Privacy Violations Using Microtargeted Ads: A Case Study

Aleksandra Korolova

doi:10.29012/jpc.v3i1.594

PDF

Published: Jun 1, 2011

DOI: https://doi.org/10.29012/jpc.v3i1.594

Keywords:

Facebook, social networks, targeted advertising, privacy breaches

Aleksandra Korolova

Departmen t of Computer Science, Stanford University

Abstract

We propose a new class of attacks that breach user privacy by exploiting advertising systems offering microtargeting capabilities. We study the advertising system of the largest online social network, Facebook, and the risks that the design of the system poses to the privacy of its users. We propose, describe and provide experimental evidence of several novel approaches to exploiting the advertising system in order to obtain private user information.

The work illustrates how a real-world system designed with an intention to protect privacy but without rigorous privacy guarantees can leak private information, and motivates the need for further research on the design of microtargeted advertising systems with provable privacy guarantees. Furthermore, it shows that user privacy may be breached not only as a result of data publishing using improper anonymization techniques, but also as a result of internal data-mining of that data.

We communicated our findings to Facebook on July 13, 2010, and received a very prompt response. On July 20, 2010, Facebook launched a change to their advertising system that made the kind of attacks we describe much more difficult to implement in practice, even though, as we discuss, they remain possible in principle. We conclude by discussing the broader challenge of designing privacy-preserving microtargeted advertising systems.

How to Cite

Korolova, Aleksandra. 2011. “Privacy Violations Using Microtargeted Ads: A Case Study”. Journal of Privacy and Confidentiality 3 (1). https://doi.org/10.29012/jpc.v3i1.594.

Issue

Vol. 3 No. 1 (2011)

Section

Articles

Copyright is retained by the authors. By submitting to this journal, the author(s) license the article under the Creative Commons License – Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), unless choosing a more lenient license (for instance, public domain). For situations not allowed under CC BY-NC-ND, short sections of text, not to exceed two paragraphs, may be quoted without explicit permission provided that full credit, including © notice, is given to the source.

Authors of articles published by the journal grant the journal the right to store the articles in its databases for an unlimited period of time and to distribute and reproduce the articles electronically.

Funding data

Cisco Systems
National Science Foundation
Grant numbers IS-0904325

Most read articles by the same author(s)

Brendan Avent, Aleksandra Korolova, David Zeber, Torgeir Hovden, Benjamin Livshits, BLENDER: Enabling Local Search with a Hybrid Differential Privacy Model , Journal of Privacy and Confidentiality: Vol. 9 No. 2 (2019): Differential Privacy, including Special Issue on the Theory and Practice of Differential Privacy 2017
Krishnaram Kenthapadi, Aleksandra Korolova, Ilya Mironov, Nina Mishra, Privacy via the Johnson-Lindenstrauss Transform , Journal of Privacy and Confidentiality: Vol. 5 No. 1 (2013)

Make a Submission

about2

The Journal of Privacy and Confidentiality is an open-access multi-disciplinary journal whose purpose is to facilitate the coalescence of research methodologies and activities in the areas of privacy, confidentiality, and disclosure limitation. The JPC seeks to publish a wide range of research and review papers, not only from academia, but also from government (especially official statistical agencies) and industry, and to serve as a forum for exchange of views, discussion, and news. For more information, see the About the Journal page.