[Cryptography] Comey: targeted ads => plaintext access

[Henry Baker]

At 04:21 PM 9/18/2015, Ray Dillinger wrote:
>Doubts about whether ad brokers would voluntarily co-operate aside,
>I'm interested in the mechanics of a protocol to do this.  It may
>have other applications where the motives of the participants align
>- such as matching up people with aligned interests while maintaining
>some degree of privacy for them greater than simply advertising those
>interests publicly.
>
>So how does the protocol puzzle work out if we want to target ads
>based on the contents of encrypted emails without having the ad
>broker have access to the plaintexts or know who is getting which ad?

I'd be interested in how such a protocol would work, as well.

I assume that the user will be required to run some Javascript
function f(x) that Google gives him.  The user executes f(M),
where M is the message, or executes f(w), for all words w in M.

However, why should the user trust Google's f(x) not to simply
send every w back to Google in the clear?

I'm guessing that a protocol where no one trusts one another
might be pretty difficult to arrange.

We already have malicious ads that will attempt to subvert
the Google-equivalent, the user, and/or other advertisers.

There are some Google-equivalents -- e.g., ATT, Comcast --
that run MITM attacks on their users all the time.

And then there are the watchers, who are looking at all of
the message traffic.  They would be happy to get the info
they're looking for from the ads; they currently utilize
user tracking cookies placed there by the ad folks for
their purposes already.

So arranging a private, safe & secure protocol amongst
all of these players is a pretty tall order.

I guess we'll have to call this the (anti?)Comey problem,
in honor of Mr. Comey.