Abstract |
Digital advertising is a multi-billion dollar business that has the power to fuel the entire
free Internet. The recent years, it progressively moves towards a programmatic model
in which ads are matched to actual interests of individuals collected as they browse
the web. The advertiser pays a monetary cost to buy ad-space in a publisher’s medium
(e.g., website) thus delivering their digital advertisement along with the publisher’s
interesting content in the visitor’s display.
Unlike traditional advertisements in mediums such as newspapers, TV or radio, in the
digital world, the end-users are also paying a cost for the advertisement delivery.
Whilst the cost on the advertiser’s side is clearly monetary, on the end-user, it includes
both quantifiable costs, such as network requests and transferred bytes, and
qualitative costs such as privacy loss to the ad ecosystem. Indeed, as advertisements
become more and more personalized to match the users interests and become as
effective as possible, more personal information about the visiting users is needed.
Motivated by that, tracking companies deploy sophisticated user- tracking
mechanisms retrieving any piece of information can reveal the user’s interests and
preferences.
Such information may include current and historical geolocations, installed apps,
browsing histories, and so forth. All this information is used to form rich user profiles
and large audience segments that can be shared with or sold to anyone interested
(e.g., advertisers, data brokers, data management platforms, etc.) beyond the control
of the users. To conduct such data markets and before performing any background
user database merges, different entities perform synchronisations of the different
userIDs they have set for the same users. This way they reduce the number of the
different “aliases” with which they know a user, increasing this way their capability of
re-identifying users when they erase their browser state (i.e., cookies) or even when
they browse through VPN to preserve their privacy. Besides the continuous growth of digital advertising and its impact on our everyday
lives, little we know about the flow of information within the participating companies
and the interconnections between them. Motivated by that, in this dissertation, we
aim to enhance the transparency in this large ecosystem and investigate the
bidirectional effect between user privacy and programmatic ad-buying. In particular,
we explore the impact of personalized advertising on the users privacy and anonymity
given the elaborate deployed user tracking and personal data collecting techniques.
We experimentally measure the user information leaks appeared while using websites
and mobile apps. Based on the insight gained from these experiments, we design
countermeasures to mitigate the privacy loss.
Towards the opposite direction, we study how these collected user data affect the
pricing dynamics of programmatic ad-auctions and how much advertisers pay to reach
a user. Then, we compare the costs imposed by digital advertising to both users and
advertiser for the very same delivered ad traffic. These costs include network
overhead, temperature, energy consumption, loss of privacy. Finally, in an attempt to
investigate pricacy-preserving alternatives for web monetization that can be
completely detached from any personal data requirement, we perform a detailed
analysis of the profitability and the user-side overheads of the emerging technology
of web cryptomining.
|