Graduate School and Research Center in Digital Sciences

Privacy risks with Facebook's PII-based targeting: Auditing a data broker's advertising interface

Venkatadri, Giridhari; Liu, Yabing; Andreou, Athanasios; Goga, Oana; Loiseau, Patrick; Mislove, Alan; Gummadi, Krishna P

S&P 2018, IEEE Symposium on Security and Privacy, 20-24 May 2018, San Francisco, CA, USA

Sites like Facebook and Google now serve as de facto data brokers, aggregating data on users for the purpose of implementing powerful advertising platforms. Historically, these services allowed advertisers to select which users see their ads via targeting attributes. Recently, most advertising platforms have begun allowing advertisers to target users directly by uploading the personal information of the users who they wish to advertise to (e.g., their names, email addresses, phone numbers, etc.); these services are often known as custom audiences. Custom audiences effectively represent powerful linking mechanisms, allowing advertisers to leverage any PII (e.g., from customer data, public records, etc.) to target users. In this paper, we focus on Facebook's custom audience implementation and demonstrate attacks that allow an adversary to exploit the interface to infer users' PII as well as to infer their activity. Specifically, we show how the adversary can infer users' full phone numbers knowing just their email address, determine whether a particular user visited a website, and de-anonymize all the visitors to a website by inferring their phone numbers en masse. These attacks can be conducted without any interaction with the victim(s), cannot be detected by the victim(s), and do not require the adversary to spend money or actually place an ad. We propose a simple and effective fix to the attacks based on reworking the way Facebook de-duplicates uploaded information. Facebook's security team acknowledged the vulnerability and has put into place a fix that is a variant of the fix we propose. Overall, our results indicate that advertising platforms need to carefully consider the privacy implications of their interfaces. 

Document Doi Hal Bibtex

Title:Privacy risks with Facebook's PII-based targeting: Auditing a data broker's advertising interface
City:San Francisco
Department:Data Science
Eurecom ref:5420
Copyright: © 2018 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
Bibtex: @inproceedings{EURECOM+5420, doi = {}, year = {2018}, title = {{P}rivacy risks with {F}acebook's {PII}-based targeting: {A}uditing a data broker's advertising interface}, author = {{V}enkatadri, {G}iridhari and {L}iu, {Y}abing and {A}ndreou, {A}thanasios and {G}oga, {O}ana and {L}oiseau, {P}atrick and {M}islove, {A}lan and {G}ummadi, {K}rishna {P}}, booktitle = {{S}\&{P} 2018, {IEEE} {S}ymposium on {S}ecurity and {P}rivacy, 20-24 {M}ay 2018, {S}an {F}rancisco, {CA}, {USA}}, address = {{S}an {F}rancisco, {UNITED} {STATES}}, month = {05}, url = {} }
See also: