Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Evaluating Google's Protected Audience Protocol

Minjun Long, David Evans

TL;DR

This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience (PrAu) proposal (previously known as FLEDGE), which is intended to enable online remarketing without using third-party cookies.

Abstract

While third-party cookies have been a key component of the digital marketing ecosystem for years, they allow users to be tracked across web sites in ways that raise serious privacy concerns. Google has proposed the Privacy Sandbox initiative to enable ad targeting without third-party cookies. While there have been several studies focused on other aspects of this initiative, there has been little analysis to date as to how well the system achieves the intended goal of preventing request linking. This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience (PrAu) proposal (previously known as FLEDGE), which is intended to enable online remarketing without using third-party cookies. We summarize the overall workflow of PrAu and highlight potential privacy risks associated with its proposed design, focusing on scenarios in which adversaries attempt to link requests to different sites to the same user. We show how a realistic adversary would be still able to use the privacy-protected reporting mechanisms to link user requests and conduct mass surveillance, even with correct implementations of all the currently proposed privacy mechanisms.

Evaluating Google's Protected Audience Protocol

TL;DR

This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience (PrAu) proposal (previously known as FLEDGE), which is intended to enable online remarketing without using third-party cookies.

Abstract

While third-party cookies have been a key component of the digital marketing ecosystem for years, they allow users to be tracked across web sites in ways that raise serious privacy concerns. Google has proposed the Privacy Sandbox initiative to enable ad targeting without third-party cookies. While there have been several studies focused on other aspects of this initiative, there has been little analysis to date as to how well the system achieves the intended goal of preventing request linking. This work focuses on analyzing linkage privacy risks for the reporting mechanisms proposed in the Protected Audience (PrAu) proposal (previously known as FLEDGE), which is intended to enable online remarketing without using third-party cookies. We summarize the overall workflow of PrAu and highlight potential privacy risks associated with its proposed design, focusing on scenarios in which adversaries attempt to link requests to different sites to the same user. We show how a realistic adversary would be still able to use the privacy-protected reporting mechanisms to link user requests and conduct mass surveillance, even with correct implementations of all the currently proposed privacy mechanisms.
Paper Structure (24 sections, 1 theorem, 10 equations, 5 figures, 1 table)

This paper contains 24 sections, 1 theorem, 10 equations, 5 figures, 1 table.

Table of Contents

  1. Introduction
  2. The Protected Audience Protocol
  3. Protocol Overview
  4. Attaching an Interest Group
  5. Initiating an Auction
  6. Running the Auction in the Browser
  7. Aggregate Reporting Service
  8. Checking for k-anonymity
  9. Attack Overview
  10. Threat Model
  11. Attack Steps
  12. Attack Feasibility
  13. Data Leakage Analysis
  14. Scenario 1: Linking a Single Targeted User
  15. Scenario 2: Linking One of Many Users
  16. ...and 9 more sections

Key Result

Theorem 4.1

The number of target users is $u$, $n$ is the number of colluding buyers controlled by the secondary site, and $\epsilon$ is the privacy loss parameter. Each $Y_z$ is independently sampled from a Laplace distribution, $\mathit{Laplace}(0, \frac{1}{\epsilon})$. Given an aggregated report consisting o

Figures (5)

  • Figure 1: Protected Audience Protocol. For simplicity, we show a single seller and buyer (who is also the winner of the auction), although there would typically be many buyers and sellers. Dashed lines indicate requests that do not necessarily happen at a particular step in the protocol, and may be interleaved with other request in different ways. The black dashed line for "fetch bidding code" is discussed at the end of \ref{['ss:protocol']}. The black dashed line for "update interest group content" is requested daily, detailed in \ref{['ig']}. The requests to the K-anonymity server are done periodically, details in \ref{['ssec:k-anon']}. The controlled inputs and outputs across worklets are specified in \ref{['fig:auction-process']}.
  • Figure 2: Expected accuracy for predicting the targeted user's presence on the secondary site ($\epsilon = 1$).
  • Figure 3: False positive rate as number of accusations varies. Results for setting where adversary controls 20 buyers to predict 10,000 users' presence on the tracked site out of different candidate pools with the default and a reduced privacy loss budget. Results shown are the average over 5 simulation runs. The variance is shown through the shading around the averaged line, where it ranges from 0 to 0.0001.
  • Figure 4: Using covert channels to reconstruct $UID$ during in-browser auctions. Red text represents the way to extract $UID$ in creative URL. Blue text represents the way to reconstruct $UID$ through bid value and score value.
  • Figure 5: FOT of PrAu with API Calling Sequence among Servers and the Browser. For simplicity, we show a single seller and buyer (who is also the winner of the auction), although there would typically be many buyers and sellers.

Theorems & Definitions (1)

  • Theorem 4.1