Colloquium - On the Privacy Implications of Real Time Bidding

November 13, 2020 - 4:00pm to 5:00pm
Zoom - See emails for details
Ahmad Bashir
International Computer Science Institute (ICSI) | Berkeley

The massive growth of online advertising has created a need for commensurate amounts of user tracking. Advertising companies track online users extensively to serve them targeted advertisements. On the surface, this seems like a simple process: a tracker places a unique cookie in the user’s browser, repeatedly observes the same cookie as the user surfs the web, and finally uses the accrued data to select targeted ads.  However, the reality is much more complex. The rise of Real Time Bidding (RTB) has forced Advertising and Analytics (A&A) companies to collaborate more closely with each other via cookie matching. Because of RTB, tracking data is not just observed by trackers embedded directly into the web pages, but rather it is funneled through the advertising ecosystem through complex networks of exchanges and auctions.

In this talk, I will briefly go over a content-agnostic methodology that is able to detect client- and server-side information flows between arbitrary ad exchanges using retargeted ads. Intuitively, this methodology works because it relies on the semantics of how exchanges serve ads, rather than focusing on specific cookie matching mechanisms. This methodology can successfully categorize four different kinds of information sharing behavior between ad exchanges, including cases where existing heuristic-based methods fail. 

Then, using this data, I will introduce a novel graph representation, called an Inclusion graph, to model the impact of RTB on the diffusion of user tracking data in the advertising ecosystem. Through simulations on the Inclusion graph, I will provide upper and lower estimates on the tracking information observed by A&A companies. Finally, I will conclude by discussing the effectiveness of ad and tracker blocking strategies on limiting Information-sharing.


Ahmad Bashir PhotoAhmad is a postdoctoral researcher at ICSI (Berkeley), where he is part of the usable security and privacy research group. Ahmad’s research focuses on highlighting the security and privacy implications surrounding the web and mobile ecosystem. In particular, he has worked on understanding the online advertising ecosystem with an emphasis on privacy implications for end users. He received his PhD in Computer Science from Northeastern University in 2019. His work has been published in top security and privacy venues like Usenix Security and PETS. He has also won the best student paper award at the Future of Privacy forum in 2019.