towards privacy‐friendly online · pdf filesearch email because ... – proof of...
TRANSCRIPT
TowardsPrivacy‐FriendlyOnlineAdver5sing
JulienFreudiger,NevenaVratonjic,andJean‐PierreHubauxMay2009,W2SP
Onlineadver5singisatcenterofInterneteconomy– Immediateandpersonalized
– EnablesBehavioraltarge5ng
InternetEconomy
2Source:Interac5veAdver5singBureauInternetAdver5singrevenuereport,2008
Benefits
• Forusers– Relevanceofads– Sponsoredservices
• Forwebsites– Generateprofitfromads– Newbusinessmodels
3
• Trackuserac5vi5esonline– Interests(visitedwebsites,searchterms)
– Conversa5ons(email)– Friends(socialnetworks)
• Privacyfootprint(KrishnamurthyandWills)
– 72%ofwebserversshareatleastoneadver5ser– 3third‐partydomainscontactedonaverageperaccessedwebsite
PrivacyConcerns
4
Privacy/traceabilityTrade‐off
5
Traceability
Privacy
0 1
1Trade‐off
Allowall
Blockall
Provideawaytocontrolamountofinforma8onshared
Outline
1. OnlineAdver5sing– PrivacyImplica5ons– Exis5ngSolu5ons
2. ProposedSolu5on– PrivacyfriendlyCookiemanagement– Usercentric
3. PreliminaryEvalua5on– FirefoxExtension
6
OnlineAdver5sing
7
u s1
s2
d1
HiddenserversD
UsersU
VisibleserversS
Associatedwebsites
u‐>s1: www.ny5mes.com u‐>s2: www.google.coms1‐>u: index.htmlu‐>d1: ads.com,TP‐cookied1‐>u: ads
s1‐>u: index.htmlu‐>d1: ads.com,TP‐cookied1‐>u: ads
B.KrishnamurthyandC.E.Wills.Genera5ngaprivacyfootprintontheInternet.IMC2006
Traceability
• TP‐Cookiesenable– Spa8altracking:Trackoverdifferentdomains
– Temporaltracking:Iden5fysubsequentvisits
• Referrerrevealsvisitedwebsite
• Exampleofdatacollectedbyadver5sers:– 10h00:www.ny5mes.com,cookie
– 10h02:www.ny5mes.com,cookie– 11h00:www.facebook.com/friends,cookie
8
Exis5ngSolu5ons
• Allornothing– Blockrequeststoadver5sers– BlockTP‐cookies– Allowall
• Sameoriginpolicy– “Onlytheserverthatsetsacookiecanaccessit”– Preventslossofdataconfiden5alityorintegrity– Buttoopermissivewithrespecttoonlinetracking
9
Outline
1. OnlineAdver5sing– PrivacyImplica5ons– Exis5ngSolu5ons
2. ProposedSolu5on– PrivacyfriendlyCookiemanagement– Usercentric
3. PreliminaryEvalua5on– FirefoxExtension
10
ProposedSolu5on
• Trade‐offprivacyandtraceability– Limitspa5alandtemporaltracking
– User‐centricsolu5on
• Definepoliciesforuseofcookies– Userprivacypreferences– Useradver5sementpreferences– Visitedwebsite
11
KeyIdea
• Maintainacollec5onofcookiesinparallel– Sentcookiedependsonthevisitedwebsiteandadver5ser
12
Domain Cookie
ads.com c1
Domain Website Cookie
ads.com ny5mes.com c1
ads.com google.com c2
KeyTechnique
• Toobtainanewcookie– Donotsendexis5ngcookiesinHTMLheader
– Serverassignsanewcookie
• Privacy‐Friendlycookiemanagement– Alternateamongcookiesincollec5on
13
Approach1
14
u s1
s2
d1
u‐>d1: ads.com,www.ny5mes.com,c1
u‐>d1: ads.com,www.ny5mes.com/technology,c1
u‐>d1: ads.com,www.google.com,c2
LimituseofTP‐cookiesperdomainUseforalimitednumberof8mes
becauseny5mes!=google
Approach2
15
LimituseofTP‐cookiesperwebsitecategoryandwithincategoriesUseforalimitednumberof8mes
• Categoriesdefinetypeofwebsite– ny5mes.com=>news– Readilyavailable(e.g.,Alexa)
• Spa5altrackingthresholdLs– Limitsspa5altrackingacrosswebsiteswithincategories
Approach2
16
u s1
s2
d1
u‐>d1: ads.com,www.swissinfo.ch,c1
u‐>d1: ads.com,www.ny5mes.com,c1
u‐>d1: ads.com,www.google.com,c3u‐>d1: ads.com,mail.google.com,c4
u‐>d1: ads.com,www.l.com,c2
s3
s4
Category
News
News
News
Search
Because3>LS
Becausesearch!=news
Becauseemail!=searchandemail!=news
Ls=2
Approach3
17
LimituseofTP‐cookiesbasedonURLsanduserpreferencesUseforalimitednumberof8mes
• URLs– Leakinforma5onthroughreferrer
– google.com/search?q=julien
• Preferencesonwebsitecategories– Privacy:Whatusersdonotwanttoshare– Adver5sing:Whatuserswanttoget
SenngupPreferences
18
Relyononlinesocialcommuni5es
GoogleAdpreferencemanager
Approach3
19
u‐>d1: ads.com,www.google.com,c1
u‐>d1: ads.com,www.google.com/search?q=computers,c1
u‐>d1: ads.com,www.facebook.com/search?q=nevena,c2
u‐>d1: ads.com,www.facebook.com,c1
URLs(w1)
UserPrivacyPref.(w2)
0.1 0
0.9 0
0.1 1
1 1
!
bi!H(B)
w1(bi) · w2(bi) < Ls
Because0.1+1>Ls
Ls=1
Outline
1. OnlineAdver5sing– PrivacyImplica5ons– Exis5ngSolu5ons
2. ProposedSolu5on– PrivacyfriendlyCookiemanagement– Usercentric
3. PreliminaryEvalua5on– FirefoxExtension
20
Implementa5on
• Firefoxextension:PrivaCookie– Proofofconceptcode– Getitonhpp://icapeople.epfl.ch/freudiger
• TPcookiedetec5on– Compareorigina5ngURLwithcurrentURL
• Localcookietable– Linkcookieswithhiddenserverthatcauseditsassignmentandvisibleserverhos5ngads
– (Cookie,visibleserver,hiddenserver)
21
Study
• Chose10pagesfromeachofthetop20domains
• Firefoxextensionpagestats– Runsbrowserinbatchmodewithlistofwebsites– Atotalof200pages
22
Numberofhiddenserversforeachofthetop20domains
23
Numberofvisibleserversforeachhiddenserver
24
PrivaCookie
HiddenServer
VisibleServersYahoo Ebay AOL IMDB Orkut Msn Myspace HI5 Blogspot Rapidshare
doubleclick
quantaserve
atmdt
adver5sing
yieldmanager
25
Top10associatedvisibleserversconnectedwiththemostpopularadver5sers
Extensioncaused81addi5onalcookiesassignments
c1 c1,1 c1 c1,2 c1 c1,3 c1 c1,4 c1 c1,5 c1 c1,6 c1 c1,7 c1 c1,8
TrackingCountermeasures
• TrackbasedonIP- Anonymizer/Tor
• Trackwith– Cachecookies– Browserhistory– Plugins(e.g.,Flashcookies)– Proposedpoliciesalsoapplytothosecases
• Coopera5vetracking?26
Conclusion
• Weproposeasolu5onfortrading‐offprivacy&traceability– Protectsuserprivacy– Allowsfortargetedonlineadver5sing– Nochangesrequiredfromadver5sers– Putsusersincontrol
• Keyidea:Maintainsacollec5onofcookiesinparallel• FutureWork:– Implementapproach2&3– ImplementJavascriptsupport– Considerotherparametersinapproach3
27
URLWeight
• ParseURLforn‐grams– “search”– “id”– “username”
• Canbedoneautoma5callybeforevisi5ngURL
28