When you ask the average ad-averse consumer why he or she uses an ad-blocker, more often than not, the answer is something along the lines of ‘privacy’. And while the online ad industry (including advertisers, agencies, exchanges and publishers) has traditionally argued that tracking makes for better, more personal ads, and assured customers that all data is handled sensitively and routinely ‘anonymised’ to protect our identities, it would seem that our data is really not all that secure.
A study by researchers from the Paul G. Allen School of Computer Science & Engineering, University of Washington based their work on the following question: can third parties use the purchasing of ads to extract information about individuals? And in short, the answer is yes, yes they can. More specifically, the researchers found that regular people (not just merchants and advertising networks) can “exploit the online advertising ecosystem to extract information about other people, such as people that they know or that live nearby.”
As the researchers outline in the paper “Exploring ADINT: Using Ad Targeting for Surveillance on a Budget — or — How Alice Can Buy Ads to Track Bob”, much of the debate around online advertising revolves around the collection of data; in particular user locations and physical interests.
The paper introduces the term ADINT (advertising intelligence) to signify that this practice is similar in nature to intelligence gathering done by governments, and then dives into a thorough case study to determine the actual capabilities of ‘ADINT’, using a DSP. They then used an additional 20 DSPs to more thoroughly compare the capabilities of each.
First, they dove into whether gathering intelligence is even possible in the first place, and whether any information gathered is actually useful (“What types of information can the attacker obtain about targeted individuals using ADINT?”), and finally, they investigated the extent, efficiency, cost and reliability of using ADINT.
Tracking your personal, identifiable location in real-time
Using their example DSP, the researchers tracked the target’s phone identifier by simply making a US$1000 deposit, and learned when the target visited a pre-defined sensitive location within 10 minutes of arrival, if the target uses a certain app at that location – even if only briefly.
The researchers used 10 different apps which allow location-based targeting and had large user bases (between 5 and 100 million).
So we know who you are, and where you are – what other useful info can we unearth?
To make any of this useful in a practical setting, the researchers realised that it would need to be speedy, or as the paper calls it, have “low delay to service.” They found that the gap between an ad being active and getting served to the target was, on average, 2 minutes and 46 seconds. The delay between the ad being active and the report being served on the DSP was only 6 minutes 38 seconds.
They drew the conclusion that “ADINT attacks can be dynamic on a timescale of minutes: new ads, for a new intelligence-gathering campaign, can be active within minutes and the information gained by an ADINT attack can similarly be known within minutes.”
ADINT attacks can be dynamic on a timescale of minutes
Okay, so now we know who and where you are, and all that within a few minutes. But where’s the damaging information part? And how much does it cost? As to the second question, little enough that pretty much anyone can do it.
The study found that ads with a bid of US$0.05 per impression won 90% of auctions and cost no more than US$0.02/impression. The researchers concluded that “this means ADINT ads are reliable because they will be consistently served and they are readily affordable to even low-budget attackers. We use the highest bid (US$0.05/impression) for all subsequent experiments.” What’s more, at the same bid level, the ad was served first (important, in case the target uses the app only briefly) some 79% of the time.
But before we move on to what else we can find out about our target, it should be said that by creating a grid of ads served to different GPS coordinates (serve ad A in location X, then serve ad B in location Y), the attackers could very easily track movement based on which ads were served to the device, in which location (when target moves from location X to location Y, ad A would stop being served and ad B would start). Of course, the wider the net, the higher the cost, but at US$0.05 per impression, the costs are quite manageable, even for a large area.
And here’s where it gets uncomfortable
By tracking the MAID across locations using the aforementioned ad-net, the researchers were able to track the target all across the city, simply connecting the dots where the target opened the app – for example, while at home, on the bus or at the office- and from there extrapolate the target’s home and office locations. They concluded “the attacker using the DSP can purchase passive ads and use those ads to determine the home and office locations, as well as any stops longer than 4 minutes, in the movement of a target.”
Using similar tactics, the attacker could track the target to sensitive locations as well, like “specialised medical centers, religious centers, known activist meeting points, weapons stores and weapons ranges, corporate offices of a business competitor, and so on”, well within 10 minutes of arrival.
And going even further, the researchers were able to see which apps the target used and for how long by simply serving them ads, and checking the report from the DSP. And this can be highly sensitive; for example, the researchers say, apps like pregnancy trackers, depression journals, psychiatric drug conditions, and diabetes trackers can all indicate health conditions; dating apps can indicate relationship or sexual preferences; religious text and prayer apps can indicate religion and devoutness. They acknowledge that serving ads to sensitive websites would work in much the same way.
And you might think that this would be limited to a single DSP, but the study found comparable results with 20 other DSPs.
This study would indicate that ideological vigilantes, criminals such as burglars, stalkers and blackmailers and unscrupulous businesses or employers all have a relatively easy avenue of attack for unsuspecting targets.
And you might think it ends there, but the above can be coupled with interactive ads to open a whole other box of nastiness, from the study:
There is considerable opportunity to couple active ad content with advanced targeting options for increased ADINT capabilities, a potentially rich area of future work.
Black clouds, silver linings
While the old Latin saying ‘opportunity makes a thief’ has a tendency to ring true, there is good news for digital marketers as well. The paper outlines that platforms such as Google and Facebook both have thresholds on how many users can be targeted, going no lower than 20 and 1,000, respectively – effectively rendering the above useless, unless “spoofed or sybil accounts” are used to circumvent these restrictions, adding a layer of complexity to the equation.
The problem inherently lies with unsecured ad exchanges and DSPs that do not have users to protect, and very little business incentive to protect targeted consumers – but marketers and agencies can quite easily provide this incentive by pushing for more ‘ethical’ practices.
Other research has shown that personalised ads are far more effective, and considered less intrusive, than ‘spray-and-pray’ ads, and it’s widely known that marketers need to track data to achieve personalisation. But if that data is easily compromised, it would stand to reason that ad blockers aren’t going anywhere for now – and that creates an unsustainable environment for everyone.
If you would like to (further) dive into the nitty-gritty of the research, you can find the original paper here.