slide1 n.
Download
Skip this Video
Download Presentation
Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research)

Loading in 2 Seconds...

play fullscreen
1 / 98

Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research) - PowerPoint PPT Presentation


  • 73 Views
  • Uploaded on

Privad Overview and Private Auctions. Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research) Alexey Reznichenko (MPI-SWS) Saikat Guha (MSR India). Can we replace current advertising systems with one that is private enough, and targets at least as well?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Paul Francis (MPI-SWS) Ruichuan Chen (MPI-SWS) Bin Cheng (NEC Research)' - yan


Download Now An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

Privad Overview and Private Auctions

Paul Francis (MPI-SWS)

Ruichuan Chen (MPI-SWS)

Bin Cheng (NEC Research)

Alexey Reznichenko (MPI-SWS)

Saikat Guha (MSR India)

slide3

Can we replace current advertising systems with one that is private enough, and targets at least as well?

slide4

Can we replace current advertising systems with one that is private enough, and targets at least as well?

  • Follows today’s business model
    • Advertisers bid for ad space, pay for clicks
    • Publishers provide ad space, get paid for clicks
  • Deal with click fraud
  • Scales adequately
slide5

Can we replace current advertising systems with one that is private enough , and targets at least as well?

  • Most users don’t care about privacy
  • But privacy advocates do, and so do governments
  • Privacy advocates need to be convinced
slide6

Can we replace current advertising systems with one that is private enough , and targets at least as well?

  • Our approach:
  • “As private as possible”
  • While still satisfying other goals
  • Hope that this is good enough
slide7

Can we replace current advertising systems with one that is private enough, and targets at least as well?

A principle: Increased privacy begets better targeting

slide8

Client

Today’s advertising model

(simplified)

Trackers

Publishers

Advertisers

Broker (Ad exchange)

slide9

Client

Trackers

Publishers

Advertisers

Broker (Ad exchange)

Trackers track users

Compile user profile

U

U

U

slide10

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Trackers may share profiles with advertisers?

U

U

U

slide11

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Client gets webpage with

adbox

U

U

U

slide12

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Client tells broker of page

U

U

U

slide13

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Broker launches auction (for given user visiting given webpage ….)

Also does clickfraud etc.

U

U

U

slide14

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

(alternatively the publisher could have launched the auction)

U

U

U

slide15

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Advertisers present bids and ads

U

U

U

slide16

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Broker picks winners,

delivers ads

U

U

U

slide17

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

User waits for this exchange

U

U

U

slide18

Client

Trackers

U

U

U

Publishers

Advertisers

Broker (Ad exchange)

Various reporting of results . . . .

U

U

U

slide19

Broker

Publishers

Advertisers

U

Dealer

SA

Privad Basic Architecture

Clients

slide20

Broker

Publishers

Advertisers

A

U

Dealer

Learn interest in tennis shoes

SA

Clients

slide21

Broker

Publishers

Advertisers

A

A

U

Anonymous request for tennis shoes

Dealer

SA

Clients

slide22

Broker

Publishers

Advertisers

A

A

U

Dealer

Relevant and non-relevant ads stored locally

SA

Clients

slide23

Chan: {Interest, Region, Language}

Ad: {AdID, AdvID, Content, Targeting, . . . .}

Key K unique to this request

Dealer knows Client requests some channel

Broker knows some Client requests this channel

Dealer cannot link requests

ICCCN 2010

slide24

Broker

Publishers

Advertisers

A

A

U

Dealer

Webpage with

adbox

SA

Clients

slide25

Broker

Publishers

Advertisers

A

A

U

Ad is delivered locally

Minimal delay

May or may not be related to page context

Dealer

SA

Clients

slide26

Broker

Publishers

Advertisers

A

A

U

View or click is reported to Broker via Dealer

Dealer

SA

Clients

slide27

Report: {AdID, PubID, EvType}

Dealer learns client X clicked on some ad

Broker learns some client clicked on ad Y

At Broker, multiple clicks from same client appear as clicks from multiple clients

