Privad Overview and Private Auctions
This presentation is the property of its rightful owner.
Sponsored Links
1 / 98

Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research) PowerPoint PPT Presentation


  • 43 Views
  • Uploaded on
  • Presentation posted in: General

Privad Overview and Private Auctions. Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research) Alexey Reznichenko (MPI-SWS) Saikat Guha (MSR India). Can we replace current advertising systems with one that is private enough, and targets at least as well?.

Download Presentation

Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Privad Overview and Private Auctions

Paul Francis (MPI-SWS)

Ruichuan Chen (MPI-SWS)

Bin Cheng (NEC Research)

Alexey Reznichenko (MPI-SWS)

Saikat Guha (MSR India)


Can we replace current advertising systems with one that is private enough, and targets at least as well?


Can we replace current advertising systems with one that is private enough, and targets at least as well?

  • Follows today’s business model

    • Advertisers bid for ad space, pay for clicks

    • Publishers provide ad space, get paid for clicks

  • Deal with click fraud

  • Scales adequately


Can we replace current advertising systems with one that is private enough , and targets at least as well?

  • Most users don’t care about privacy

  • But privacy advocates do, and so do governments

  • Privacy advocates need to be convinced


Can we replace current advertising systems with one that is private enough , and targets at least as well?

  • Our approach:

  • “As private as possible”

  • While still satisfying other goals

  • Hope that this is good enough


Can we replace current advertising systems with one that is private enough, and targets at least as well?

A principle: Increased privacy begets better targeting


Client

Today’s advertising model

(simplified)

Trackers

Publishers

Advertisers

Broker (Ad exchange)


Client

Trackers

Publishers

Advertisers

Broker (Ad exchange)

Trackers track users

Compile user profile

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Trackers may share profiles with advertisers?

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Client gets webpage with

adbox

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Client tells broker of page

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Broker launches auction (for given user visiting given webpage ….)

Also does clickfraud etc.

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

(alternatively the publisher could have launched the auction)

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Advertisers present bids and ads

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Broker picks winners,

delivers ads

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

User waits for this exchange

U

U

U


Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Various reporting of results . . . .

U

U

U


Broker

Publishers

Advertisers

U

Dealer

SA

Privad Basic Architecture

Clients


Broker

Publishers

Advertisers

A

U

Dealer

Learn interest in tennis shoes

SA

Clients


Broker

Publishers

Advertisers

A

A

U

Anonymous request for tennis shoes

Dealer

SA

Clients


Broker

Publishers

Advertisers

A

A

U

Dealer

Relevant and non-relevant ads stored locally

SA

Clients


Chan: {Interest, Region, Language}

Ad: {AdID, AdvID, Content, Targeting, . . . .}

Key K unique to this request

Dealer knows Client requests some channel

Broker knows some Client requests this channel

Dealer cannot link requests

ICCCN 2010


Broker

Publishers

Advertisers

A

A

U

Dealer

Webpage with

adbox

SA

Clients


Broker

Publishers

Advertisers

A

A

U

Ad is delivered locally

Minimal delay

May or may not be related to page context

Dealer

SA

Clients


Broker

Publishers

Advertisers

A

A

U

View or click is reported to Broker via Dealer

Dealer

SA

Clients


Report: {AdID, PubID, EvType}

Dealer learns client X clicked on some ad

Broker learns some client clicked on ad Y

At Broker, multiple clicks from same client appear as clicks from multiple clients

ICCCN 2010


List of sus-pected rid’s

rid: Report ID

Unique for every report

Used to (indirectly) inform Dealer of suspected attacking Clients

Dealer remembers rid↔Client mappings

Client with many reported rid’s is suspect

ICCCN 2010


Many interesting challenges

  • Click fraud and auction fraud

  • 2nd-price, pay-per-click auction

  • How to do profiling

  • Protecting user from malicious advertisers

    • ….and still have good targeting

  • Gathering usage statistics and correlations

  • Accommodating multiple clients

    • Dynamic bidding for ad boxes

  • Co-existing with today’s systems


Many interesting challenges

  • Click fraud and auction fraud

  • 2nd-price, pay-per-click auction

  • How to do profiling

  • Protecting user from malicious advertisers

    • ….and still have good targeting

  • Gathering usage statistics and correlations

  • Accommodating multiple clients

    • Dynamic bidding for ad boxes

  • Co-existing with today’s systems


Advertising auctions today

  • Almost all auctions are second price

  • Most auctions are Pay Per Click (PPC)


Bid3: $6

Bid1: $2

Bid2: $7

Bid2: $3

Bid1: $5

Bid3: $1

Bid3: $4


Second Price Auction

Winner pays bid+δ of next ranked bidder

Bidders can safely bid maximum from the start

Bid2: $7

Bid3: $6

Bid1: $5


Second Price Auction

Winner pays bid+δ of next ranked bidder

Bidders can safely bid maximum from the start

Maximum bid

Bid2: $7 ($9)

Bid3: $6 ($6)

Bid1: $5 ($5)


Second Price Auction

Bidder 2 is 1st ranked

Pays $6+1¢=$6.01

Bidder 3 is 2nd ranked

Pays $5+1¢=$5.01

Bid2: ($9)

Bid3: ($6)

Bid1: ($5)


What about PPC (pay per click)?

