20110918 csseminar smal_privacy

491 views

Published on

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
491
On SlideShare
0
From Embeds
0
Number of Embeds
146
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

20110918 csseminar smal_privacy

  1. 1. Privacy of profile-based ad targeting Alexander Smal and Ilya Mironov
  2. 2. User-profile targeting <ul><li>Goal: increase impact of your ads by targeting a group potentially interested in your product. </li></ul><ul><li>Examples: </li></ul><ul><ul><li>Social Network </li></ul></ul><ul><ul><li>Profile = user’s personal information + friends </li></ul></ul><ul><ul><li>Search Engine </li></ul></ul><ul><ul><li>Profile = search queries + webpages visited by user </li></ul></ul>Privacy of profile-based targeting
  3. 3. Facebook ad targeting Privacy of profile-based targeting
  4. 4. Characters Privacy of profile-based targeting Advertising company Privacy researcher
  5. 5. Simple attack [Korolova’10] Targeted ad Public: - 32 y.o. single man - Mountain View, CA - …. - has cat Private: - likes fishing Show - 32 y.o. single man - Mountain View, CA … . - has cat - likes fishing Nice! Likes fishing noise Privacy of profile-based targeting Jon Eve Amazing cat food for $0.99! # of impressions Likes fishing
  6. 6. Privacy of profile-based targeting Unless your targeting is not private, it is not! Advertising company Privacy researcher
  7. 7. How to protect information? <ul><li>Basic idea: add some noise </li></ul><ul><ul><li>Explicitly </li></ul></ul><ul><ul><li>Implicit in the data </li></ul></ul><ul><ul><ul><li>noiseless privacy [BBGLT11] </li></ul></ul></ul><ul><ul><ul><li>natural privacy [BD11] </li></ul></ul></ul><ul><li>Two types of explicit noise </li></ul><ul><ul><li>Output perturbation </li></ul></ul><ul><ul><ul><li>Dynamically add noise to answers </li></ul></ul></ul><ul><ul><li>Input perturbation </li></ul></ul><ul><ul><ul><li>Modify the database </li></ul></ul></ul>Privacy of profile-based targeting
  8. 8. Privacy of profile-based targeting Advertising company Privacy researcher
  9. 9. Input perturbation <ul><li>Pro: </li></ul><ul><ul><li>Pan-private (not storing initial data) </li></ul></ul><ul><ul><li>Do it once </li></ul></ul><ul><ul><li>Simpler architecture </li></ul></ul>Privacy of profile-based targeting
  10. 10. Privacy of profile-based targeting Signal is sparse and non-random Advertising company Privacy researcher
  11. 11. Adding noise <ul><li>Two main difficulties in adding noise: </li></ul>Privacy of profile-based targeting <ul><li>Sparse profiles </li></ul><ul><li>Dependent bits </li></ul>differential privacy deniability “ Smart noise” 1 0 0 0 1 0 0 0 1 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 1 0 0 0 1 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 1 0 0 0 0 1 0 0 1 0 0 0 0 1 0 0 0 0 1 1 0 0 0 0 0 0 0 0 1 0 1 1 0 1 0 0 0 0 0 0 0 0 1 0 1 0 1 0 0 0 0 1 0 0 1 1 1 0 1 0 0 0 1 0 0 0 0 0 0 1 1 1 0 0 0 0 0 0 0 1 0 1 0 0 1 1 1 1 0 0 0 0 1 1 0 0 0 0 0 1 1 1 0 0 0 1 0 0 1 0 0 0 1 1 1 1 1 0 1 1 1 0 1 0 0 0 0 0 1 0 0 1 0 1 1 1 1 0 0 0 0 0 1 0 0 0 0 0 1 0 1 1 1 1 1 1 0 0 1 0 1
  12. 12. Privacy of profile-based targeting Signal is sparse and non-random Advertising company Privacy researcher
  13. 13. “ Smart noise” <ul><li>Consider two extreme cases </li></ul><ul><ul><li>All bits are independent </li></ul></ul><ul><ul><li>independent noise </li></ul></ul><ul><ul><li>All bits are correlated with correlation coefficient 1 </li></ul></ul><ul><ul><ul><li>correlated noise </li></ul></ul></ul><ul><li>“ Smart noise” hypothesis: “If we know the exact model we can add right noise” </li></ul>Privacy of profile-based targeting
  14. 14. Dependent bits in real data <ul><li>Netflix prize competition data </li></ul><ul><ul><li>~480k users, ~18k movies, ~100m ratings </li></ul></ul><ul><li>Estimate movie-to-movie correlation </li></ul><ul><ul><li>Fact that a user rated a movie </li></ul></ul><ul><li>Visualize graph of correlations </li></ul><ul><ul><li>Edge – correlation with correlation coefficient > 0.5 </li></ul></ul>Privacy of profile-based targeting
  15. 15. Netflix movie correlations Privacy of profile-based targeting
  16. 16. Privacy of profile-based targeting Let’s construct models where “smart noise” fails Advertising company Privacy researcher
  17. 17. How can “smart noise” fail? Privacy of profile-based targeting large
  18. 18. Models of user profiles Privacy of profile-based targeting <ul><li>Are users well separated? </li></ul>1 0 1 … 0 1 1 1 0 1 … 0 1 0 1
  19. 19. Privacy of profile-based targeting <ul><li>Error-correcting codes </li></ul><ul><li>Constant relative distance </li></ul><ul><li>Unique decoding </li></ul><ul><li>Explicit, efficient </li></ul>
  20. 20. Privacy of profile-based targeting See — unless the noise is >25%, no privacy Let me see what I can do with monotone functions… Advertising company Privacy researcher
  21. 21. Monotone functions Privacy of profile-based targeting
  22. 22. Approximate error-correcting codes Privacy of profile-based targeting blatant non-privacy
  23. 23. Noise sensitivity Privacy of profile-based targeting 1 0 1 … 0 1 1 1 0 1 … 0 1 0 1 1 1 1 … 0 0 1 0 0 0 … 1 1 1 1 1 0 1 … 0 1 1 1 0 1 … 0 1 0 1 1 1 1 … 0 0 1 1 1 1 … 0 0 0 1
  24. 24. Monotone functions Privacy of profile-based targeting
  25. 25. Privacy of profile-based targeting If the model is monotone, blatant non-privacy is still possible Advertising company Privacy researcher
  26. 26. Linear threshold model Privacy of profile-based targeting
  27. 27. Conclusion <ul><li>Two separate issues with input perturbation: </li></ul><ul><ul><li>Sparseness </li></ul></ul><ul><ul><li>Dependencies </li></ul></ul><ul><li>“ Smart noise” hypothesis: </li></ul><ul><ul><li>Even for a publicly known, relatively simple model, constant corruption of profiles may lead to blatant non-privacy. </li></ul></ul><ul><li>Connection between noise sensitivity of boolean functions and privacy </li></ul><ul><li>Open questions: </li></ul><ul><ul><li>Linear threshold privacy-preserving mechanism? </li></ul></ul><ul><ul><li>Existence of interactive privacy-preserving solutions? </li></ul></ul>Privacy of profile-based targeting fallacy
  28. 28. Thank for your attention! <ul><li>Special thanks for Cynthia Dwork, Moises Goldszmidt, Parikshit Gopalan, Frank McSherry, Moni Naor, Kunal Talwar, and Sergey Yekhanin. </li></ul>Privacy of profile-based targeting
  29. 29. Privacy of profile-based targeting

×