Collaborative Research: SaTC: CORE: Medium: Understanding and Combatting Impersonation Attacks and Data Leakage in Online Advertising
University Of Illinois At Chicago, Chicago IL
Investigators
Abstract
Online advertising networks track which websites people visit and what they do on those websites. Ad networks perform such tracking to develop a comprehensive understanding of people's activity across their devices in order to sell advertisements related to those activities. Unfortunately, the way ad networks combine information from different devices into a singular understanding of a given person is insecure and can allow a malicious party on the Internet to learn sensitive information about the user such as what websites they visit, what products they purchased, or what hotels they visited. This project's novel contributions are the identification of this new kind of threat to user privacy, ways of identifying when ad networks track users across their devices, and developing tools to help people understand what information ad networks know and retain about them. The project's broader significance and importance are how it will help protect people's privacy while also educating them on the pervasiveness and specificity of online tracking, allowing them to make more informed decisions about their online activities. Identifying and combating ad network privacy threats requires an investigation of ad networks, web browsers, and measurement methods. This project will improve user privacy via three interconnected investigations. The project will: 1) Define and enumerate a new class of privacy threat stemming from ad networks' efforts to correlate user activity across devices, including systematizing an understanding of this threat's full attack surface and impact on user privacy across the Internet. 2) Develop a suite of robust statistical methods to detect when ad networks link devices together based on observed advertising behaviors that will enable understanding how ad networks track users independent of environment or computing platform. 3) Create a set of tools that will educate and empower users to understand what data and inferences ad networks have made, and if ad networks are respecting data deletion requests. This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.
View original record on NSF Award Search →