[Cryptography] Comey: targeted ads => plaintext access

Natanael natanael.l at gmail.com
Sat Sep 19 04:54:17 EDT 2015

- Sent from my tablet
Den 19 sep 2015 08:02 skrev "Henry Baker" <hbaker1 at pipeline.com>:
> At 04:21 PM 9/18/2015, Ray Dillinger wrote:
> >Doubts about whether ad brokers would voluntarily co-operate aside,
> >I'm interested in the mechanics of a protocol to do this.  It may
> >have other applications where the motives of the participants align
> >- such as matching up people with aligned interests while maintaining
> >some degree of privacy for them greater than simply advertising those
> >interests publicly.
> >
> >So how does the protocol puzzle work out if we want to target ads
> >based on the contents of encrypted emails without having the ad
> >broker have access to the plaintexts or know who is getting which ad?
> I'd be interested in how such a protocol would work, as well.
> I assume that the user will be required to run some Javascript
> function f(x) that Google gives him.  The user executes f(M),
> where M is the message, or executes f(w), for all words w in M.
> However, why should the user trust Google's f(x) not to simply
> send every w back to Google in the clear?
> I'm guessing that a protocol where no one trusts one another
> might be pretty difficult to arrange.
> We already have malicious ads that will attempt to subvert
> the Google-equivalent, the user, and/or other advertisers.
> There are some Google-equivalents -- e.g., ATT, Comcast --
> that run MITM attacks on their users all the time.
> And then there are the watchers, who are looking at all of
> the message traffic.  They would be happy to get the info
> they're looking for from the ads; they currently utilize
> user tracking cookies placed there by the ad folks for
> their purposes already.
> So arranging a private, safe & secure protocol amongst
> all of these players is a pretty tall order.
> I guess we'll have to call this the (anti?)Comey problem,
> in honor of Mr. Comey.

Private Information Retrieval algorithms? Multiparty Computation protocols?

Fetching over Tor / I2P / VPN?

Browser plugin that looks for "advertisement box tags" and fetch the json
configuration files to see what keywords should have it make anonymous
requests for what, to display rendered above the page such that the page
javascript can't figure out what ad is displayed?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150919/1c775b9f/attachment.html>

More information about the cryptography mailing list