ICCCN 2010

slide28

List of sus-pected rid’s

rid: Report ID

Unique for every report

Used to (indirectly) inform Dealer of suspected attacking Clients

Dealer remembers rid↔Client mappings

Client with many reported rid’s is suspect

ICCCN 2010

slide29

Many interesting challenges

  • Click fraud and auction fraud
  • 2nd-price, pay-per-click auction
  • How to do profiling
  • Protecting user from malicious advertisers
    • ….and still have good targeting
  • Gathering usage statistics and correlations
  • Accommodating multiple clients
    • Dynamic bidding for ad boxes
  • Co-existing with today’s systems
slide30

Many interesting challenges

  • Click fraud and auction fraud
  • 2nd-price, pay-per-click auction
  • How to do profiling
  • Protecting user from malicious advertisers
    • ….and still have good targeting
  • Gathering usage statistics and correlations
  • Accommodating multiple clients
    • Dynamic bidding for ad boxes
  • Co-existing with today’s systems
advertising auctions today
Advertising auctions today
  • Almost all auctions are second price
  • Most auctions are Pay Per Click (PPC)
slide32

Bid3: $6

Bid1: $2

Bid2: $7

Bid2: $3

Bid1: $5

Bid3: $1

Bid3: $4

second price auction
Second Price Auction

Winner pays bid+δ of next ranked bidder

Bidders can safely bid maximum from the start

Bid2: $7

Bid3: $6

Bid1: $5

second price auction1
Second Price Auction

Winner pays bid+δ of next ranked bidder

Bidders can safely bid maximum from the start

Maximum bid

Bid2: $7 ($9)

Bid3: $6 ($6)

Bid1: $5 ($5)

second price auction2
Second Price Auction

Bidder 2 is 1st ranked

Pays $6+1¢=$6.01

Bidder 3 is 2nd ranked

Pays $5+1¢=$5.01

Bid2: ($9)

Bid3: ($6)

Bid1: ($5)

what about ppc pay per click
What about PPC (pay per click)?

Click

Probabilities

P(C)=0.1

Bid2: $9

P(C)=0.1

Bid3: $6

P(C)=0.4

Bid1: $5

what about ppc pay per click1
What about PPC (pay per click)?

P(C)=0.1 $0.9

Bid2: $9

P(C)=0.1 $0.6

Bid3: $6

P(C)=0.4 $2.0

Bid1: $5

Expected

Revenue

Expected Revenue = Bid X Click Probability

what about ppc pay per click2
What about PPC (pay per click)?

P(C)=0.1 $0.9

Bid2: $9

Bid3: $6

P(C)=0.1 $0.6

P(C)=0.4 $2.0

Bid1: $5

Ad Rank= Bid X Click Probability

what does bidder 1 pay
What does bidder 1 pay???

P(C)=0.1

Bid2: $9

Bid3: $6

P(C)=0.1

P(C)=0.4

Bid1: $5

what does bidder 1 pay1
What does bidder 1 pay???

P(C)=0.1

Bid2: $9

Bid3: $6

P(C)=0.1

P(C)=0.4

Bid1: $5

Certainly not $9+1¢=$9.01

google second price auction
Google Second Price Auction

P(C)=0.4

Bid1: $5

P(C)=0.1

Bid2: $9

Bid3: $6

P(C)=0.1

Ad Rank= Bid X Click Probability

P(C) next

CPC = Bid next

P(C) clicked

google second price auction1
Google Second Price Auction

P(C)=0.4 $2.26

Bid1: $5

P(C)=0.1 $6.01

Bid2: $9

Bid3: $6

P(C)=0.1 $?

Ad Rank= Bid X Click Probability

P(C) next

CPC = Bid next

P(C) clicked

what is the click probability1
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • Relevance to the user
  • User click through rates
  • …….
what is the click probability2
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • Relevance to the user
  • User click through rates
  • …….

