Technology for privacy: protecting against online tracking and profiling Rob van Eijk PhD Candidate, Leiden University CPDP 2018, Petite Halle 24-01-2018 | 08h45-10h00 Leiden University Elaw - Centre for Law and Digital Technologies, Leiden Law School Dual PhD Centre, Faculty of Governance and Global Affairs 1 Electronic copy available at: https://ssrn.com/abstract=3106582
Acknowledgements I would like to thank prof.dr. H. Jaap van den Herik, dr. Mark Dechesne, mr. Udo Oelen for their support and inspiration. 2 Electronic copy available at: https://ssrn.com/abstract=3106582
Overview Three key questions ● What are the main techniques for modern tracking in online and mobile environments? → Real-time bidding (RTB) systems (6 slides) ● How does cross-app and cross-device tracking work? → Cross-device tracking: KLM Use case (1 slide) ● How can privacy by design support against tracking? → Data leakage reduction (5 slides) 3
Theoretical view of RTB systems 4
Demand Side Platform (DSP) ● A DSP enables it’s network partners to bid for ad slots. ● Media buyers and advertisers bid on criteria such as, – geolocation, – gender, – browsing history. ● A DSP specializes in running an advertising campaign on different websites while targeted at the intended audience at the right time. 5
Sell Side Platform (SSP) ● A SSP enables publishers to auction their ad slots to all media buyers and advertisers. ● A SSP specializes in matching advertisers with the SSP’s publisher network. 6
Data Management Platform (DMP) ● A DMP enables DSPs and SSPs to zoom in on their audience. ● A DMP specializes in customer data. ● For a DSP having access to customer data means that it puts them in a better position to (re)target the right user on the right website. ● For a SSP having access to customer data means that it puts them in a better position to personalize the content on their website offered to users. 7
Empirical view of RTB systems (1) Top 50 edges per EU country 8
Empirical view of RTB systems (2) 9
Cross-device tracking: KLM use case Source: https://www.thinkwithgoogle.com/_qs/images/9qiwi6Ktm4_uKM8jHHxMnzdeKVA=/17842/width-1000/klm_chartv32.jpg 10
Data leakage reduction Browsers offer already some control over the integrity of the device. Four examples : ● Blocking third-party HTTP cookies ● Content Security Policies ● Algorithmic tracking protection (Apple’s ITP, plug-ins) ● Do Not Track ( DNT) Consent API & Notifications API 11
Blocking third-party HTTP cookies Entropy versus counting third-party cookies Asghari, Van Eijk, Englehardt, Narayanan, and Winter (2016) 12 Spearman’s correlation coefficient = 0.95758713547808916, Pvalue = 0.0
Content Security Policies 13 Source: https://www.axe.com/de/inspiration/haar/so-foehnst-du-dir-die-haare.html
Algorithmic tracking protection e g a p k b r e o w w t e n - d a o t k get n l i s n i a t n o c consent s t display n e s n o c k s a page prompt grant/refuse user consent Publisher Publisher Browser Browser 14 14 14 Toubiana and van Eijk (2017)
DNT Consent API & Notifications API e g a p k b r e o get w w t e n - d a o t k n consent l i display s n i a t n o c s t n page e s n o c k s a prompt grant/refuse user consent Publisher Publisher Browser Browser 15 15 15 Toubiana and van Eijk (2017)
Recommend
More recommend
