Online advertising: Analysis of privacy threats and protection approaches

Online advertising, the pillar of the free content on the Web, has revolutionized the marketing business in recent years by creating a myriad of new opportunities for advertisers to reach potential customers. The current advertising model builds upon an intricate infrastructure composed of a variety of intermediary entities and technologies whose main aim is to deliver personalized ads. For this purpose, a wealth of user data is collected, aggregated, processed and traded behind the scenes at an unprecedented rate. Despite the enormous value of online advertising, however, the intrusiveness and ubiquity of these practices prompt serious privacy concerns. This article surveys the online advertising infrastructure and its supporting technologies, and presents a thorough overview of the underlying privacy risks and the solutions that may mitigate them. We first analyze the threats and potential privacy attackers in this scenario of online advertising. In particular, we examine the main components of the advertising infrastructure in terms of tracking capabilities, data collection, aggregation level and privacy risk, and overview the tracking and data-sharing technologies employed by these components. Then, we conduct a comprehensive survey of the most relevant privacy mechanisms, and classify and compare them on the basis of their privacy guarantees and impact on the Web.

[1]  Saikat Guha,et al.  Privad: Practical Privacy in Online Advertising , 2011, NSDI.

[2]  Claude Castelluccia,et al.  Selling Off Privacy at Auction , 2014, NDSS 2014.

[3]  Lorrie Faith Cranor,et al.  Americans' attitudes about internet behavioral advertising practices , 2010, WPES '10.

[4]  Jens Grossklags,et al.  Ad-blocking Games: Monetizing Online Content Under the Threat of Ad Avoidance , 2012, WEIS.

[5]  Vijay Erramilli,et al.  Your browsing behavior for a big mac: economics of personal information online , 2011, WWW.

[6]  Yang Wang,et al.  Smart, useful, scary, creepy: perceptions of online behavioral advertising , 2012, SOUPS.

[7]  Ahmad A. Kardan,et al.  Targeted advertisement in social networks using recommender systems , 2013, 7th International Conference on e-Commerce in Developing Countries:with focus on e-Security.

[8]  Des Laffey,et al.  Paid search: The innovation that changed the Web , 2007 .

[9]  Sergei Vassilvitskii,et al.  To Match or Not to Match , 2015, ACM Trans. Economics and Comput..

[10]  David S. Evans The Online Advertising Industry: Economics, Evolution, and Privacy , 2009 .

[11]  J. Turow,et al.  Americans Reject Tailored Advertising and Three Activities that Enable It , 2009 .

[12]  Jordi Forné,et al.  Measuring the privacy of user profiles in personalized information systems , 2014, Future Gener. Comput. Syst..

[13]  Yang Wang,et al.  Why Johnny can't opt out: a usability evaluation of tools to limit online behavioral advertising , 2012, CHI.

[14]  Catherine Tucker,et al.  Social Networks, Personalized Advertising, and Privacy Controls , 2013 .

[15]  Alexandre de Cornière,et al.  Search Advertising , 2013, Encyclopedia of Database Systems.

[16]  Supercomputing Applications SURVEY OF INTERNET USERS’ ATTITUDES TOWARD INTERNET ADVERTISING , 1999 .

[17]  F. Martínez-López,et al.  Online Advertising Intrusiveness and Consumers’ Avoidance Behaviors , 2014 .

[18]  Mike Smith Targeted : How Technology is Revolutionizing Advertising and the Way Companies Reach Consumers Ed. 1 , 2014 .

[19]  Curtis R. Taylor,et al.  Consumer Privacy in Oligopolistic Markets: Winners, Losers, and Welfare , 2014 .

[20]  Claude Castelluccia,et al.  To bid or not to bid? Measuring the value of privacy in RTB , 2014 .

[21]  Michael Schudson Advertising, The Uneasy Persuasion (RLE Advertising) : Its Dubious Impact on American Society , 2013 .

[22]  Catherine Dwyer,et al.  Behavioral Targeting: A Case Study of Consumer Tracking on Levis.com , 2009, AMCIS.

[23]  Claude Castelluccia,et al.  MyTrackingChoices: Pacifying the Ad-Block War by Enforcing User Privacy Preferences , 2016, ArXiv.

[24]  David Lyon,et al.  Surveillance as Social Sorting : Privacy, Risk and Automated Discrimination , 2005 .

