Paul Francis (MPI-SWS) - PowerPoint PPT Presentation

1 / 98
About This Presentation
Title:

Paul Francis (MPI-SWS)

Description:

Title: PowerPoint Presentation Author: Paul Francis Last modified by: Paul Francis Created Date: 1/1/1601 12:00:00 AM Document presentation format – PowerPoint PPT presentation

Number of Views:162
Avg rating:3.0/5.0
Slides: 99
Provided by: PaulF183
Category:
Tags: mpi | sws | dealer | francis | meet | paul

less

Transcript and Presenter's Notes

Title: Paul Francis (MPI-SWS)


1
Privad Overview and Private Auctions
Paul Francis (MPI-SWS) Ruichuan Chen
(MPI-SWS) Bin Cheng (NEC Research) Alexey
Reznichenko (MPI-SWS) Saikat Guha (MSR India)
2
(No Transcript)
3
Can we replace current advertising systems with
one that is private enough, and targets at least
as well?
4
Can we replace current advertising systems with
one that is private enough, and targets at least
as well?
  • Follows todays business model
  • Advertisers bid for ad space, pay for clicks
  • Publishers provide ad space, get paid for clicks
  • Deal with click fraud
  • Scales adequately

5
Can we replace current advertising systems with
one that is private enough , and targets at least
as well?
  • Most users dont care about privacy
  • But privacy advocates do, and so do governments
  • Privacy advocates need to be convinced

6
Can we replace current advertising systems with
one that is private enough , and targets at least
as well?
  • Our approach
  • As private as possible
  • While still satisfying other goals
  • Hope that this is good enough

7
Can we replace current advertising systems with
one that is private enough, and targets at least
as well?
A principle Increased privacy begets better
targeting
8
Todays advertising model (simplified)
Trackers
Advertisers
Publishers
9
Trackers
Advertisers
Publishers
Trackers track users Compile user profile
10
Trackers
Publishers
Trackers may share profiles with advertisers?
11
Trackers
Publishers
Client gets webpage with adbox
12
Trackers
Publishers
Client tells broker of page
13
Trackers
Publishers
Broker launches auction (for given user visiting
given webpage .) Also does clickfraud etc.
14
Trackers
Publishers
(alternatively the publisher could have launched
the auction)
15
Trackers
Publishers
Advertisers present bids and ads
16
Trackers
Publishers
Broker picks winners, delivers ads
17
Trackers
Publishers
User waits for this exchange
18
Trackers
Publishers
Various reporting of results . . . .
19
Dealer
SA
Privad Basic Architecture
Clients
20
Dealer
Learn interest in tennis shoes
SA
Clients
21
Anonymous request for tennis shoes
Dealer
SA
Clients
22
Dealer
Relevant and non-relevant ads stored locally
SA
Clients
23
Chan Interest, Region, Language Ad AdID,
AdvID, Content, Targeting, . . . .
Key K unique to this request
Dealer knows Client requests some channel
Broker knows some Client requests this channel
Dealer cannot link requests
24
Dealer
Webpage with adbox
SA
Clients
25
Ad is delivered locally Minimal delay May or
may not be related to page context
Dealer
SA
Clients
26
View or click is reported to Broker via Dealer
Dealer
SA
Clients
27
Report AdID, PubID, EvType
Dealer learns client X clicked on some ad
Broker learns some client clicked on ad Y
At Broker, multiple clicks from same client
appear as clicks from multiple clients
28
List of sus-pected rids
rid Report ID
Unique for every report
Used to (indirectly) inform Dealer of suspected
attacking Clients
Dealer remembers rid?Client mappings
Client with many reported rids is suspect
29
Many interesting challenges
Click fraud and auction fraud 2nd-price,
pay-per-click auction How to do
profiling Protecting user from malicious
advertisers .and still have good
targeting Gathering usage statistics and
correlations Accommodating multiple clients
Dynamic bidding for ad boxes Co-existing with
todays systems
30
Many interesting challenges
Click fraud and auction fraud 2nd-price,
pay-per-click auction How to do
profiling Protecting user from malicious
advertisers .and still have good
targeting Gathering usage statistics and
correlations Accommodating multiple clients
Dynamic bidding for ad boxes Co-existing with
todays systems
31
Advertising auctions today
  • Almost all auctions are second price
  • Most auctions are Pay Per Click (PPC)

32
Bid3 6
Bid1 2
Bid2 7
Bid2 3
Bid1 5
Bid3 1
Bid3 4
33
Second Price Auction
Bid2 7
Bid3 6
Bid1 5
  • Winner pays bidd of next ranked bidder
  • Bidders can safely bid maximum from the start

34
Second Price Auction
Maximum bid
Bid2 7 (9)
Bid3 6 (6)
Bid1 5 (5)
  • Winner pays bidd of next ranked bidder
  • Bidders can safely bid maximum from the start