Click

Probabilities

P(C)=0.1

Bid2: $9

P(C)=0.1

Bid3: $6

P(C)=0.4

Bid1: $5


What about PPC (pay per click)?

P(C)=0.1 $0.9

Bid2: $9

P(C)=0.1 $0.6

Bid3: $6

P(C)=0.4 $2.0

Bid1: $5

Expected

Revenue

Expected Revenue = Bid X Click Probability


What about PPC (pay per click)?

P(C)=0.1 $0.9

Bid2: $9

Bid3: $6

P(C)=0.1 $0.6

P(C)=0.4 $2.0

Bid1: $5

Ad Rank= Bid X Click Probability


What does bidder 1 pay???

P(C)=0.1

Bid2: $9

Bid3: $6

P(C)=0.1

P(C)=0.4

Bid1: $5


What does bidder 1 pay???

P(C)=0.1

Bid2: $9

Bid3: $6

P(C)=0.1

P(C)=0.4

Bid1: $5

Certainly not $9+1¢=$9.01


Google Second Price Auction

P(C)=0.4

Bid1: $5

P(C)=0.1

Bid2: $9

Bid3: $6

P(C)=0.1

Ad Rank= Bid X Click Probability

P(C) next

CPC = Bid next

P(C) clicked


Google Second Price Auction

P(C)=0.4 $2.26

Bid1: $5

P(C)=0.1 $6.01

Bid2: $9

Bid3: $6

P(C)=0.1 $?

Ad Rank= Bid X Click Probability

P(C) next

CPC = Bid next

P(C) clicked


What is the Click Probability???


What is the Click Probability???

  • Historical click performance of the ad

  • Landing page quality

  • Relevance to the user

  • User click through rates

  • …….


What is the Click Probability???

  • Historical click performance of the ad

  • Landing page quality

  • Relevance to the user

  • User click through rates

  • …….

Today all this is known by the broker

(ad network)


What is the Click Probability???

  • Historical click performance of the ad

  • Landing page quality

  • Relevance to the user

  • User click through rates

  • …….

In a non-tracking advertising system, the broker knows nothing about the user!


What is the Click Probability???

  • Historical click performance of the ad

  • Landing page quality

  • …….

  • Relevance to the user

  • User click through rates

  • …….

Known at broker

(call it G)

Known at user

(call it U)


Second price auction with broker and user components

  • Ranking by revenue potential:

    • Assume that Click Probability = G x U

  • Second-Price cost per click:


Non-tracking advertising revisited

  • User profile at client

  • Privacy goals at broker:

    • Anonymity: No user identifier tied to any user profile attributes

    • Unlinkability: Individual user profile attributes cannot be linked


Finally: Problem Statement

  • Satisfy anonymity and unlinkability goals in a system that runs this auction:

  • Where Bid and G are known at broker

  • And U is known at client


Basic Architecture


Two questions

  • Where do we do the ranking?

  • Where do we do the CPC computation?


Two questions

  • Do CPC at Broker:

  • Don’t want to reveal advertiser’s Bid

  • Fraud

  • Where do we do the ranking?

  • Where do we do the CPC computation?


Three flavors of Non-Tracking auctions

Broker

(Bid, G)

Client

(U)

[email protected]

Bid, G

[email protected]

U

3

Bid, G

[email protected]

U

party


Three flavors of Non-Tracking auctions

Broker

(Bid, G)

Client

(U)

[email protected]

Bid, G

[email protected]

U

3

Bid, G

[email protected]

U

party


Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U


Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U


Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Time

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc


Broker

(Bid, G)

Client

(U)

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc


Broker

(Bid, G)

Client

(U)

User information obscured by hiding within this composite value

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc


Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc


Broker

(Bid, G)

Client

(U)

Bc and Gc may have changed between ranking and CPC calculation

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc


All three auction designs introduce various systemdelays

  • precompute and cache ranking

  • use out-of-date bid information

  • do not immediately reflect changes in bids


Changes in bids constitute main source of churn

Advertisers constantly update their bids to

  • show ads in a preferred position

  • meet target number of impressions

  • respond to market changes


How detrimental are auction delays?

Broker perspective:

  • How much revenue is lost due to these delays?

    Advertiser perspective:

  • How they affect advertisers’ rankings?