[25]  Helen Nissenbaum,et al.  Trackmenot: Resisting Surveillance in Web Search , 2015 .

[26]  David Wetherall,et al.  ShareMeNot: Balancing Privacy and Functionality of Third-Party Social Widgets , 2012, login Usenix Mag..

[27]  Ian R. Kerr,et al.  Lessons from the Identity Trail: Anonymity, Privacy and Identity in a Networked Society , 2009 .

[28]  Arvind Narayanan,et al.  Online Tracking: A 1-million-site Measurement and Analysis , 2016, CCS.

[29]  Karen Nelson-Field,et al.  The impact of media fragmentation on audience targeting: An empirical generalisation approach , 2011 .

[30]  D. Bergemann,et al.  Selling Cookies , 2013 .

[31]  Thomas R. Troland Mike Smith: Targeted: How Technology is Revolutionizing Advertising and the Way Companies Reach Consumers , 2015 .

[32]  Arvind Narayanan,et al.  The Web Never Forgets: Persistent Tracking Mechanisms in the Wild , 2014, CCS.

[33]  Avi Goldfarb,et al.  Privacy Regulation and Online Advertising , 2010, Manag. Sci..

[34]  M. Schudson,et al.  Advertising the uneasy persuasion: its dubious impact on American society , 1993 .

[35]  Matt Fredrikson,et al.  RePriv: Re-Envisioning In-Browser Privacy , 2011 .

[36]  Sandeep Pandey,et al.  Learning to target: what works for behavioral targeting , 2011, CIKM '11.

[37]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning , 2011 .

[38]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[39]  Christo Wilson,et al.  Tracing Information Flows Between Ad Exchanges Using Retargeted Ads , 2018, USENIX Security Symposium.

[40]  Curtis R. Taylor,et al.  The Economics of Privacy , 2016 .

[41]  Jun Wang,et al.  Internet Advertising: An Interplay among Advertisers, Online Publishers, Ad Exchanges and Web Users , 2012, ArXiv.

[42]  Mark S. Ackerman,et al.  Privacy in e-commerce: examining user scenarios and privacy preferences , 1999, EC '99.

[43]  Chris Jay Hoofnagle,et al.  Flash Cookies and Privacy , 2009, AAAI Spring Symposium: Intelligent Information Privacy Management.

[44]  Lorrie Faith Cranor,et al.  A Survey of the Use of Adobe Flash Local Shared Objects to Respawn HTTP Cookies , 2011 .

[45]  Latanya Sweeney,et al.  Discrimination in online ad delivery , 2013, CACM.

[46]  Jun Wang,et al.  Real-time bidding for online advertising: measurement and analysis , 2013, ADKDD '13.

[47]  Aniket Kate,et al.  ObliviAd: Provably Secure and Practical Online Behavioral Advertising , 2012, 2012 IEEE Symposium on Security and Privacy.

[48]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[49]  Ramesh Govindan,et al.  AdReveal: improving transparency into online targeted advertising , 2013, HotNets.

[50]  John C. Mitchell,et al.  Third-Party Web Tracking: Policy and Technology , 2012, 2012 IEEE Symposium on Security and Privacy.

[51]  Edward W. Felten,et al.  Cookies That Give You Away: The Surveillance Implications of Web Tracking , 2015, WWW.

[52]  Claude Castelluccia,et al.  MyAdChoices: Bringing Transparency and Control to Online Advertising , 2016, ACM Trans. Web.

[53]  H. Beales,et al.  The Value of Behavioral Targeting , 2010 .

[54]  Wen Zhang,et al.  How much can behavioral targeting help online advertising? , 2009, WWW '09.

[55]  David Wetherall,et al.  Detecting and Defending Against Third-Party Tracking on the Web , 2012, NSDI.

[56]  V. N. Venkatakrishnan,et al.  AdJail: Practical Enforcement of Confidentiality and Integrity Policies on Web Advertisements , 2010, USENIX Security Symposium.

[57]  Roxana Geambasu,et al.  XRay: Enhancing the Web's Transparency with Differential Correlation , 2014, USENIX Security Symposium.

[58]  Helen Nissenbaum,et al.  Adnostic: Privacy Preserving Targeted Advertising , 2010, NDSS.

[59]  Nisheeth Shrivastava,et al.  Do not embarrass: re-examining user concerns for online tracking and advertising , 2013, SOUPS.