tl;dr → Tadayoshi et al. are virtuosos at these performance art happenings. Catchy hook, cool marketing name (ADINT) and press outreach frontrunning the actual conference venue. For the wuffie and the lulz. Nice demo tho.
and → They bought geofence campaigns in a grid. They used close-the-loop analytics to identify the sojourn trail of the target.
and → dont’ use Grindr.
The online advertising ecosystem is built upon the ability of advertising networks to know properties about users (e.g., their interests or physical locations) and deliver targeted ads based on those properties. Much of the privacy debate around online advertising has focused on the harvesting of these properties by the advertising networks. In this work, we explore the following question: can third-parties use the purchasing of ads to extract private information about individuals? We find that the answer is yes. For example, in a case study with an archetypal advertising network, we find that — for $1000 USD — we can track the location of individuals who are using apps served by that advertising network, as well as infer whether they are using potentially sensitive applications (e.g., certain religious or sexuality-related apps). We also conduct a broad survey of other ad networks and assess their risks to similar attacks. We then step back and explore the implications of our findings.
not to fight with big DSPs;
the picked the weaker ones to highlight.
Gunes Acar, Christian Eubank, Steven Englehardt, Marc Juarez, Arvind Narayanan, Claudia Diaz. 2014. The Web Never Forgets: Persistent Tracking Mechanisms in the Wild. In Proceedings of the ACM Conference on Computer and Communications Security.
Rebecca Balebako, Pedro Leon, Richard Shay, Blase Ur, Yang Wang, L Cranor. 2012. Measuring the effectiveness of privacy tools for limiting behavioral advertising. In Web 2.0 Security and Privacy.
Giuseppe Cattaneo, Giancarlo De Maio, Pompeo Faruolo, Umberto Ferraro Petrillo. 2013. A review of security attacks on the GSM standard. In Information and Communication Technology-EurAsia Conference. Springer, pages 507–512.
Robert M Clark. 2013. Perspectives on Intelligence Collection. In The intelligencer, a Journal of US Intelligence Studies 20, 2, pages 47–53.
David Cole. 2014. We kill people based on metadata. In The New York Review of Books
Jonathan Crussell, Ryan Stevens, Hao Chen. 2014. Madfraud: Investigating ad fraud in android applications. In Proceedings of the 12th Annual International Conference on Mobile Systems, Applications, and Services. ACM, pages 123–134.
Steven Englehardt and Arvind Narayanan. 2016. Online tracking: A 1-million-site measurement and analysis. In Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. ACM, pages 1388–1401.
Aleksandra Korolova. 2010. Privacy violations using microtargeted ads: A case study. In Proceedings of the 2010 IEEE International Conference on IEEE Data Mining Workshops (ICDMW), pages 474–482.
Zhou Li, Kehuan Zhang, Yinglian Xie, Fang Yu, XiaoFeng Wang. 2012. Knowing your enemy: understanding and detecting malicious web advertising. In Proceedings of the 2012 ACM conference on Computer and Communications Security. ACM, pages 674–686.
Franziska Roesner, Tadayoshi Kohno, David Wetherall. 2012. Detecting and Defending Against Third-Party Tracking on the Web. In Proceedings of the USENIX Symposium on Networked Systems Design and Implementation (NSDI).
Sooel Son, Daehyeok Kim, Vitaly Shmatikov. 2016. What mobile ads know about mobile users. In Proceedings of the 23rd Annual Network and Distributed System Security Symposium (NDSS).
Ryan Stevens, Clint Gibler, Jon Crussell, Jeremy Erickson, Hao Chen. 2012. Investigating user privacy in android ad libraries. In Proceedings of the Workshop on Mobile Security Technologies<e/m> (MoST).
Craig E. Wills and Can Tatar. 2012. Understanding what they do with what they know. In Proceedings of the ACM Workshop on Privacy in the Electronic Society (WPES).
Tom Yeh, Tsung-Hsiang Chang, Robert C Miller. 2009. Sikuli: using GUI screenshots for search and automation. In Proceedings of the 22nd annual ACM Symposium on User Interface Software and Technology. ACM, pages 183–192.
Apostolis Zarras, Alexandros Kapravelos, Gianluca Stringhini, Thorsten Holz, Christopher Kruegel, Giovanni Vigna. 2014. The dark alleys of madison avenue: Understanding malicious advertisements. In Proceedings of the 2014 Conference on Internet Measurement Conference
Tiliang Zhang, Hua Zhang, Fei Gao. 2013. A Malicious Advertising Detection Scheme Based on the Depth of URL Strategy. In Proceedings of the 2013 Sixth International Symposium on Computational Intelligence and Design (ISCID), Vol. 2. IEEE, pages 57–60.
Peter Thomas Zimmerman. 2015. Measuring privacy, security, and censorship through the utilization of online advertising exchanges. Technical Report. Tech. rep., Princeton University.
The Suitcase Words
Mobile Advertising ID (MAID)
Demand-Side Platform (DSP)
Supply-Side Platform (SSP)
Global Positioning System (GPS)
Google Play Store (GPS)
Google Advertising Identifier (GAID)
Google Play Services Advertising Identifier (GAID)
Exchange Bidding in Dynamic Allocation (EBDA), Google
The Rubicon Project
a header tag, compatible with most wrappers, no proprietary wrapper, only Prebid.js
a header tag, compatible with most wrappers, a proprietary wrapper
a header tag that, compatible with many (not ‘most’) wrappers, a proprietary wrapper
a header, compatible with many (not ‘most’) wrappers, a proprietary wrapper (that is better than OpenX’s which is not enterprise grade)
a header tag, compatible with many (not ‘most)’ wrappers, a proprietary wrapper.