Bing’s Auction log

  • 2TB of log data spanning 48 hours

  • 150M auctions with 18M ads

  • Trace record for an auction includes:

    • All participating ads

    • Bids and quality scores

    • Whether ad was shown and clicked


Understanding effect of churn on revenue

Idea:

  • Simulate auctions with stale bid information

  • Compute auctions at time t using bids recorded at time t-x

  • Compare generated revenue to auctions with up-to-date bid information


We cannot predict changes in clicking behavior when rankings change


We simulate five click models

  • 100% same position

  • 75% same position, 25% same ad

  • 50%-50%

  • 25% same position, 75% same ad

  • 100% same ad


Bid staleness and change in revenue


Bid staleness and change in ranking


Computing U

So far, we assume we know user component of click probability

Hard to compute purely at client

Not enough history

Unlinkably gather click stats from clients, compute U, feed back to clients


Assume a set of factors X={x1, x2, …, xL}

Level of interest in ad’s product/service

Targeting/user match quality

Webpage context

User’s historic CTR

…….

Clients report {Ad-ID, X, click}

Broker computes U = f(X), delivers f(X) along with ad


Problem if X={x1, x2, …, xL} fingerprints user

Possible mitigating factors:

Level of interest

Many interests change,

many interests don’t correlate that well

Targeting match quality

Different ads have different targeting

Webpage context

Can be course-grained

User’s historic CTR

Can be course-grained


Future work

So far, designs appear practical, but:

  • Can we accurately compute user score U?

    • And without violating privacy….

  • Are there new forms of click fraud?

  • Need experience in practice….


User Statistics

Broker and advertiser want to know deep statistical information about users

What kind of targeting works best?

When should ads be shown?

Are users interested in A also interested in B?

How can conversion rates be improved?

Centralized systems have full knowledge

How can Privad privately provide this information?


Differential Privacy

Differential Privacy adds noise to answers of DB queries

Such that presence or absence of single DB element cannot be determined

Normally modeled as a single trusted DB

Query

True Answer

DB

Noisy Answer

Add Noise

Trusted


DB

DB

DB

DB

Distributed Differential Privacy

Dealer

Query

(cleartext)


DB

DB

DB

DB

Distributed Differential Privacy

Noisy Answers

(encrypted)

Dealer

True Answers

(encrypted)


A couple URLs

adresearch.mpi-sws.org

trackingfree.org


  • Backups, trust model

ICCCN 2010


Broker

Publishers

Advertisers

U

Dealer

Generate user profiles locally at the client

In other words, Adware!

Software Agent

SA

Clients


Broker

Publishers

Advertisers

U

Anonymizes client-broker communications

Cannot eavesdrop

Helps with clickfraud

Dealer

SA

Clients


Broker

Publishers

Advertisers

U

Client/broker messages:

Contain minimal info (no PII)

Cannot be linked to same client

Dealer

SA

Clients


Broker

Publishers

Advertisers

U

Dealer

Unlinkability and anonymity

SA

Clients


Broker

Publishers

Advertisers

U

Dealer

Browser sandbox

Encrypted

Reference Monitor

Trusted, open

SA

Cleartext

Clients

Software

Agent

Untrusted

Black-box

U


Broker

Publishers

Advertisers

U

Possibly malicious

Dealer

“Pretty honest but very curious”

Doesn’t collude

Honest but tempted

Browser sandbox

Encrypted

Reference Monitor

Trusted, open

SA

Cleartext

Clients

Software

Agent

Untrusted

Black-box

U


Privacy and threat models???

Honest but curious isn’t quite right

We expect the broker to do “what it can get away with”, but cautiously

Plus we need to make privacy advocates comfortable

No formal privacy model

Formal models are too narrow and restrictive


U

Dealer and Software Agent are new components

How are they incentivized?

Dealer

SA

Clients


U

Dealer

Dealer:

Legally bound to follow protocols, not collude

SA

Execute open-source software, open to inspection

Clients


U

Dealer

Client:

Various options:

Provide benefit: free software, content, …..

SA

Clients

Like adware!

Bundle with browser or OS


  • Local threats…

ICCCN 2010


Broker

Publishers

Advertisers

U

Please suspend disbelief, imagine that we succeed……

Dealer

SA

Clients


Broker

Publishers

Advertisers

A

U

Perfectly Private Advertising System

Dealer

SA

Clients


Broker

Publishers

Advertisers

A

U

Ad

Perfectly Private Advertising System

Ad targeted to:

“Man” AND “Married” AND

“Has girlfriend”

Dealer

Ad

SA

Clients


Broker

Publishers

Advertisers

A

U

Perfectly Private Advertising System

Click

Dealer

Advertiser gets (very) personal information about users

SA

Clients


Honey, why are you getting ads for sexy lingerie?

ICCCN 2010


More

???

Privad

Privacy

Less

Targeting

Worse

Better


  • Login