Today all this is known by the broker

(ad network)

what is the click probability3
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • Relevance to the user
  • User click through rates
  • …….

In a non-tracking advertising system, the broker knows nothing about the user!

what is the click probability4
What is the Click Probability???
  • Historical click performance of the ad
  • Landing page quality
  • …….
  • Relevance to the user
  • User click through rates
  • …….

Known at broker

(call it G)

Known at user

(call it U)

second price auction with broker and user components
Second price auction with broker and user components
  • Ranking by revenue potential:
    • Assume that Click Probability = G x U
  • Second-Price cost per click:
non tracking advertising revisited
Non-tracking advertising revisited
  • User profile at client
  • Privacy goals at broker:
    • Anonymity: No user identifier tied to any user profile attributes
    • Unlinkability: Individual user profile attributes cannot be linked
finally problem statement
Finally: Problem Statement
  • Satisfy anonymity and unlinkability goals in a system that runs this auction:
  • Where Bid and G are known at broker
  • And U is known at client
two questions
Two questions
  • Where do we do the ranking?
  • Where do we do the CPC computation?
two questions1
Two questions
  • Do CPC at Broker:
  • Don’t want to reveal advertiser’s Bid
  • Fraud
  • Where do we do the ranking?
  • Where do we do the CPC computation?
three flavors of non tracking auctions
Three flavors of Non-Tracking auctions

Broker

(Bid, G)

Client

(U)

Rank@Client

Bid, G

Rank@Broker

U

3

Bid, G

Rank@3rdParty

U

party

three flavors of non tracking auctions1
Three flavors of Non-Tracking auctions

Broker

(Bid, G)

Client

(U)

Rank@Client

Bid, G

Rank@Broker

U

3

Bid, G

Rank@3rdParty

U

party

slide56

Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

slide57

Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

slide58

Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Time

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc

slide59

Broker

(Bid, G)

Client

(U)

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc

slide60

Broker

(Bid, G)

Client

(U)

User information obscured by hiding within this composite value

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc

slide61

Broker

(Bid, G)

Client

(U)

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc

slide62

Broker

(Bid, G)

Client

(U)

Bc and Gc may have changed between ranking and CPC calculation

A - the ad ID,

Value of (B × G),

E[B,G],

(+ targeting etc.)

Computes ranking:

(B × G) × U

Ac - clicked ad ID

((Bn × Gn) × Un / Uc)

E[Bc, Gc]

Decrypts E[Bc, Gc]

Computes CPC:

((Bn × Gn) × Un / Uc) / Gc

Checks that CPC ≤ Bc

slide63

All three auction designs introduce various systemdelays

  • precompute and cache ranking
  • use out-of-date bid information
  • do not immediately reflect changes in bids
slide64

Changes in bids constitute main source of churn

Advertisers constantly update their bids to

  • show ads in a preferred position
  • meet target number of impressions
  • respond to market changes
slide65

How detrimental are auction delays?

Broker perspective:

  • How much revenue is lost due to these delays?

Advertiser perspective:

  • How they affect advertisers’ rankings?
slide66

Bing’s Auction log

  • 2TB of log data spanning 48 hours
  • 150M auctions with 18M ads
  • Trace record for an auction includes:
    • All participating ads
    • Bids and quality scores
    • Whether ad was shown and clicked
slide67

Understanding effect of churn on revenue

Idea:

  • Simulate auctions with stale bid information
  • Compute auctions at time t using bids recorded at time t-x
  • Compare generated revenue to auctions with up-to-date bid information
slide69

We simulate five click models

  • 100% same position
  • 75% same position, 25% same ad
  • 50%-50%
  • 25% same position, 75% same ad
  • 100% same ad
slide72

Computing U

So far, we assume we know user component of click probability

Hard to compute purely at client

Not enough history

Unlinkably gather click stats from clients, compute U, feed back to clients

slide73

Assume a set of factors X={x1, x2, …, xL}

Level of interest in ad’s product/service

Targeting/user match quality

Webpage context

User’s historic CTR

…….

