PRIVAD: Practical Privacy in ONLINE ADVERTISING
Download
Report
Transcript PRIVAD: Practical Privacy in ONLINE ADVERTISING
PRIVAD: PRACTICAL PRIVACY
IN ONLINE ADVERTISING
Offense: Arindam Paul
An “Utopian” Assumption
“Our design assumes that privacy advocates will be
hard to win over, and therefore favors privacy concerns
over business concerns”
We
are talking about advertisement
This has got to do everything with business
Nothing which affects profitability of the big players is
going to work in the real world
Why would the brokers (e.g. Google) even agree to
be bound to such a model ?
What they themselves say?
“Entrenched players like Google have strong
incentives, lobbying power and the capital needed
to maintain the status quo”
“Powerful ISPs successfully resisted new regulations
threatening their business model”
So,
why now they would be ready now ?
Third Parties
None of the models which have suggested usage of a
3rd party has worked in real life.
“For
sale: Your Data, By: You” by Riederer et.al
This paper
How to arrange for trusted/untrusted 3rd parties is an
unsolved problem in the Internet community
Reasons
Greed
cited:
(business sense), politics, etc.
Significant change from current model
Adding two extra redirections in an already
complex model (Publisher, Broker, Advertiser)
Dealer
Monitor
(at Client)
Dealer
Run by “untrusted third party organizations”
Paper states cost of dealer will be met by
“privacy
advocates” ???
No such instance of funding found even in “more”
privacy aware EU
Monitor at Client
No real incentive
For
testing, MSR paid money for installing
Depended on “forgetfulness” of these paid users to
collect data
BETTER & SIMPLER ALTERNATIVES
What Privacy Advocates say?
Softer requirements of “Privacy Advocates”
“Individuals
be able to control their personal information”
“Hold accountable organizations responsible”
Much easily possible by simple browser extensions
and “Opt Out” features
Ad Block Plus
Gives option of removing ads altogether
“Privad is not aimed for users that disable ads
altogether”
Ad Block Plus also allows option of keeping of relevant
ads
Present well before 2011
Do Not Track
Other Extensions
Some Internet and software development firms have
created individual browser extensions that permit
users to opt out of tracking cookies from a wide
range of advertising networks.
Targeted
Advertising Cookie Opt-Out (TACO) helps
Internet users avoid and remove tracking cookies from
27 advertising networks.
SERIOUS LIMITATIONS
CLICK-FRAUD
Per
User Thresholds
Blacklist
Honeyfarms
Historical Statistics
Premium Clicks
Bait Ads
“Overall these mechanisms have effect of more-orless putting Privad back on an even footing with
current ad networks as far as click-fraud”
CLICK FRAUD AND DEPLOYMENT
No mention of click-fraud detection success in the
evaluation
If this is so successful, why not any measurement
results ?
Ads at localhost
Does Google or well-known brokers not better at
understanding user profiles and giving ads ?
Tries to mimic the broker algorithms ???
They suggest a “simple” broker model
Doubt
Google would like or trust these “Ads”
Most of their money is driven by
personalized/contextual ads
Malware
“Malware today can learn anything. The client is able to
learn, and so not protecting against this threat does not
qualitatively change anything.”
???
Malware
gets ready-made profiled data
No need to monitor over time to build data
Actually, this gives an incentive to un-trusted
organizations to steal and then sell private data
Google
The
or XYZ ?
assumption of “honest but curious” no longer holds for XYZ
Practicality and Novelty
“Privad scales to present-day needs”
No testing on mobile users ???
“During 12 months deployment, we have not received any
negative feedback”
Battery usage
7 days contract ???
General lack of Novelty
Very similar to previous Hotnets Paper
No real addition
Still only pilot testing
No mention of any revenue model
“After the click happens”
“Privad gives unscrupulous advertisers more
information than they get today”
Will
the “privacy-advocates” not say anything now?
No clear mention of CPI, CPC and CPA
Almost
every ad paper has these terms
What the research community say ?
First author in his next paper: “Need to adequately
explore how to operate the auctions that are critical
to current advertising systems. Without this
component, these systems leave unanswered what
revenue the broker (i.e. an ad network like Google)
can earn, thereby reducing the likelihood that a nontracking advertising system will be of commercial
interest.”
What the research community say ?
“These proposals require a shift in the paradigm of
online advertising, where the ad brokers relinquish the
control of the way profiling and matching is
performed and rely on a weaker client-side model of
the user, which seems unlikely in the near-term.”Korolova A., Journal of Privacy and Confidentiality
“Privad can not trust ad-networks and anonymizes
every piece of information sent by the client. This
anonymization impacts performance and makes clickfraud harder to detect.”-Toubiana et. Al (Adnostic)
THANK YOU