Tech Science Seminar

This week: Giridhari Venkatadri (Northeastern Univ) presents "Privacy Implications of PII-Based Targeted Advertising" "Online social networks have leveraged their detailed user databases to build powerful targeted advertising platforms. These platforms allow increasingly fine-grained targeting of users, driven by the value of such targeting to advertisers. Indeed, as a natural consequence of this, most major advertising platforms now allow advertisers to specify exactly which users they want to target by specifying their PII (e.g., Facebook's Custom Audiences, or Google's Customer Match) ; we call this feature PII-based targeted advertising. In this talk, I will talk about our work on two different privacy implications of PII-based targeting advertising. First, we conduct a first study of PII-based targeting, showing how features that are fundamental to PII-based targeting can lead to serious leaks of PII, for example allowing an attacker to learn a user's entire phone number knowing only their email address, or allowing an attacker to de-anonymize the visitors to his website en-masse; these leaks are demonstrated in the context of Facebook's platform as it is the largest and most mature advertising platform. Second, we use insights from the previous study to propose a novel methodology to study what sources are used by Facebook to obtain PII for its PII-based targeting feature; we show that PII provided for multiple sources is used, including phone numbers provided for security purposes such as two-factor authentication, those provided to the Facebook Messenger app for the purpose of messaging, and those included in friends’ uploaded contact databases. Our work has impacted potentially billions of users (via multiple bug reports to Facebook which were acknowledged and acted upon), and has led to increased awareness among regulators and the public about the privacy implications of PII-based advertising. " See paper on leaks at: https://mislove.org/publications/PII-Oakland.pdf See paper on sources of PII used at: https://mislove.org/publications/PII-PETS.pdf Speaker: Giridhari Venkatadri is a Ph.D. student in computer science, working with Alan Mislove at Northeastern University. His work focuses on the security and privacy implications of social computing systems, and of the advertising platforms offered by these systems.