1 / 28

Privacy of profile-based ad targeting

Privacy of profile-based ad targeting. Alexander Smal and Ilya Mironov. User-profile targeting. Goal: increase impact of your ads by targeting a group potentially interested in your product. Examples: Social Network Profile = user’s personal information + friends Search Engine

gracie
Télécharger la présentation

Privacy of profile-based ad targeting

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy of profile-based ad targeting Alexander Smal and Ilya Mironov

  2. Privacy of profile-based targeting User-profile targeting • Goal: increase impact of your ads by targeting a group potentially interested in your product. • Examples: • Social Network Profile = user’s personal information + friends • Search Engine Profile = search queries + webpages visited by user

  3. Privacy of profile-based targeting Facebook ad targeting

  4. Privacy of profile-based targeting Characters Advertising company Privacy researcher My system is private!

  5. Privacy of profile-based targeting Amazing cat food for $0.99! Simple attack [Korolova’10] Likes fishing Nice! - 32 y.o. single man - Mountain View, CA …. - has cat - likes fishing Targeted ad noise Show Jon Likes fishing Public: - 32 y.o. single man - Mountain View, CA - …. - has cat Private: - likes fishing # of impressions Eve

  6. Privacy of profile-based targeting Advertising company Privacy researcher My system is private! Unless your targeting is not private, it is not! How can I target privately?

  7. Privacy of profile-based targeting How to protect information? • Basic idea: add some noise • Explicitly • Implicit in the data • noiseless privacy [BBGLT11] • natural privacy [BD11] • Two types of explicit noise • Output perturbation • Dynamically add noise to answers • Input perturbation • Modify the database

  8. Privacy of profile-based targeting Advertising company Privacy researcher I like input perturbation better…

  9. Privacy of profile-based targeting Input perturbation • Pro: • Pan-private (not storing initial data) • Do it once • Simpler architecture

  10. Privacy of profile-based targeting Advertising company Privacy researcher I like input perturbation better… Signal is sparse and non-random

  11. Privacy of profile-based targeting Adding noise • Two main difficulties in adding noise: • Sparse profiles • Dependent bits differential privacy “Smart noise” deniability

  12. Privacy of profile-based targeting Advertising company Privacy researcher I like input perturbation better… Signal is sparse and non-random Let’s shoot for deniability, and add “smart noise”!

  13. Privacy of profile-based targeting “Smart noise” • Consider two extreme cases • All bits are independent independent noise • All bits are correlated with correlation coefficient 1 correlatednoise • “Smart noise” hypothesis: “If we know the exact model we can add right noise” Aha!

  14. Privacy of profile-based targeting Dependent bits in real data • Netflix prize competition data • ~480k users, ~18k movies, ~100m ratings • Estimate movie-to-movie correlation • Fact that a user rated a movie • Visualize graph of correlations • Edge – correlation with correlation coefficient > 0.5

  15. Privacy of profile-based targeting Netflix movie correlations

  16. Privacy of profile-based targeting Let’s shoot for deniability, and add “smart noise”! Advertising company Privacy researcher Let’s construct models where “smart noise” fails

  17. Privacy of profile-based targeting How can “smart noise” fail? large large = relative distance

  18. Privacy of profile-based targeting Models of user profiles hidden bits • hidden independent bits • public bits • Public bits are some functions of hidden bits public bits • Are users well separated?

  19. Privacy of profile-based targeting • Error-correcting codes • Constant relative distance • Unique decoding • Explicit, efficient

  20. Privacy of profile-based targeting See — unless the noise is >25%, no privacy Advertising company Privacy researcher But this model is unrealistic! Let me see what I can do with monotone functions…

  21. Privacy of profile-based targeting Monotone functions • Monotone function: for all and for all values of , • Monotonicity is a natural property • Monotone functions are bad for constructing error-correcting codes

  22. Privacy of profile-based targeting Approximate error-correcting codes • -approximate error-correcting code with distance : function such that • If less than fraction of is corrupted then we can reconstruct within fraction of bits. • We need -approximate error-correcting code with constant distance. blatant non-privacy

  23. Privacy of profile-based targeting Noise sensitivity • Noise sensitivity of function :where is chosen uniformly at random, is formed by flipping each bit of with probability . • If is big • If is small hidden bits public bits hidden bits public bits

  24. Privacy of profile-based targeting Monotone functions • There exist highly sensitive monotone functions [MO’03]. • Theorem: there exists monotone -approximate error-correcting code with constant distance on average. • Idea of proof: Let be random independent monotone boolean functions, such that and depends only on bits of . • Let . • With high probability for random there is no such that and • For Talagrand-approximate error-correcting code with constant distance on average.

  25. Privacy of profile-based targeting Advertising company Privacy researcher If the model is monotone, blatant non-privacy is still possible Hmmm. Does smart noise ever work?

  26. Privacy of profile-based targeting Linear threshold model • Function is a linear threshold function, if there exist real numbers ’s such that • Theorem[Peres’04]: Let be a linear threshold function, then  No o(1)-approximate error-correcting code with O(1) distance

  27. Privacy of profile-based targeting Conclusion • Two separate issues with input perturbation: • Sparseness • Dependencies • “Smart noise” hypothesis: Even for a publicly known, relatively simple model, constant corruption of profiles may lead to blatant non-privacy. • Connection between noise sensitivity of boolean functions and privacy • Open questions: • Linear threshold privacy-preserving mechanism? • Existence of interactive privacy-preserving solutions? Arbitrary Monotone Linear threshold fallacy

  28. Privacy of profile-based targeting Thank for your attention! Special thanks for Cynthia Dwork, MoisesGoldszmidt, Parikshit Gopalan, Frank McSherry, MoniNaor, KunalTalwar, and Sergey Yekhanin.

More Related