side: Implemented as a Firefox plugin. п‚¤ Server side: requires Ad-Network support п‚Ё п‚Ё UserвЂ™s preferences and interests are stored locally by the plugin, instead of at the Ad-network. The targeted ad is selected by the plugin locally at the users computer, instead of at the Ad-Network servers. Adnostic - Accounting п‚Ё п‚Ё п‚Ё вЂњcharge per clickвЂќ model remains unchanged. вЂњcharge per impressionвЂќ is harder. It uses homomorphic encryption scheme. п‚¤ given the public key and ciphertexts , anyone can calculate п‚¤ given the public key and ciphertexts scalar c, can be calculated. , and Adnostic - charge per impression protocol п‚Ё п‚Ё п‚Ё п‚Ё Client: Track user activity and maintains the data locally. Visits an Ad supported website. Server: Sends a list of n ads ids along with public key The browser chooses an ad to display to the user. Then creates that matches the selected ad, then send , Along with zero-knowledge proof that and each is 0 or 1. Adnostic - charge per impression protocol пЃ± пЃ± п‚Ё Validates the proof. If the proof is valid then using homomorphic encryption calculates when c is the price of viewing the ad. The server save encrypted counter for each ad and add to it the previous values. Only one counterвЂ™s real value change. At the end of the billing period, say a month, each counter is decrypted (should be done by trusted authority) and the advertisers pays for the adnetwork. Adnostic п‚Ё Advantages п‚¤ Ad-networks can still target ads without violates user privacy. п‚¤ Ad-networks can still detect click fraud though it will be difficult without gathering information on IP even for a short time. п‚Ё Disadvantages п‚¤ Ad-networks become weaker. п‚¤ Ad-networks can still track user if they are willing to, and the protocol is built on trust. Conclusions п‚Ё п‚Ё In my opinion, It is hard to believe that ad-networks will give up the power of tracking users without legislation. Nevertheless, There are reasonable solutions that still support targeted advertising without violating users privacy. Questions? References п‚Ё п‚Ё п‚Ё п‚Ё  Daniel c. Howe and Helen Nissenbaum. Trackmenot: resisting surveillance in web search. 2005.  Saikat Guha, Bin Cheng, Alexey Reznichenko, Hamed Haddadi, and Paul Francis. Privad: Rearchitecting online advertising for privacy. 2009.  Vincent Toubiana, Arvind Narayanan Dan Boneh, Helen Nissenbaum, and Solon Barocas. Adnostic: Privacy preserving targeted advertising. 2009.  Catherine Dwyer. Behavioral targeting: A case study of consumer tracking on levis.com. In 15th Americas Conference on Information Systems, 2009..