35
Second Price Auction
  • Bidder 2 is 1st ranked
  • Pays 616.01
  • Bidder 3 is 2nd ranked
  • Pays 515.01

Bid2 (9)
Bid3 (6)
Bid1 (5)
36
What about PPC (pay per click)?
Click Probabilities
P(C)0.1
Bid2 9
P(C)0.1
Bid3 6
P(C)0.4
Bid1 5
37
What about PPC (pay per click)?
P(C)0.1 0.9
Bid2 9
P(C)0.1 0.6
Bid3 6
P(C)0.4 2.0
Bid1 5
Expected Revenue
Expected Revenue Bid X Click Probability
38
What about PPC (pay per click)?
Ad Rank Bid X Click Probability
39
What does bidder 1 pay???
40
What does bidder 1 pay???
Certainly not 919.01
41
Google Second Price Auction
P(C)0.4
Bid1 5
Bid2 9
P(C)0.1
Bid3 6
P(C)0.1
Ad Rank Bid X Click Probability
P(C) next
CPC Bid next
P(C) clicked
42
Google Second Price Auction
P(C)0.4 2.26
Bid1 5
Bid2 9
P(C)0.1 6.01
Bid3 6
P(C)0.1 ?
Ad Rank Bid X Click Probability
P(C) next
CPC Bid next
P(C) clicked
43
What is the Click Probability???
44
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • Relevance to the user
  • User click through rates
  • .

45
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • Relevance to the user
  • User click through rates
  • .

Today all this is known by the broker (ad
network)
46
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • Relevance to the user
  • User click through rates
  • .

In a non-tracking advertising system, the broker
knows nothing about the user!
47
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • .
  • Relevance to the user
  • User click through rates
  • .

Known at broker (call it G)
Known at user (call it U)
48
Second price auction with broker and user
components
  • Ranking by revenue potential
  • Assume that Click Probability G x U
  • Second-Price cost per click

49
Non-tracking advertising revisited
  • User profile at client
  • Privacy goals at broker
  • Anonymity No user identifier tied to any user
    profile attributes
  • Unlinkability Individual user profile
    attributes cannot be linked

50
Finally Problem Statement
  • Satisfy anonymity and unlinkability goals in a
    system that runs this auction
  • Where Bid and G are known at broker
  • And U is known at client

51
Basic Architecture
52
Two questions
  • Where do we do the ranking?
  • Where do we do the CPC computation?

53
Two questions
  • Do CPC at Broker
  • Dont want to reveal advertisers Bid
  • Fraud
  • Where do we do the ranking?
  • Where do we do the CPC computation?

54
Three flavors of Non-Tracking auctions
Broker (Bid, G)
Client (U)
Rank_at_Client
Bid, G
Rank_at_Broker
U
3
Bid, G
U
Rank_at_3rdParty
party
55
Three flavors of Non-Tracking auctions
Broker (Bid, G)
Client (U)
Rank_at_Client
Bid, G
Rank_at_Broker
U
3
Bid, G
U
Rank_at_3rdParty
party
56
Broker (Bid, G)
Client (U)
A - the ad ID, Value of (B G), EB,G, (
targeting etc.)
Computes ranking (B G) U
57
Broker (Bid, G)
Client (U)
A - the ad ID, Value of (B G), EB,G, (
targeting etc.)
Computes ranking (B G) U
58
Broker (Bid, G)
Client (U)
A - the ad ID, Value of (B G), EB,G, (
targeting etc.)
Computes ranking (B G) U
Time
Ac - clicked ad ID ((Bn Gn) Un / Uc) EBc,
Gc
Decrypts EBc, Gc Computes CPC ((Bn Gn)
Un / Uc) / Gc Checks that CPC Bc
59
Broker (Bid, G)
Client (U)
Decrypts EBc, Gc Computes CPC ((Bn Gn)
Un / Uc) / Gc Checks that CPC Bc
60
Broker (Bid, G)
Client (U)
User information obscured by hiding within this
composite value
A - the ad ID, Value of (B G), EB,G, (
targeting etc.)
Computes ranking (B G) U
Ac - clicked ad ID ((Bn Gn) Un / Uc) EBc,
Gc
Decrypts EBc, Gc Computes CPC ((Bn Gn)
Un / Uc) / Gc Checks that CPC Bc
61
Broker (Bid, G)
Client (U)
A - the ad ID, Value of (B G), EB,G, (
targeting etc.)
Computes ranking (B G) U
Ac - clicked ad ID ((Bn Gn) Un / Uc) EBc,
Gc
Decrypts EBc, Gc Computes CPC ((Bn Gn)
Un / Uc) / Gc Checks that CPC Bc
62
Broker (Bid, G)
Client (U)
Bc and Gc may have changed between ranking and
CPC calculation
A - the ad ID, Value of (B G), EB,G, (
targeting etc.)
Computes ranking (B G) U
Ac - clicked ad ID ((Bn Gn) Un / Uc) EBc,
Gc
Decrypts EBc, Gc Computes CPC ((Bn Gn)
Un / Uc) / Gc Checks that CPC Bc
63
All three auction designs introduce various
system delays
  • precompute and cache ranking
  • use out-of-date bid information
  • do not immediately reflect changes in bids

64
Changes in bids constitute main source of churn
  • Advertisers constantly update their bids to
  • show ads in a preferred position
  • meet target number of impressions
  • respond to market changes

65
How detrimental are auction delays?
  • Broker perspective
  • How much revenue is lost due to these delays?
  • Advertiser perspective
  • How they affect advertisers rankings?

