Privacy Analysis of the Privad ∗ Privacy-preserving Advertising System

Online advertising is a major economic force in the Internet today. The revenue from well-targeted ad placemen t underlies the lucrative business models of many online serv ices including search, email, and social networks. The centrali zed nature of these online services, however, results in substa ntial privacy leakage for users. This paper analyzes the privacy a nd click-fraud defense properties of Privad, a practical privacypreserving online advertising system. Privad preserves pr ivacy by maintaining user profiles on the user’s computer instead o f in the cloud, minimizing information released to the ad network, and tightly controlling what various participants may lear n. An anonymizing proxy hides the network address of the client, while encryption prevents the proxy from viewing client messages . The security analysis presented in this paper covers all asp ects of a practical and deployable system, including profiling, ad dissemination, auctions, click fraud, view and click reporting, and click anonymization. We argue that, while Privad’s security is not bulletproof, it substantially improves on the status quo, and represents a legitimate alternative to today’s central ized ad networks.