Privacy Challenges in Online Targeted Advertising

par Minh-Dung Tran

Thèse de doctorat en Informatique

Sous la direction de Claude Castelluccia et de Mohamed Ali Kaafar.

Le président du jury était Martin Heusse.

Le jury était composé de Mohamed Ali Kaafar, Vincent Toubiana.

Les rapporteurs étaient Paul Francis, Marc-Olivier Killijian.

  • Titre traduit

    Protection de la vie privée dans la publicité ciblée en ligne


  • Résumé

    L'auteur n'a pas fourni de résumé en français.


  • Résumé

    In modern online advertising, advertisers tend to track Internet users' activities and use these tracking data to personalize ads. Even though this practice - known as extit{targeted advertising} - brings economic benefits to advertising companies, it raises serious concerns about potential abuses of users' sensitive data. While such privacy violations, if performed by trackers, are subject to be regulated by laws and audited by privacy watchdogs, the consequences of data leakage from these trackers to other entities are much more difficult to detect and control. Protecting user privacy is not easy since preventing tracking undermines the benefits of targeted advertising and consequently impedes the growth of free content and services on the Internet, which are mainly fostered by advertising revenue. While short-term measures, such as detecting and fixing privacy leakages in current systems, are necessary, there needs to be a long-term approach, such as privacy-by-design ad model, to protect user privacy by prevention rather than cure. In the first part of this thesis, we study several vulnerabilities in current advertising systems that leak user data from advertising companies to external entities. First, since targeted ads are personalized to each user, we present an attack exploiting these ads on the fly to infer user private information that have been used to select ads. Second, we investigate common ad exchange protocols, which allow companies to cooperate in serving ads to users, and show that advertising companies are leaking user private information, such as web browsing history, to multiple parties participating in the protocols. These web browsing histories are given to these entities at surprisingly low prices, reflecting the fact that user privacy is extremely underestimated by the advertising industry.In the second part of the thesis, we propose a privacy-by-design targeted advertising model which allows personalizing ads to users without the necessity of tracking. This model is specifically aimed for the two newly emerging ad technologies - retargeting advertising and ad exchange. We show that this model provides strong protection for user privacy while still ensuring ad targeting performance and being practically deployable.


Il est disponible au sein de la bibliothèque de l'établissement de soutenance.

Consulter en bibliothèque

La version de soutenance existe

Où se trouve cette thèse\u00a0?

  • Bibliothèque : Service Interétablissement de Documentation. LLSH Collections numériques.
  • Bibliothèque : Université Savoie Mont Blanc (Chambéry-Annecy). Service commun de la documentation et des bibliothèques universitaires. Bibliothèque électronique.
  • Bibliothèque : Service interétablissements de Documentation. STM. Collections numériques.
Voir dans le Sudoc, catalogue collectif des bibliothèques de l'enseignement supérieur et de la recherche.