Inferring Tracker-Advertiser Relationships in the Online Advertising Ecosystem using Header Bidding

Online advertising relies on trackers and data brokers to show targeted ads to users. To improve targeting, different entities in the intricately interwoven online advertising and tracking ecosystems are incentivized to share information with each other through client-side or server-side mechanisms. Inferring data sharing between entities, especially when it happens at the server-side, is an important and challenging research problem. In this paper, we introduce KASHF: a novel method to infer data sharing relationships between advertisers and trackers by studying how an advertiser's bidding behavior changes as we manipulate the presence of trackers. We operationalize this insight by training an interpretable machine learning model that uses the presence of trackers as features to predict the bidding behavior of an advertiser. By analyzing the machine learning model, we are able to infer relationships between advertisers and trackers irrespective of whether data sharing occurs at the client-side or the server-side. We are also able to identify several server-side data sharing relationships that are validated externally but are not detected by client-side cookie syncing.

[1]  Narseo Vallina-Rodriguez,et al.  Apps, Trackers, Privacy, and Regulators: A Global Study of the Mobile Tracking Ecosystem , 2018, NDSS.

[2]  Jordi Forné,et al.  On the regulation of personal data distribution in online advertising platforms , 2019, Eng. Appl. Artif. Intell..

[3]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[4]  Pablo Rodriguez,et al.  If you are not paying for it, you are the product: how much do advertisers pay to reach you? , 2017, Internet Measurement Conference.

[5]  George Danezis,et al.  A study on the value of location privacy , 2006, WPES '06.

[6]  Rubén Cuevas Rumín,et al.  FDVT: Data Valuation Tool for Facebook Users , 2017, CHI.

[7]  Alessandro Acquisti,et al.  When 25 Cents is Too Much: An Experiment on Willingness-To-Sell and Willingness-To-Protect Personal Information , 2007, WEIS.

[8]  Arnaud Legout,et al.  Missed by Filter Lists: Detecting Unknown Third-Party Trackers with Invisible Pixels , 2020, Proc. Priv. Enhancing Technol..

[9]  Evangelos P. Markatos,et al.  The Cost of Digital Advertisement: Comparing User and Advertiser Views , 2018, WWW.

[10]  I. Campbell Chi‐squared and Fisher–Irwin tests of two‐by‐two tables with small sample recommendations , 2007, Statistics in medicine.

[11]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.

[12]  George Danezis,et al.  How Much Is Location Privacy Worth? , 2005, WEIS.

[13]  Minas Gjoka,et al.  AntMonitor: A System for Monitoring from Mobile Devices , 2015, C2BD@SIGCOMM.

[14]  Wenyu Dou,et al.  Will Internet Users Pay for Online Content? , 2004, Journal of Advertising Research.

[15]  Basic Attention Token ( BAT ) Blockchain Based Digital Advertising Brave Software May , 2022 .

[16]  Jack Shih-Chieh Hsu,et al.  CUSTOMER WILLINGNESS TO PAY FOR ONLINE MUSIC: THE ROLE OF FREE MENTALITY , 2013 .

[17]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[18]  Aaron Alva,et al.  Cross-Device Tracking: Measurement and Disclosures , 2017, Proc. Priv. Enhancing Technol..

[19]  Tadayoshi Kohno,et al.  Internet Jones and the Raiders of the Lost Trackers: An Archaeological Study of Web Tracking from 1996 to 2016 , 2016, USENIX Security Symposium.

[20]  Christo Wilson,et al.  Diffusion of User Tracking Data in the Online Advertising Ecosystem , 2018, Proc. Priv. Enhancing Technol..

[21]  Konstantina Papagiannaki,et al.  Like a Pack of Wolves: Community Structure of Web Trackers , 2016, PAM.

[22]  Roksana Boreli,et al.  Information leakage through mobile analytics services , 2014, HotMobile.

[23]  michel Is your pregnancy app sharing your intimate data with your boss ? - e-traces , 2019 .

[24]  Steven M. Bellovin,et al.  A Privacy Analysis of Cross-device Tracking , 2017, USENIX Security Symposium.

[25]  Y. Zhang,et al.  TO FEE-BASED ONLINE SERVICES : WHAT MAKES CONSUMER PAY FOR ONLINE CONTENT ? , 2005 .

[26]  Evangelos P. Markatos,et al.  Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask , 2018, WWW.

[27]  Edgar R. Weippl,et al.  Block Me If You Can: A Large-Scale Study of Tracker-Blocking Tools , 2017, 2017 IEEE European Symposium on Security and Privacy (EuroS&P).

[28]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[29]  Erik Derr,et al.  Reliable Third-Party Library Detection in Android and its Security Applications , 2016, CCS.

[30]  Eytan Adar,et al.  Valuating Privacy , 2005, WEIS.

[31]  Christo Wilson,et al.  Tracing Information Flows Between Ad Exchanges Using Retargeted Ads , 2018, USENIX Security Symposium.

[32]  Narseo Vallina-Rodriguez,et al.  "Is Our Children's Apps Learning?" Automatically Detecting COPPA Violations , 2017 .

[33]  Claude Castelluccia,et al.  Selling Off Privacy at Auction , 2014, NDSS 2014.

[34]  Narseo Vallina-Rodriguez,et al.  Breaking for commercials: characterizing mobile advertising , 2012, Internet Measurement Conference.

[35]  J. Murphy The General Data Protection Regulation (GDPR) , 2018, Irish medical journal.

[36]  Vijay Erramilli,et al.  Your browsing behavior for a big mac: economics of personal information online , 2011, WWW.

[37]  Evangelos P. Markatos,et al.  No More Chasing Waterfalls: A Measurement Study of the Header Bidding Ad-Ecosystem , 2019, Internet Measurement Conference.

[38]  Narseo Vallina-Rodriguez,et al.  Tracking the Trackers: Towards Understanding the Mobile Advertising and Tracking Ecosystem , 2016, ArXiv.

[39]  Michael E. Lesk,et al.  Micropayments: An idea whose time has passed twice? , 2004, IEEE Security & Privacy Magazine.

[40]  G. Loewenstein,et al.  What Is Privacy Worth? , 2013, The Journal of Legal Studies.