adnostic: privacy preserving targeted advertising
DESCRIPTION
Adnostic: Privacy Preserving Targeted Advertising. Rachel Stonehirsch and Nan Wu. Online Behavioral Advertising. Track users across web sites to infer user interests and preferences Better ad placement Not a new practice 1990s: DoubleClick used 3rd party cookies to track users. Parties. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/1.jpg)
Adnostic: Privacy Preserving Targeted
Advertising
Rachel Stonehirsch and Nan Wu
![Page 2: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/2.jpg)
Online Behavioral Advertising• Track users across web sites to infer user
interests and preferences
• Better ad placement
• Not a new practiceo 1990s: DoubleClick used 3rd party cookies to track
users
![Page 3: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/3.jpg)
Parties
• Advertisero Has an online ad to embed in web pages
• Publishero Owns web pages and is willing to place ads from
others
• Ad-networko Collects ads/payment from advertiserso Places ads on publisher pages
![Page 4: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/4.jpg)
Parties
• Content Distribution Network(CDN)- "Collude" with ad network
• Trusted third party- Cryptographic service provider
- Not "collude" with any other parties
![Page 5: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/5.jpg)
Tracking
• Associate an identifier with a user
• Cookies, IP address and User-Agent strings
![Page 6: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/6.jpg)
Privacy
• Privacy and consumer advocacy groups concerned about how OBA affects privacy
• Argument:o Behavioral targeting is inherently in conflict with
privacy
• Our work shows that it is possible to have effective targeted advertising and still preserve privacy
![Page 7: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/7.jpg)
Privacy Threat s
• Clickstream
• Behavioral profile
• Ad impression history
• Ad click history
![Page 8: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/8.jpg)
Adnostic
• A Firefox extension
• Uses browsing history database
• Runs behavioral targeting algorithm in browser
o User information not leaked outside the browser
Motivation: A complement, not a replacement
![Page 9: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/9.jpg)
Adnostic
• Cryptographic techniques for accurate billing
• Only click history is provided to ad network
o Against click fraud scams
o Available from advertisers
![Page 10: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/10.jpg)
Why adnostic?
1. Pleasure privacy-conscious publishers
2. More visibility
3. Maybe better than user tracking
4. Private browsing mode
5. User control
6. Standardized segmentation
![Page 11: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/11.jpg)
Adnostic Architecture: Targeting with Privacy
1. Behavior profiling
2. Ad insertion
3. Accounting
![Page 12: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/12.jpg)
Behavioral Profiling
• Continually updates interest categorizations
• More than interest: intent and influence
• User sessions: keystroke dynamic or last few pages viewed
![Page 13: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/13.jpg)
Ad Insertion
• Ad-network detects Adnostic
• A list of n ads is send back, each with a classification
• One of n ads is chosen to display
![Page 14: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/14.jpg)
Billing: Charge per Click Model
• Users click on ad and re-directed to advertiser's site
• Billing takes place directly at the site
![Page 15: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/15.jpg)
Billing: Charge per Impression Model
• N ads are pushed to the browser
• One ad is displayed to user
• One advertiser is chargedo How can the ad-network charge the correct
advertiser without knowing which ad was displayed?
• Solution:o Additively homomorphic encryptiono Zero knowledge proofs
![Page 16: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/16.jpg)
Homomorphic Encryption
• Given public key pk
• Given ciphertexts E(pk, x1) and E(pk, x2)o Can create ciphertext E(pk, x1 + x2)o Can create ciphertext E(pk, c*x) for any scalar
c
![Page 17: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/17.jpg)
Billing: Initialization
• �Ad-network identifies ad by an ID
• �Ad-network stores each ad and encrypted
counter, CID
• �When ad is first uploaded
o CID E(pk, 0)
![Page 18: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/18.jpg)
Billing: Ad Insertion• Ad-network sends pk and n ads to browser
o (pk, ad1, ad2, ...,adn)
• Browser chooses ad to display to usero Creates binary vector v with n componentso Encrypt each element of v using pk and send to ad-
network with zero-knowledge proofs (E(pk, v1),...,E(pk,vn))
![Page 19: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/19.jpg)
Billing: Ad Insertion
• Ad-network multiplies vector by co (E(pk, c*v1),...E(pk,c*vn))
• Ad-network adds encrypted vector values to each ad's encrypted countero Result: Quantity c is added to counter of ad
displayed
![Page 20: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/20.jpg)
Billing: Settlement
• Ad-network sends encrypted counters to a trusted third party (TTP)
• TTP decrypts counters and sends response to ad network
![Page 21: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/21.jpg)
Implementation
• User Profiling Moduleo Monitors browsing activity to build a list of user
interests
• Ad Rendering Moduleo Selects ads based on user profileo Inserts ads into the web pages
![Page 22: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/22.jpg)
Implementation: User Profiling
• Adnostic extracts keywords from the page meta-data and the URL
• List of keywords used to retrieve categories related to page content
• Categories derived from all pages visited used to make up profile
![Page 23: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/23.jpg)
Implementation: In-Browser Categorization
• Adnostic comes with:o List of categorieso Cosine-similarity matrix
Used to compute categories for a list of keywords obtained from a web page
![Page 24: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/24.jpg)
Implementation: Ad Rendering
• Ad-network sends to the browser:o List of behavioral categorieso A score representing relevancy of the ado For each extension any numerical parameters that
the extension accepts
• Browser creates combined score for each ado Uses score sent by ad-network o Uses how well list of categories match the user's
profile
![Page 25: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/25.jpg)
Implementation: Ad Rendering
• adnostic.render()o Attributes are an id, url, and targeting inputs
described earlier, height and width parameters, and cryptographic key
• Browser creates n DOM elements
• All ads are downloadedo Only one is displayed to the user
![Page 26: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/26.jpg)
Evaluation
• Based on advertisement rendering delay• Observe impact on page loading time
• Websites cano Publish many adso Intensively use scriptso Include external elements that take time to load
• Adnostic increases loading dealyo Might be negligible on heavy websiteso Might affect lightweight websites
![Page 27: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/27.jpg)
Evaluation
1. SlashDot• Lightweight website (3 banner ads)
1. ReadWriteWeb• Heavy website( 13 banner ads and
content from external websites) 1. WeSecretSoftwareClub
• Lightweight website (3 text ads)1. TheRegister
• Publishes text ads and banners.
![Page 28: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/28.jpg)
Evaluation: Ad Rendering Time
• Website 3 achieves fastest rendering timeo Publishes only text ads
• Faster when 10 text ads are downloaded• Time increases when banner ad are
displayed• Time to download 10 banner is similar to
time to download 20 text ads
![Page 29: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/29.jpg)
Evaluation: Page Loading Time• In general, impact on loading time was low• Website 2
o Includes external content and publishes many adso To load page, browser opens many connectionso Firefox limits number of simultaneous connections
• Solution: o Increase number of simultaneous connections
Degrade browsing experience
• Alternative: Fetch n ads via a single HTTP request
![Page 30: Adnostic: Privacy Preserving Targeted Advertising](https://reader030.vdocuments.us/reader030/viewer/2022012919/56815cca550346895dcad525/html5/thumbnails/30.jpg)
Conclusion
• Address issues between tension surrounding behavioral targeting and user privacy
• Primary goal: Create a system that would preserve user privacy and still serve ads effectively
• Complement existing ad infrastructure not replace it