paul francis (mpi-sws) ruichuan chen (mpi-sws) bin cheng (nec research)

Paul Francis (MPI-SWS)Ruichuan Chen (MPI-SWS)Bin Cheng (NEC Research)Alexey Reznichenko (MPI-SWS)Saikat Guha (MSR India)

Privad Overview and Private Auctions

Can we replace current advertising systems with one that is private enough, and targets at least as well?

Can we replace current advertising systems with one that is private enough, and targets at least as well?• Follows today’s business model

• Advertisers bid for ad space, pay for clicks• Publishers provide ad space, get paid for clicks

• Deal with click fraud• Scales adequately

• Follows today’s business model• Advertisers bid for ad space, pay for clicks• Publishers provide ad space, get paid for clicks

• Deal with click fraud• Scales adequately

Can we replace current advertising systems with one that is private enough , and targets at least as well?

• Most users don’t care about privacy• But privacy advocates do, and so do governments• Privacy advocates need to be convinced

• Most users don’t care about privacy• But privacy advocates do, and so do governments• Privacy advocates need to be convinced

Can we replace current advertising systems with one that is private enough , and targets at least as well?

Our approach:• “As private as possible”• While still satisfying other goals• Hope that this is good enough

Our approach:• “As private as possible”• While still satisfying other goals• Hope that this is good enough

Can we replace current advertising systems with one that is private enough, and targets at least as well?

A principle: Increased privacy begets better targetingA principle: Increased privacy begets better targeting

Today’s advertising model(simplified)

Client

AdvertisersPublishers

Trackers

Broker (Ad exchange)


Client

AdvertisersPublishers UU

Trackers

U

Trackers track usersCompile user profileTrackers track usersCompile user profile


U

Client

Publishers UU

Trackers

U

U

Trackers may share profiles with advertisers?

Trackers may share profiles with advertisers?

Advertisers

U

U

Client

Publishers UU

Trackers

U

U

Advertisers

U

Client gets webpage withadbox


U

Client

Publishers UU

Trackers

U

U

Advertisers

U

Client tells broker of page


U

Client

Publishers UU

Trackers

U

U

Advertisers

U

Broker launches auction (for given user visiting given webpage ….)Also does clickfraud etc.

Broker launches auction (for given user visiting given webpage ….)Also does clickfraud etc.


U

Client

Publishers UU

Trackers

U

U

Advertisers

U

(alternatively the publisher could have launched the auction)

(alternatively the publisher could have launched the auction)


U

Client

Publishers UU

Trackers

U

U

Advertisers

U

Advertisers present bids and ads

Advertisers present bids and ads



U

Client

Publishers UU

Trackers

U

U

Advertisers

U

Broker picks winners, delivers ads

Broker picks winners, delivers ads

U

Client

Publishers UU

Trackers

U

U

Advertisers

U


User waits for this exchangeUser waits for this exchange

U

Client

Publishers UU

Trackers

U

U

Advertisers

U

Various reporting of results . . . .

Various reporting of results . . . .


Broker

Publishers

Clients

Advertisers

SA

U

Dealer

Privad Basic Architecture

Broker

Publishers

Clients

Advertisers

SA

U

A

Dealer

Learn interest in tennis shoes

Learn interest in tennis shoes

Broker

Publishers

Clients

Advertisers

SA

U

A

A

Anonymous request for tennis shoes

Dealer

Broker

Publishers

Clients

Advertisers

SA

U

A

A

Relevant and non-relevant ads stored locally

Dealer

ICCCN 2010 23

Chan: {Interest, Region, Language}Ad: {AdID, AdvID, Content, Targeting, . . . .}

Key K unique to this request

Dealer knows Client requests some channel

Broker knows some Client requests this channel

Dealer cannot link requests

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

A

A

Webpage withadbox

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

A

A

Ad is delivered locally

Minimal delay

May or may not be related to page context

Broker

Publishers

Clients

Advertisers

SA

U

A

A

View or click is reported to Broker via Dealer

Dealer

ICCCN 2010 27

Dealer learns client X clicked on some ad

Broker learns some client clicked on ad Y

At Broker, multiple clicks from same client appear as clicks from multiple clients

Report: {AdID, PubID, EvType}

ICCCN 2010 28

rid: Report IDUnique for every report

List of sus-pected rid’s

Used to (indirectly) inform Dealer of suspected attacking Clients

Dealer remembers rid↔Client mappings

Client with many reported rid’s is suspect

Many interesting challenges

Click fraud and auction fraud2nd-price, pay-per-click auctionHow to do profilingProtecting user from malicious advertisers

….and still have good targetingGathering usage statistics and correlationsAccommodating multiple clients

Dynamic bidding for ad boxesCo-existing with today’s systems

Advertising auctions today

• Almost all auctions are second price

• Most auctions are Pay Per Click (PPC)

