CSE 599B: Technology-Enabled Misinformation Franziska (Franzi) - - PowerPoint PPT Presentation

cse 599b technology enabled misinformation
SMART_READER_LITE
LIVE PREVIEW

CSE 599B: Technology-Enabled Misinformation Franziska (Franzi) - - PowerPoint PPT Presentation

May 20, 2023 222 likes •449 views

CSE 599B: Technology-Enabled Misinformation Franziska (Franzi) Roesner franzi@cs.washington.edu Fall 2018 Third-Party Tracking Trackers included in other sites use third-party cookies containing unique identifiers to create browsing profiles.

slide-1
SLIDE 1

CSE 599B: Technology-Enabled Misinformation

Franziska (Franzi) Roesner

franzi@cs.washington.edu Fall 2018

slide-2
SLIDE 2

Third-Party Tracking

Trackers included in other sites use third-party cookies containing unique identifiers to create browsing profiles.

10/2/2018 Franziska Roesner 2

criteo.com

cookie: id=789

user 789: theonion.com, cnn.com, adult-site.com, …

cookie: id=789

slide-3
SLIDE 3

Browser Fingerprinting Techniques

Fall 2018 CSE 599B 3

https://panopticlick.eff.org/

slide-4
SLIDE 4

Tracking and Targeted Advertising

Ad Exchange (e.g., Doubleclick) The Onion Advertiser (e.g., Criteo) Advertiser Advertiser

ConPro 2018 Franziska Roesner 4

slide-5
SLIDE 5

Tracking and Targeted Advertising

Ad Exchange (e.g., Doubleclick) CNN Advertiser (e.g., Criteo) Advertiser Advertiser

ConPro 2018 Franziska Roesner 5

slide-6
SLIDE 6

The Web of the Past

Time travel for web tracking: http://trackingexcavator.cs.washington.edu

Lerner et al., USENIX Security 2016

slide-7
SLIDE 7

1996-2016: More & More Tracking

More trackers of more types

Lerner et al., USENIX Security 2016

slide-8
SLIDE 8

1996-2016: More & More Tracking

More trackers of more types, more per site

Lerner et al., USENIX Security 2016

slide-9
SLIDE 9

1996-2016: More & More Tracking

More trackers of more types, more per site, more coverage

Lerner et al., USENIX Security 2016

slide-10
SLIDE 10

XRay: Inferring Behavior-Ad Correlations

Fall 2018 CSE 599B 10

Lecuyer et al., USENIX Security 2014

slide-11
SLIDE 11

Fall 2018 CSE 599B 11

slide-12
SLIDE 12

Fall 2018 CSE 599B 12

slide-13
SLIDE 13

Targeted Advertising Ecosystem

Ad Exchange (e.g., Doubleclick) The Onion Advertiser (e.g., Criteo) Advertiser Advertiser Ad Purchaser

ConPro 2018 Franziska Roesner 13

slide-14
SLIDE 14

Ad Targeting as an Oracle

How old is alice@gmail.com? Target these ads:

Email=alice@gmail.com AND Age=18 … Email=alice@gmail.com AND Age=35 Email=alice@gmail.com AND Age=36 …

Which one was served?

ConPro 2018 Franziska Roesner 14

Vines et al., WPES 2017

slide-15
SLIDE 15

Case Study with Mobile Ads

Survey of demand-side providers (DSP), chose one for case study Case study threat model:

  • Target
  • Uses a mobile app

to which the DSP serves ads

  • Adversary:
  • Access to DSP ($1000)
  • Knows target’s Mobile Advertising ID (MAID)
  • E.g., by sniffing network traffic, target clicked on ad in the past, or via exploit

ConPro 2018 Franziska Roesner 15

Vines et al., WPES 2017

slide-16
SLIDE 16

Sample Attack #1: Location Tracking

Goal: Track user, determine frequently visited or sensitive locations Method:

  • Create grid of location ads
  • Observe which are served and when

ConPro 2018 Franziska Roesner 16

Vines et al., WPES 2017

slide-17
SLIDE 17

Sample Attack #2: Apps of Interest

Goal: Identify use of specific apps Sensitive apps:

  • Dating
  • Torrenting
  • Health
  • Religion

ConPro 2018 Franziska Roesner 17

Vines et al., WPES 2017

slide-18
SLIDE 18

Fall 2018 CSE 599B 18

slide-19
SLIDE 19

Fall 2018 CSE 599B 19

slide-20
SLIDE 20

Fall 2018 CSE 599B 20

slide-21
SLIDE 21

Fall 2018 CSE 599B 21