In targeted (or behavioral) advertising, users’ behaviors are tracked over time in order to customize served ads to their interests. This creates serious privacy concerns since for the purpose of profiling, private information is collected and centralized by a limited number of companies. Despite claims that this information is secure, there is a potential for this information to be leaked through the customized services these companies are offering. In this paper, we show that targeted ads expose users’ private data not only to ad providers but also to any entity that has access to users’ ads. We propose a methodology to filter targeted ads and infer users’ interests from them. We show that an adversary that has access to only a small number of websites containing Google ads can infer users’ interests with an accuracy of more than 79% (Precision) and reconstruct as much as 58% of a Google Ads profile in general (Recall). This paper is, to our knowledge, the first work that identifies and quantifies information leakage through ads served in targeted advertising.
- Targeted Advertising
- Information leakage