Digital Content Next
Something about a transparent marketplace.
Something about another supply network
trade press in Digiday
No header bidding, yet.
Mobile equals Adware (“in app”)
but Apps don’t have “browsers.”
but App browsers don’t have “pages” with “headers.”
though Apps have SDKs (libraries).
RTL acquires SpotX
<quote>One could argue video is the perfect storm for header bidding, limited quality supply & maximum demand, the ideal conditions for a unified auction…</quote>
The industry is currently debating the pros & cons of running header bidding either client or server side (A lot boils down to latency V audience match rates)
Google offer their own version of header bidding, this is referred to as EBDA (Exchange Bidding in Dynamic Allocation) and is available to DFP customers.
Facebook recently entered header bidding by launching a header tag that enables publishers to capture FAN demand via header bidding on their mobile traffic.
Criteo entered header bidding by offering publishers their header tag (AKA Direct Bidder) that effectively delivers Criteos unique demand into the publisher’s header auction, at a 1st rather than cleared 2nd price.
Amazon have launched a server to server header bidding offering for publishers that delivers unique demand and the ability to manage other S2S demand partners for the publisher.
<quote>senior AdTech big wigs</quote>
programmatic auction process
1st v 2nd price
2nd price was for waterfall
1st price will be for unified (header bidding)
General Data Protection Regulation’ (GDPR)
Consent must be collected.
Will make 2nd party data marketplaces economical.
The salubrious effect.
Publishers have a Direct Relationship with consumers.
this is argued as being “better.”
collect holistic consent
<quote>one unified [process] of consumer [outreach] rather than one for every vendor</quote>
individual vendor consent
<quote>for every cookie or device ID that flows through the OpenRTB pipes we have spent the last 10 years laying.</quote>
Viewability & Brand Safety
Moat was sold to Oracle for reported number of $800M.
PE Firm Providence Equity bought a % of Double Verify giving them a reported value of $300M.
Integral Ad Science remains independent, for now
Telcos have what everybody in AdTech wants:
privacy compliant data
1st party data.
Telcos want what AdTech & publishing companies have:
programmatic sell and buy side tools
content creation functions
distribution at scale.
diversification of revenues
Verizon buys AOL & Yahoo to form Oath, a publisher, a DSP, a DMP.
Telenor buys TapAd, a cross-device DMP-type-thing
Altice buys Teads, a streaming video vendor)
Singtel buys Turn, a DSP
AT&T needs a line in this list; might want to buy Time Warner which is a movie studio, media holding copmany, a cable operator, an old owner of AOL.
Raised $18.75M, Series A. Why?
Raised $20M, through Series B, Why?
Data Management Platform (DMP)
Not a pure-play business.
A division, not a business.
An interface, not a division.
Everyone wants to own one.
Should DMP’s also be in the media buying business?
What are DMP’s doing to stay relevant for a world without cookies?
Do DMP’s plan to build or buy device graph features / functions?
For platforms that process & model a lot of 1st, 2nd & 3rd party data, how will they be affected by the pending GDPR?
Adobe bought Tube Mogul, a video DSP, for $540M (based on information & belief).
Oracle bought Moat, a verification feature, for $800M
Oracle bought Crosswise, a cross-device database, for <unstated/>
Salesforce bought Krux, a DMP, FOR $700M
Lotame remains independent, for now
ID Consortium’s & Cross-Device Players
Probabilistic “won’t work”
<quote>The GDPR may make it very difficult for a number of probabilistic methods to be applied to digital ID management.</quote>
They … <quote>are using their own proprietary cross-screen deterministic token / people based ID that in many cases only works within their O&O environments.</quote>
Is desired. <quote>CMO’s & agencies in the future will not be requesting a cleaner supply chain, but a universal ID (or ID clearing house) that will enable them to manage reach, frequency & attribution across all of the partners they buy from.</quote>
<quote>This technology solution creates an anonymous user token, which is propagated by and between its members in lieu of billions of proprietary pixels and trackers on Web pages.</quote>
Claim: “Many” leading AdTech companies are already working with the DigiTrust team. [Which?]
Jeff Warren, vice president of mobile and online partner marketing
Uses Drawbridge Inc.
<quote>which uses a “triangulation” method to try to figure out when a mobile user is the same person as a desktop user.</quote>
<quote>Drawbridge sends cookies to desktop and mobile browsers to track the ads being requested by the devices. If the patterns show enough in common—using the same Internet address at similar times, for instance—the company figures there is a good chance they are from one anonymous user.</quote>
Advertising Identifier (IDFA)
Paul Gelb, “head” of strategy.
Gokul Rajaram, product director for ads.
Mobile was 23% of Facebook revenue 2012-Q4.
Mobile was 0% of Facebook revenue 2012-Q2.
target ad bids by multiple locations and specific days and times of the week all within one campaign.
Not clear why G. is mentioned in the article on “device graph” & “triangulation”
Are Traasdahl, CEO.
Imputes purchasing intent to view & visitation behavior.