Selling Off Privacy at Auction

Claude Castelluccia 1 Lukasz Olejnik 1 Tran Minh-Dung 1
1 PRIVATICS - Privacy Models, Architectures and Tools for the Information Society
Inria Grenoble - Rhône-Alpes, CITI - CITI Centre of Innovation in Telecommunications and Integration of services
Abstract : Real-Time Bidding (RTB) and Cookie Matching (CM) are transforming the advertising landscape to an extremely dynamic market and make targeted advertising considerably permissive. The emergence of these technologies allows companies to exchange user data as a product and therefore raises important concerns from privacy perspectives. In this paper, we perform a privacy analysis of CM and RTB and quantify the leakage of users’ browsing histories due to these mechanisms. We study this problem on a corpus of users’ Web histories, and show that using these technologies, certain companies can significantly improve their tracking and profiling capabilities. We detect 41 companies serving ads via RTB and over 125 using Cookie Matching. We show that 91% of users in our dataset were affected by CM and in certain cases, 27% of users’ histories could be leaked to 3rd-party companies through RTB.We expose a design characteristic of RTB systems to observe the prices which advertisers pay for serving ads to Web users. We leverage this feature and provide important insights into these prices by analyzing different user profiles and visiting contexts. Our study shows the variation of prices according to context information including visiting site, time and user’s physical location. We experimentally confirm that users with known history are evaluated higher than new comers, that some user profiles are more valuable than others, and that users’ intents, such as looking for a commercial product, are sold at higher prices than users’ browsing histories. In addition, we show that there is a huge gap between users’ perception of the value of their personal information and its actual value on the market. A recent study by Carrascal et al. showed that, on average, users evaluate the price of the disclosure of their presence on a Web site to EUR 7. We show that user’s browsing history elements are routinely being sold off for less than $0.0005.
Keywords : privacy advertising
Type de document :
Communication dans un congrès
Network and Distributed System Security Symposium (NDSS), Nov 2014, San Diego, California, United States. 2014, NDSS
Liste complète des métadonnées

https://hal.inria.fr/hal-01087557
Contributeur : Claude Castelluccia <>
Soumis le : mercredi 26 novembre 2014 - 12:24:18
Dernière modification le : jeudi 7 avril 2016 - 15:47:06

Identifiants

  • HAL Id : hal-01087557, version 1

Collections

Citation

Claude Castelluccia, Lukasz Olejnik, Tran Minh-Dung. Selling Off Privacy at Auction. Network and Distributed System Security Symposium (NDSS), Nov 2014, San Diego, California, United States. 2014, NDSS. 〈hal-01087557〉

Partager

Métriques

Consultations de la notice

362