66
Bings Auction log
  • 2TB of log data spanning 48 hours
  • 150M auctions with 18M ads
  • Trace record for an auction includes
  • All participating ads
  • Bids and quality scores
  • Whether ad was shown and clicked

67
Understanding effect of churn on revenue
  • Idea
  • Simulate auctions with stale bid information
  • Compute auctions at time t using bids recorded at
    time t-x
  • Compare generated revenue to auctions with
    up-to-date bid information

68
We cannot predict changes in clicking behavior
when rankings change
69
We simulate five click models
  1. 100 same position
  2. 75 same position, 25 same ad
  3. 50-50
  4. 25 same position, 75 same ad
  5. 100 same ad

70
Bid staleness and change in revenue
71
Bid staleness and change in ranking
72
Computing U
So far, we assume we know user component of click
probability
Hard to compute purely at client
Not enough history
Unlinkably gather click stats from clients,
compute U, feed back to clients
73
Assume a set of factors Xx1, x2, , xL
Level of interest in ads product/service
Targeting/user match quality
Webpage context
Users historic CTR
.
Clients report Ad-ID, X, click
Broker computes U f(X), delivers f(X) along
with ad
74
Problem if Xx1, x2, , xL fingerprints user
Possible mitigating factors
Level of interest
Many interests change, many interests dont
correlate that well
Targeting match quality
Different ads have different targeting
Webpage context
Can be course-grained
Users historic CTR
Can be course-grained
75
Future work
  • So far, designs appear practical, but
  • Can we accurately compute user score U?
  • And without violating privacy.
  • Are there new forms of click fraud?
  • Need experience in practice.

76
User Statistics
Broker and advertiser want to know deep
statistical information about users
What kind of targeting works best?
When should ads be shown?
Are users interested in A also interested in B?
How can conversion rates be improved?
Centralized systems have full knowledge
How can Privad privately provide this information?
77
Differential Privacy
Differential Privacy adds noise to answers of DB
queries
Such that presence or absence of single DB
element cannot be determined
Normally modeled as a single trusted DB
Query
True Answer
DB
Noisy Answer
Add Noise
Trusted
78
Distributed Differential Privacy
Dealer
Query
(cleartext)
79
Distributed Differential Privacy
Noisy Answers (encrypted)
Dealer
True Answers (encrypted)
80
A couple URLs
adresearch.mpi-sws.org
trackingfree.org
81
  • Backups, trust model

82
Dealer
Generate user profiles locally at the client In
other words, Adware!
Software Agent
SA
Clients
83
Anonymizes client-broker communications Cannot
eavesdrop Helps with clickfraud
Dealer
SA
Clients
84
Client/broker messages Contain minimal info (no
PII) Cannot be linked to same client
Dealer
SA
Clients
85
Dealer
Unlinkability and anonymity
SA
Clients
86
Dealer
Browser sandbox
Encrypted
Reference Monitor
Trusted, open
SA
Cleartext
Clients
Software Agent
Untrusted Black-box
U
87
Possibly malicious
Dealer
Pretty honest but very curious Doesnt collude
Honest but tempted
Browser sandbox
Encrypted
Reference Monitor
Trusted, open
SA
Cleartext
Clients
Software Agent
Untrusted Black-box
U
88
Privacy and threat models???
Honest but curious isnt quite right
We expect the broker to do what it can get away
with, but cautiously
Plus we need to make privacy advocates comfortable
No formal privacy model
Formal models are too narrow and restrictive
89
Dealer and Software Agent are new components How
are they incentivized?
Dealer
SA
Clients
90
Dealer
Dealer
Legally bound to follow protocols, not collude
SA
Execute open-source software, open to inspection
Clients
91
Dealer
Client
Various options
Provide benefit free software, content, ..
SA
Clients
Like adware!
Bundle with browser or OS
92
  • Local threats

93
Please suspend disbelief, imagine that we
succeed
Dealer
SA
Clients
94
Perfectly Private Advertising System
Dealer
SA
Clients
95
Ad
Perfectly Private Advertising System
Ad targeted to Man AND Married AND Has
girlfriend
Dealer
Ad
SA
Clients
96
Perfectly Private Advertising System
Click
Dealer
Advertiser gets (very) personal information about
users
SA
Clients
97
Honey, why are you getting ads for sexy lingerie?
98
More
?
???
Privad
Privacy
?
Less
Targeting
Worse
Better
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Paul Francis (MPI-SWS)" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!