Open AccessProceedings Article
Tracing Information Flows Between Ad Exchanges Using Retargeted Ads
Muhammad Ahmad Bashir,Sajjad Arshad,William Robertson,Christo Wilson +3 more
- pp 481-496
TLDR
A methodology that is able to detect client- and server-side flows of information between arbitrary ad exchanges is developed and leveraged to give users more control over what kind of ads they see and how their information is shared between ad exchanges.Abstract:
Numerous surveys have shown that Web users are concerned about the loss of privacy associated with online tracking. Alarmingly, these surveys also reveal that people are also unaware of the amount of data sharing that occurs between ad exchanges, and thus underestimate the privacy risks associated with online tracking. In reality, the modern ad ecosystem is fueled by a flow of user data between trackers and ad exchanges. Although recent work has shown that ad exchanges routinely perform cookie matching with other exchanges, these studies are based on brittle heuristics that cannot detect all forms of information sharing, especially under adversarial conditions. In this study, we develop a methodology that is able to detect clientand server-side flows of information between arbitrary ad exchanges. Our key insight is to leverage retargeted ads as a tool for identifying information flows. Intuitively, our methodology works because it relies on the semantics of how exchanges serve ads, rather than focusing on specific cookie matching mechanisms. Using crawled data on 35,448 ad impressions, we show that our methodology can successfully categorize four different kinds of information sharing behavior between ad exchanges, including cases where existing heuristic methods fail. We conclude with a discussion of how our findings and methodologies can be leveraged to give users more control over what kind of ads they see and how their information is shared between ad exchanges.read more
Citations
More filters
Proceedings ArticleDOI
Bias in Online Freelance Marketplaces: Evidence from TaskRabbit and Fiverr
TL;DR: Evidence of bias is found that gender and race are significantly correlated with worker evaluations, which could harm the employment opportunities afforded to the workers on TaskRabbit and Fiverr.
Proceedings ArticleDOI
Cookie Synchronization: Everything You Always Wanted to Know But Were Afraid to Ask
TL;DR: Wang et al. as discussed by the authors performed an in-depth study of CSync in the wild, using a year-long weblog from 850 real mobile users, and they found that 97% of the regular web users are exposed to CSync: most of them within the first week of their browsing, and the median userID gets leaked, on average, to 3.5 different domains.
Proceedings ArticleDOI
If you are not paying for it, you are the product: how much do advertisers pay to reach you?
TL;DR: This study develops a first of its kind methodology for computing exactly that - the price paid for a web user by the ad ecosystem - and it can estimate a user's advertising worth with more than 82% accuracy.
Journal ArticleDOI
Online advertising
TL;DR: The main components of the advertising infrastructure are examined in terms of tracking capabilities, data collection, aggregation level and privacy risk, and the tracking and data-sharing technologies employed by these components are examined.
Journal ArticleDOI
Diffusion of User Tracking Data in the Online Advertising Ecosystem
TL;DR: This paper introduces a novel graph representation, called an Inclusion graph, to model the impact of RTB on the diffusion of user tracking data in the advertising ecosystem, and provides upper and lower estimates on the tracking information observed by A&A companies.
References
More filters
Book ChapterDOI
How unique is your web browser
TL;DR: The degree to which modern web browsers are subject to "device fingerprinting" via the version and configuration information that they will transmit to websites upon request is investigated, and what countermeasures may be appropriate to prevent it is discussed.
Journal ArticleDOI
Remote physical device fingerprinting
TL;DR: Remote physical device fingerprinting is introduced, or fingerprinting a physical device, as opposed to an operating system or class of devices, remotely, and without the fingerprinted device's known cooperation, by exploiting small, microscopic deviations in device hardware: clock skews.
Proceedings ArticleDOI
The Web Never Forgets: Persistent Tracking Mechanisms in the Wild
TL;DR: The evaluation of the defensive techniques used by privacy-aware users finds that there exist subtle pitfalls --- such as failing to clear state on multiple browsers at once - in which a single lapse in judgement can shatter privacy defenses.
Proceedings ArticleDOI
Third-Party Web Tracking: Policy and Technology
Jonathan Mayer,John C. Mitchell +1 more
TL;DR: The current policy debate surrounding third-party web tracking is surveyed and the FourthParty web measurement platform is presented, to inform researchers with essential background and tools for contributing to public understanding and policy debates about web tracking.
Proceedings ArticleDOI
Cookieless Monster: Exploring the Ecosystem of Web-Based Device Fingerprinting
Nick Nikiforakis,Alexandros Kapravelos,Wouter Joosen,Christopher Kruegel,Frank Piessens,Giovanni Vigna +5 more
TL;DR: By analyzing the code of three popular browser-fingerprinting code providers, it is revealed the techniques that allow websites to track users without the need of client-side identifiers and how fragile the browser ecosystem is against fingerprinting through the use of novel browser-identifying techniques.