Bid1: $2

Bid2: $3

Bid3: $1Bid3: $4

Bid1: $5

Bid3: $6

Bid2: $7

Bid1: $5

Bid3: $6

Bid2: $7

Second Price Auction

• Winner pays bid+δ of next ranked bidder

• Bidders can safely bid maximum from the start

Bid1: $5 ($5)

Bid3: $6 ($6)

Bid2: $7 ($9)


• Winner pays bid+δ of next ranked bidder

• Bidders can safely bid maximum from the start

Maximum bid

Bid1: ($5)

Bid3: ($6)

Bid2: ($9)


• Bidder 2 is 1st ranked– Pays $6+1¢=$6.01

• Bidder 3 is 2nd ranked– Pays $5+1¢=$5.01

Bid1: $5

Bid3: $6

Bid2: $9

What about PPC (pay per click)?

P(C)=0.4

P(C)=0.1

P(C)=0.1 ClickProbabilities

Bid1: $5

Bid3: $6

Bid2: $9


P(C)=0.4 $2.0

P(C)=0.1 $0.6

P(C)=0.1 $0.9

ExpectedRevenue

Expected Revenue = Bid X Click Probability


Bid1: $5 P(C)=0.4 $2.0

Ad Rank= Bid X Click Probability

Bid3: $6

Bid2: $9

P(C)=0.1 $0.6

P(C)=0.1 $0.9

What does bidder 1 pay???

Bid1: $5 P(C)=0.4

Bid3: $6

Bid2: $9

P(C)=0.1

P(C)=0.1

What does bidder 1 pay???

Bid1: $5 P(C)=0.4

Certainly not $9+1¢=$9.01

Bid3: $6

Bid2: $9

P(C)=0.1

P(C)=0.1

Google Second Price Auction

Bid1: $5 P(C)=0.4

CPC = Bid next

Bid3: $6

Bid2: $9

P(C)=0.1

P(C)=0.1


P(C) nextP(C) clicked

Google Second Price Auction

Bid1: $5 P(C)=0.4 $2.26

CPC = Bid next

Bid3: $6

Bid2: $9

P(C)=0.1 $?

P(C)=0.1 $6.01


P(C) nextP(C) clicked

What is the Click Probability???


• Historical click performance of the ad

• Landing page quality• Relevance to the user• User click through

rates• …….




rates• …….

Today all this is known by the broker (ad network)




rates• …….

In a non-tracking advertising system, the broker knows nothing about the user!



• Landing page quality• …….• Relevance to the user• User click through

rates• …….

Known at broker(call it G)

Known at user(call it U)

Second price auction with broker and user components

• Ranking by revenue potential: – Assume that Click Probability = G x U

• Second-Price cost per click:

Non-tracking advertising revisited

• User profile at client

• Privacy goals at broker:– Anonymity: No user identifier tied to any user

profile attributes– Unlinkability: Individual user profile attributes

cannot be linked

Finally: Problem Statement

• Satisfy anonymity and unlinkability goals in a system that runs this auction:

• Where Bid and G are known at broker• And U is known at client

Basic Architecture

Two questions

• Where do we do the ranking?

• Where do we do the CPC computation?

Two questions

• Where do we do the ranking?

• Where do we do the CPC computation?

Do CPC at Broker: •Don’t want to reveal advertiser’s Bid•Fraud

Bid, G

U

party

3U Bid, G

Rank@Client

Rank@Broker

Rank@3rdParty

Three flavors of Non-Tracking auctions

Broker(Bid, G)

Client(U)

A - the ad ID,Value of (B × G),E[B,G],(+ targeting etc.)

Computes ranking: (B × G) × U

Broker(Bid, G)

Client(U)



Broker(Bid, G)

Client(U)

Ac - clicked ad ID((Bn × Gn) × Un / Uc)

E[Bc, Gc] Decrypts E[Bc, Gc]Computes CPC: ((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc

Time

Broker(Bid, G)

Client(U)

Decrypts E[Bc, Gc]Computes CPC: ((Bn × Gn) × Un / Uc) / Gc




Broker(Bid, G)

Client(U)

User information obscured by

hiding within this composite value






Broker(Bid, G)

Client(U)






Broker(Bid, G)

Client(U)




Bc and Gc may have changed

between ranking and CPC

calculation

All three auction designs introduce various system delays

• precompute and cache ranking• use out-of-date bid information• do not immediately reflect changes

in bids

Changes in bids constitute main source of churn

Advertisers constantly update their bids to•show ads in a preferred position•meet target number of impressions•respond to market changes

How detrimental are auction delays?

Broker perspective:•How much revenue is lost due to these delays?

Advertiser perspective:•How they affect advertisers’ rankings?