Clients report {Ad-ID, X, click}

Broker computes U = f(X), delivers f(X) along with ad

slide74

Problem if X={x1, x2, …, xL} fingerprints user

Possible mitigating factors:

Level of interest

Many interests change,

many interests don’t correlate that well

Targeting match quality

Different ads have different targeting

Webpage context

Can be course-grained

User’s historic CTR

Can be course-grained

slide75

Future work

So far, designs appear practical, but:

  • Can we accurately compute user score U?
    • And without violating privacy….
  • Are there new forms of click fraud?
  • Need experience in practice….
slide76

User Statistics

Broker and advertiser want to know deep statistical information about users

What kind of targeting works best?

When should ads be shown?

Are users interested in A also interested in B?

How can conversion rates be improved?

Centralized systems have full knowledge

How can Privad privately provide this information?

slide77

Differential Privacy

Differential Privacy adds noise to answers of DB queries

Such that presence or absence of single DB element cannot be determined

Normally modeled as a single trusted DB

Query

True Answer

DB

Noisy Answer

Add Noise

Trusted

slide78

DB

DB

DB

DB

Distributed Differential Privacy

Dealer

Query

(cleartext)

slide79

DB

DB

DB

DB

Distributed Differential Privacy

Noisy Answers

(encrypted)

Dealer

True Answers

(encrypted)

slide80

A couple URLs

adresearch.mpi-sws.org

trackingfree.org

slide82

Broker

Publishers

Advertisers

U

Dealer

Generate user profiles locally at the client

In other words, Adware!

Software Agent

SA

Clients

slide83

Broker

Publishers

Advertisers

U

Anonymizes client-broker communications

Cannot eavesdrop

Helps with clickfraud

Dealer

SA

Clients

slide84

Broker

Publishers

Advertisers

U

Client/broker messages:

Contain minimal info (no PII)

Cannot be linked to same client

Dealer

SA

Clients

slide85

Broker

Publishers

Advertisers

U

Dealer

Unlinkability and anonymity

SA

Clients

slide86

Broker

Publishers

Advertisers

U

Dealer

Browser sandbox

Encrypted

Reference Monitor

Trusted, open

SA

Cleartext

Clients

Software

Agent

Untrusted

Black-box

U

slide87

Broker

Publishers

Advertisers

U

Possibly malicious

Dealer

“Pretty honest but very curious”

Doesn’t collude

Honest but tempted

Browser sandbox

Encrypted

Reference Monitor

Trusted, open

SA

Cleartext

Clients

Software

Agent

Untrusted

Black-box

U

slide88

Privacy and threat models???

Honest but curious isn’t quite right

We expect the broker to do “what it can get away with”, but cautiously

Plus we need to make privacy advocates comfortable

No formal privacy model

Formal models are too narrow and restrictive

slide89

U

Dealer and Software Agent are new components

How are they incentivized?

Dealer

SA

Clients

slide90

U

Dealer

Dealer:

Legally bound to follow protocols, not collude

SA

Execute open-source software, open to inspection

Clients

slide91

U

Dealer

Client:

Various options:

Provide benefit: free software, content, …..

SA

Clients

Like adware!

Bundle with browser or OS

slide93

Broker

Publishers

Advertisers

U

Please suspend disbelief, imagine that we succeed……

Dealer

SA

Clients

slide94

Broker

Publishers

Advertisers

A

U

Perfectly Private Advertising System

Dealer

SA

Clients

slide95

Broker

Publishers

Advertisers

A

U

Ad

Perfectly Private Advertising System

Ad targeted to:

“Man” AND “Married” AND

“Has girlfriend”

Dealer

Ad

SA

Clients

slide96

Broker

Publishers

Advertisers

A

U

Perfectly Private Advertising System

Click

Dealer

Advertiser gets (very) personal information about users

SA

Clients

slide98

More

???

Privad

Privacy

Less

Targeting

Worse

Better

ad