[Cryptography] Comey: targeted ads => plaintext access

Benjamin Kreuter brk7bx at virginia.edu
Wed Sep 16 08:31:29 EDT 2015

On Tue, 2015-09-15 at 21:41 -0700, Henry Baker wrote:
> Hmmm...  I'm interested in learning more about how this ad scheme
> might work.
> Nevertheless, if some questionable people were talking about fertilizers
> in their emails, and they started getting ads from fertilizer companies,
> it might not matter very much if anything else from the emails was
> leaked!

The point is that nobody would know who was receiving fertilizer ads, or
since I prefer non-terrorist examples, let's go with gay nightclub ads.
As a simple example, suppose that ad targeting algorithms are not secret
and that billing is not an issue.  Then you could have each user locally
determine which ad matches the plaintext and use a private information
retrieval protocol to fetch that ad.

Of course, billing is an issue and targeting algorithms are proprietary,
so you need something better.  Imagine that there are two email users.
The two users and the broker will use a 3-party computation protocol to
both target ads and compute billing information (i.e. which advertiser
needs to pay the broker).  The broker will learn some aggregate
information e.g. that between the two users one of them saw a gay
nightclub ad, but nothing more, and the users will not know how ads are
actually targeted (other than the number of computation steps involved).
You could do the same for any number of users -- assuming the users are
willing to check their mail synchronously (though you might restrict
this to "users that happen to be logged in" or something like that).

As I said, it is all theoretical right now.  Implementing such a
protocol in practice, in a way that makes economic sense, is still a
long way off.  There are also certain assumptions hiding in all this,
like that the ad broker is not engaged in a "sibyl attack."  Again, the
point is that in theory end-to-end encryption is not incompatible with
targeted ads.

-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150916/75a29a3e/attachment.sig>

More information about the cryptography mailing list