Bing’s Auction log

• 2TB of log data spanning 48 hours• 150M auctions with 18M ads• Trace record for an auction includes:

– All participating ads– Bids and quality scores – Whether ad was shown and clicked

Understanding effect of churn on revenue

Idea:•Simulate auctions with stale bid information•Compute auctions at time t using bids recorded at time t-x•Compare generated revenue to auctions with up-to-date bid information

We cannot predict changes in clicking behavior when rankings change

We simulate five click models

1. 100% same position2. 75% same position, 25% same ad3. 50%-50%4. 25% same position, 75% same ad5. 100% same ad

Bid staleness and change in revenue

Bid staleness and change in ranking

Computing U

So far, we assume we know user component of click probability

Hard to compute purely at client

Not enough history

Unlinkably gather click stats from clients, compute U, feed back to clients

Assume a set of factors X={x1, x2, …, xL}

Clients report {Ad-ID, X, click}

Level of interest in ad’s product/service

Targeting/user match quality

Webpage context

User’s historic CTR…….

Broker computes U = f(X), delivers f(X) along with ad

Problem if X={x1, x2, …, xL} fingerprints user

Possible mitigating factors:

Level of interest

Targeting match quality

Webpage context

User’s historic CTR

Many interests change, many interests don’t correlate that well

Different ads have different targeting

Can be course-grained

Can be course-grained

Future work

So far, designs appear practical, but:•Can we accurately compute user score U?

– And without violating privacy….

•Are there new forms of click fraud?

•Need experience in practice….

User Statistics

What kind of targeting works best?

Broker and advertiser want to know deep statistical information about users

Centralized systems have full knowledge

When should ads be shown?Are users interested in A also interested in B?How can conversion rates be improved?

How can Privad privately provide this information?

Differential Privacy

Differential Privacy adds noise to answers of DB queries

Normally modeled as a single trusted DB

Such that presence or absence of single DB element cannot be determined

DB

Query

True Answer

Add Noise

Noisy Answer

Trusted

Distributed Differential Privacy

DB

Query

(cleartext)

DealerDealerDB

DB

DB

Distributed Differential Privacy

DB

True Answers(encrypted)

DealerDealerDB

DB

DB

Noisy Answers(encrypted)

A couple URLs

adresearch.mpi-sws.org

trackingfree.org

• Backups, trust model

ICCCN 2010 81

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

Generate user profiles locally at the client

In other words, Adware!

Generate user profiles locally at the client

In other words, Adware!

Software AgentSoftware Agent

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

Anonymizes client-broker communications

Cannot eavesdrop

Helps with clickfraud

Anonymizes client-broker communications

Cannot eavesdrop

Helps with clickfraud

Broker

Publishers

Clients

Advertisers

SA

U

Client/broker messages:

Contain minimal info (no PII)

Cannot be linked to same client

Client/broker messages:

Contain minimal info (no PII)

Cannot be linked to same client

Dealer

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

Unlinkability and anonymity

Broker

Publishers Advertisers

Dealer

UntrustedBlack-box

U

SoftwareAgent

Reference Monitor

Trusted, open

Cleartext

Encrypted

Clients

SA

U

Browser sandbox

Broker

Publishers Advertisers

Dealer

Clients

SA

U

Honest but temptedHonest but tempted

“Pretty honest but very curious”

Doesn’t collude

Possibly malicious

UntrustedBlack-box

Reference Monitor

Trusted, open

Cleartext

Encrypted

Browser sandbox

U

SoftwareAgent

Honest but curious isn’t quite right

Privacy and threat models???

No formal privacy modelFormal models are too narrow and restrictive

We expect the broker to do “what it can get away with”, but cautiously

Plus we need to make privacy advocates comfortable

Clients

SA

U

DealerDealer and Software Agent are new components

How are they incentivized?

Clients

SA

U

Dealer Dealer:

Legally bound to follow protocols, not collude

Execute open-source software, open to inspection

Clients

SA

U

Dealer Client:

Various options:

Provide benefit: free software, content, …..

Like adware!

Bundle with browser or OS

• Local threats…

ICCCN 2010 92

Broker

Publishers

Clients

Advertisers

SA

U

Dealer Please suspend disbelief, imagine that we succeed……

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

A

Perfectly Private Advertising System

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

A


Ad

Ad targeted to:“Man” AND “Married” AND“Has girlfriend”Ad

Broker

Publishers

Clients

Advertisers

SA

U

Dealer

A


Click

Advertiser gets (very) personal information about users

ICCCN 2010 97

Honey, why are you getting ads

for sexy lingerie?

Privacy

Targeting

More

Less

Worse Better

Privad

???

paul francis (mpi-sws) ruichuan chen (mpi-sws) bin cheng (nec research)

Documents

current advertising

private auctions

ad space

multiple clicks

ad yat broker

client x

increased privacy

ad boxescoexisting