[Cryptography] Comey: targeted ads => plaintext access

Devin Reade gdr at gno.org
Sat Sep 19 13:34:21 EDT 2015

> On Sep 18, 2015, at 17:21, Ray Dillinger <bear at sonic.net> wrote:
> Doubts about whether ad brokers would voluntarily co-operate aside,
> I'm interested in the mechanics of a protocol to do this.  It may
> have other applications where the motives of the participants align
> - such as matching up people with aligned interests while maintaining
> some degree of privacy for them greater than simply advertising those
> interests publicly.

Not for web browsers or email, but for a related technology that tries to do this have a look at the Technology link at <http://www.invidi.com>.

Stakeholders are:

1. The user who has no control over the set top box innards
2. The vendor which provides the software
3. The broker (such as a cable company) which owns the hardware and sells advertising slots to the advertisers
4. The advertiser

The key pieces are:

1. Detailed info about the user's viewing habits doesn't leave the set top box. The broker controls when the firmware gets loaded, but can't modify the firmware without reverse engineering things
2. Boxes report what ads they played but not why
3. The broker and the advertiser only ever see anonymous aggregate data (the broker has no visibility into the vendor's server software, either). Billing to the advertiser is based on this data. 
4. The vendor has no access to the production system; there's no "phone home"
5. The vendor prohibits both the broker and the advertiser (through technical means) the ability to target a set of criteria that would result in too few households in a particular "bucket", in an attempt to keep individual targeting criteria from being derived. 

No, it's not foolproof. Everything is proprietary and you're assuming good faith on the part o

More information about the cryptography mailing list