Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Cookie Monster: Efficient On-device Budgeting for Differentially-Private Ad-Measurement Systems

Pierre Tholoniat, Kelly Kostopoulou, Peter McNeely, Prabhpreet Singh Sodhi, Anirudh Varanasi, Benjamin Case, Asaf Cidon, Roxana Geambasu, Mathias Lécuyer

TL;DR

This paper analyzes designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component, called Cookie Monster, which enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately.

Abstract

With the impending removal of third-party cookies from major browsers and the introduction of new privacy-preserving advertising APIs, the research community has a timely opportunity to assist industry in qualitatively improving the Web's privacy. This paper discusses our efforts, within a W3C community group, to enhance existing privacy-preserving advertising measurement APIs. We analyze designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component. Our approach, called Cookie Monster, enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately. By framing the privacy guarantee in terms of an individual form of DP, we can make DP budgeting more efficient than in current systems that use a traditional DP definition. We incorporate Cookie Monster into Chrome and evaluate it on microbenchmarks and advertising datasets. Across workloads, Cookie Monster significantly outperforms baselines in enabling more advertising measurements under comparable DP protection.

Cookie Monster: Efficient On-device Budgeting for Differentially-Private Ad-Measurement Systems

TL;DR

This paper analyzes designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component, called Cookie Monster, which enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately.

Abstract

With the impending removal of third-party cookies from major browsers and the introduction of new privacy-preserving advertising APIs, the research community has a timely opportunity to assist industry in qualitatively improving the Web's privacy. This paper discusses our efforts, within a W3C community group, to enhance existing privacy-preserving advertising measurement APIs. We analyze designs from Google, Apple, Meta and Mozilla, and augment them with a more rigorous and efficient differential privacy (DP) budgeting component. Our approach, called Cookie Monster, enforces well-defined DP guarantees and enables advertisers to conduct more private measurement queries accurately. By framing the privacy guarantee in terms of an individual form of DP, we can make DP budgeting more efficient than in current systems that use a traditional DP definition. We incorporate Cookie Monster into Chrome and evaluate it on microbenchmarks and advertising datasets. Across workloads, Cookie Monster significantly outperforms baselines in enabling more advertising measurements under comparable DP protection.
Paper Structure (39 sections, 18 theorems, 56 equations, 7 figures, 3 algorithms)

This paper contains 39 sections, 18 theorems, 56 equations, 7 figures, 3 algorithms.

Table of Contents

  1. Introduction
  2. Review of Ad-Measurement APIs
  3. Example Scenario
  4. Ad-Measurement Systems
  5. Improvement Opportunity
  6. Cookie Monster Overview
  7. Architecture
  8. Execution Example
  9. Algorithm
  10. Bias Implications of IDP
  11. Formal Modeling and Analysis
  12. Formal System Model
  13. Data Model
  14. Query Model
  15. Instantiation in Example Scenario
  16. ...and 24 more sections

Key Result

Theorem 1

Fix a set of public events $P \subset \mathcal{I} \cup \mathcal{C}$, and budget capacities $(\epsilon^G_d)_{d \in \mathcal{D}}$. Case 1: If all the queries use attribution functions $A$ satisfying $\forall i, \forall F, \ A(F_1,\hbox{...},F_{i-1},F_i \cap P,F_{i+1}, \hbox{...}, F_k) = A(F_1,\hbox{.

Figures (7)

  • Figure 1: Privacy loss dashboard. Screenshot from our Chrome implementation of Cookie Monster (minimally edited for visibility).
  • Figure 2: Architectures of ad-measurement systems. Common structure, with a key difference in where attribution and DP budgeting occur: off-device (IPA) vs. on-device (ARA, PAM, Hybrid).
  • Figure 3: Cookie Monster architecture and example execution (red overlay). §\ref{['sec:architecture']} describes the architecture and §\ref{['sec:execution-example']} the example execution. Notation: $@e_1:I_1$ indicates that Ann's device receives an impression $I_1$ of a Nike shoe ad from nytimes.com in epoch $e_1$. Red dotted arrows show the attribution function's search for impressions over epochs $e_1-e_4$.
  • Figure 4: Budget consumption on the microbenchmark. (a) and (b) show average and maximum budget consumption across all device-epochs, respectively, as a function of the fraction of users that participate per query (knob1); value of knob2 is constant 0.1. (c) and (d) show the same metrics as a function of user impressions per day (knob2); value of knob1 is constant 0.1.
  • Figure 5: Budget consumption and query accuracy on the PATCG dataset. (a) Average budget consumption across all device-epochs as a function of the number of queries submitted by the advertiser. (b) CDF of RMSRE with a 7-day epoch. (c) RMSRE median (horizontal lines), first and third quartiles (boxes), and max/min (top/bottom range markers) as epoch length increases.
  • ...and 2 more figures

Theorems & Definitions (33)

  • Theorem 1: Individual DP guarantee
  • Theorem 2: Unlinkability guarantee
  • Theorem 3: Global sensitivity of reports and queries
  • Theorem 4: Individual sensitivity of reports and queries
  • Theorem 5: IDP of Alg. \ref{['alg:inner_privacy_game']} when removing $x$
  • proof
  • Theorem 6: IDP of Alg. \ref{['alg:outer_privacy_game']} when replacing $x_0$ by $x_1$ for fixed public information
  • proof
  • Theorem 7: Tighter Thm. \ref{['thm:general_replace_guarantee']} with constraint on queries
  • proof
  • ...and 23 more