Lukasz Olejnik

Introduction

How much are we worth? While browsing the Web, you are being evaluated in real time by complex analysis systems. The advertisers decide on your value and then bid for your private data accordingly and display advertisements on the sites you visit. In this work we show how this is possible and who is doing it. We also show how much are we worth in eyes of advertisers. Even if you think that your browsing history is priceless or worth $10,000, this is not the case.

Sophisticated systems are deployed to track and monitor Web users and complex profiling methods are in place. RTB is a novel medium of ultra-fast (in the orders of tens of milliseconds) selling of advertising spaces. RTB is similar to High Frequency Trading where the acquired goods are advertising space and users' private data.

(UPDATE: You can actually see your value on this site: Your Value, with the use of this tool (Firefox and Chrome). All data are real and supplied by RTB bidders, depending on your profile ).

It is first important to introduce two concepts: Cookie Matching and Real-Time Bidding.

Real-Time Bidding

Real-Time Bidding (RTB) is a technology allowing advertisers to decide on displaying ads in real time. They do it by participating in RTB auctions. It is important to note that what is being sold on the RTB market, is advertising spaces. However, another commodity are users' and their private data. The auction takes less than 100 ms and is a direct counterpart of High-Frequency Trading. Real-Time Bidding is the High-Frequency Trading in the advertising world where what is traded are Internet users. For more information about RTB, please see here, while a more technical description of RTB can be found here.

Cookie Matching

Cookie Matching enables matching of profiles of the same users, maintained in databases of two unrelated advertisers. For example AppNexus might know that a user has visited two sites such as foxnews.com and cnn.com. Doubleclick can know that this user has visited pets.com and pinknews.co.uk. AppNexus might want to match these two profiles by leveraging Cookie Matching. After execution of this protocol the profile in AppNexus's database is significantly enhanced. For a more technical description of Cookie Matching, please see here.

Now we can discuss how Real-Time Bidding really works.

RTB Workflow

Whenever a user visits a publisher's Web site (e.g. cnn.com), RTB system (such as Doubleclick's; in the figure below RTB system is denoted as an Ad Exchange) holds an auction. RTB system sends bid requests to the bidders. These bid requests contain a number of data related to the user visiting the site. For example the address of visiting site can be included, and therefore passed to the bidders. Another interesting information included in the bid request is the RTB's cookie or cookie id of the visiting user.

Bidders (such as AppNexus, Turn or Doubleclick) bid in the auction: they submit the monetary amounts they are willing to pay for this user's visit. The winner can present his advertisement (or resell it to other bidders via their own auctions). It is interesting to note that the bidders who did not win still obtain information on the user (for example, sites he visited). However, the winning bidder can initiate a Cookie Matching protocol and match the cookies related to this user with a cookie (or a cookie id) as seen by the RTB; Real-Time Bidding tied with Cookie Matching forms a very effective profiling platform where 3rd-party advertisers are no longer required to place their tracking scripts directly on the publisher's sites. After displaying of an advertisement, a bidder can potentially combine his previous knowledge on this user obtained from past bid requests he saved to enhance his profiling capabilities.

RTB system employs a concept of price notification, which is aimed to inform the winning bidder that he has indeed won and the monetary number they will pay. This snippet usually is in an encrypted form. So for example if AppNexus wins an auction held by Doubleclick, the user's browser makes a HTTP request for the ad and the encrypted price notification is included in this request.

However, an information leak exists, which allows the discovery of the real-time prices paid for the advertisements displayed to the users. Consequently, this is also the lower bound on the value of private data (visited sites constitute a Browsing History). We expose this cleartext price notification leak. The leak results from a fact that certain Ad Exchanges do not encrypt price notifications but bidders use unified information systems to accept price notifications in any format. We leverage this information channel and establish the true value of private data as seen by the advertisers. Moreover, we highlight evidence of price discrimination on the Web. Profiles of different users experience advertisements with difference prices. Users in different countries are also affected by this phenomenon, with money paid for users in USA higher than in Europe. In fact, RTB is so dynamic that prices are being issued on the basis of multitude of information: time of day, user's physical location and user's past browsing history.

We highlight that Ad auctions are responsible for the leakage of users' Web Browsing Histories and users are not aware of this fact.

The involved parties and exchanged communication can be summarized by the sketch below:

Price of Privacy

Since we all live in a market economy, we reasoned that users' private data are worth as much as someone is willing to pay for them . Using the cleartext price notification leak, we studied the price of private data (Web Browsing History) from the advertisers' perspectives. During the analysis we detected that prices paid by advertisers depend not only on the users' profiles (sites they visited previously) but also on other factors. User's physical location, accessed site and its content, time of day -- all this contributes to the price derivation.

Past-visited sites influence the prices: certain sites are more valuable than others and significantly affect the users' profiles in advertisers' systems. The most dramatic difference is made by the so-called retargeting ads. Retargeting ads can be often seen after browsing for a specific product on certain sites (such as, for example, Amazon). In several cases the prices for retargeted ads were significantly (2-3x) greater than the generic ones.

Sites we visit also affect prices. For example news sites such as Fox News yield greater prices than, say, tnawrestling.com. In fact, the sites content is very important in pricing the user's visiting the Web. If the user browses sites related to Sports, chances are the prices are far lower than for example in the case of Shopping sites.

We detected that the user's physical location plays an important role: the users in USA are priced higher than ($0.00069), for example, the ones located in Europe ($0.00036).

The Gist: your data sold in less than 100 ms, for less then $0.0005

The full paper can be found here: Selling Off Privacy at Auction (PDF). Key points are highlighted below.

lukasz
Tweet