Collaborative Research: SaTC: CORE: Medium: Understanding and Combatting Impersonation Attacks and Data Leakage in Online Advertising

协作研究：SaTC：核心：媒介：理解和打击在线广告中的冒充攻击和数据泄露

• 批准号: 2247516
• 负责人: Damon McCoy
• 金额: $ 40万
• 依托单位: New York University
• 依托单位国家: 美国
• 项目类别: Continuing Grant
• 财政年份: 2023
• 资助国家: 美国
• 起止时间: 2023-07-01 至 2027-06-30
• 项目状态: 未结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=2247516&HistoricalAwards=false
• 关键词: Collaborative; Research; SaTC; CORE; Medium

Online advertising networks track which websites people visit and what they do on those websites. Ad networks perform such tracking to develop a comprehensive understanding of people's activity across their devices in order to sell advertisements related to those activities. Unfortunately, the way ad networks combine information from different devices into a singular understanding of a given person is insecure and can allow a malicious party on the Internet to learn sensitive information about the user such as what websites they visit, what products they purchased, or what hotels they visited. This project's novel contributions are the identification of this new kind of threat to user privacy, ways of identifying when ad networks track users across their devices, and developing tools to help people understand what information ad networks know and retain about them. The project's broader significance and importance are how it will help protect people's privacy while also educating them on the pervasiveness and specificity of online tracking, allowing them to make more informed decisions about their online activities.Identifying and combating ad network privacy threats requires an investigation of ad networks, web browsers, and measurement methods. This project will improve user privacy via three interconnected investigations. The project will: 1) Define and enumerate a new class of privacy threat stemming from ad networks' efforts to correlate user activity across devices, including systematizing an understanding of this threat's full attack surface and impact on user privacy across the Internet. 2) Develop a suite of robust statistical methods to detect when ad networks link devices together based on observed advertising behaviors that will enable understanding how ad networks track users independent of environment or computing platform. 3) Create a set of tools that will educate and empower users to understand what data and inferences ad networks have made, and if ad networks are respecting data deletion requests.This award reflects NSF's statutory mission and has been deemed worthy of support through evaluation using the Foundation's intellectual merit and broader impacts review criteria.

在线广告网络跟踪人们访问哪些网站以及他们在这些网站上做了什么。广告网络执行此类跟踪是为了全面了解人们在其设备上的活动，以便销售与这些活动相关的广告。 不幸的是，广告网络将来自不同设备的信息组合成对特定人的单一理解的方式是不安全的，并且可能允许互联网上的恶意方了解有关用户的敏感信息，例如他们访问了哪些网站、他们购买了哪些产品或他们参观了哪些酒店。该项目的新颖贡献是识别这种对用户隐私的新型威胁，识别广告网络何时跨设备跟踪用户的方法，以及开发工具来帮助人们了解广告网络了解并保留他们的哪些信息。 该项目更广泛的意义和重要性在于它将如何帮助保护人们的隐私，同时让他们了解在线跟踪的普遍性和特殊性，使他们能够对其在线活动做出更明智的决策。识别和打击广告网络隐私威胁需要进行调查广告网络、网络浏览器和测量方法。该项目将通过三项相互关联的调查来改善用户隐私。该项目将： 1) 定义并列举一类新的隐私威胁，这些威胁源于广告网络将跨设备的用户活动关联起来的努力，包括系统化地了解这种威胁的完整攻击面以及对整个互联网用户隐私的影响。 2) 开发一套强大的统计方法，根据观察到的广告行为来检测广告网络何时将设备链接在一起，这将有助于了解广告网络如何独立于环境或计算平台来跟踪用户。 3) 创建一套工具，教育用户并使用户能够了解广告网络所做的数据和推论，以及广告网络是否尊重数据删除请求。该奖项反映了 NSF 的法定使命，并通过评估被认为值得支持基金会的智力价值和更广泛的影响审查标准。