Faculty Recruiting Support CICS

Fall Security Speaker Series

24 Sep
Tuesday, 09/24/2019 2:30pm to 3:30pm
Computer Science Building, Room 151
Special Event
Speaker: Ahmad Bashi

On the Privacy Implications of Real Time Bidding

The massive growth of online advertising has created a need for commensurate amounts of user tracking. Advertising companies track online users extensively to serve them targeted advertisements. On the surface, this seems like a simple process: a tracker places a unique cookie in the user's browser, repeatedly observes the same cookie as the user surfs the web, and finally uses the accrued data to select targeted ads. However, the reality is much more complex. The rise of Real Time Bidding (RTB) has forced Advertising and Analytics (A&A) companies to collaborate more closely with each other via cookie matching. Because of RTB, tracking data is not just observed by trackers embedded directly into web pages, but rather it is funneled through the advertising ecosystem through complex networks of exchanges and auctions.

In this talk, I will briefly go over a content-agnostic methodology that is able to detect client- and server-side information flows between arbitrary ad exchanges using retargeted ads. Intuitively, this methodology works because it relies on the semantics of how exchanges serve ads, rather than focusing on specific cookie matching mechanisms. This methodology can successfully categorize four different kinds of information sharing behavior between ad exchanges, including cases where existing heuristic methods fail.

Then, using this data, I will introduce a novel graph representation, called an Inclusion graph, to model the impact of RTB on the diffusion of user tracking data in the advertising ecosystem. Through simulations on the Inclusion graph, we provide upper and lower estimates on the tracking information observed by A&A companies. We also evaluate the effectiveness of blocking strategies (e.g., AdBlock Plus), and find that major A&A companies still observe 40-90% of user impressions, depending on the blocking strategy.

Bio:  Ahmad is a postdoctoral researcher at ICSI, Berkeley. Ahmad recently completed his PhD from Northeastern University, where he was a member of the Security & Privacy group. His research focuses on understanding the online advertising ecosystem with an emphasis on privacy implications for end users.

Ahmad's work has appeared in top security and privacy venues like Usenix Security and PETS, and he recently won the best student paper award at the Future of Privacy forum.  webpage:

Faculty Host