PrivateFetch: Scalable Catalog Delivery in Privacy-Preserving Advertising

Muhammad Haris Mughees (University of Illinois Urbana-Champaign), Gonçalo Pestana (Brave Software), Alex Davidson (Brave Software), Benjamin Livshits (Brave Software, Imperial College London) | Cryptography

A privacy-oriented recalibration of the Internet (e.g., by removing traditional tracking vectors like third-party cookies) is likely to drive a commodification of Internet assets, content, and infrastructure. As a result, users are expected to have to cover the revenue shortfalls themselves.

In order to preserve the possibility of an Internet that is free at the point of use, attention is turning to new solutions that would allow targeted advertisement delivery based on behavioral information such as user preferences, without compromising user privacy. Recently, explorations in devising such systems either take approaches that rely on semantic guarantees like 𝑘-anonymity — which can be easily subverted when combining with alternative information, and do not take into account the possibility that even knowledge of such clusters is privacy invasive in themselves. Other approaches provide full privacy by moving all data and processing logic to clients — but which is prohibitively expensive for both clients and servers.

In this work, we devise a new framework called PrivateFetch for building practical ad-delivery pipelines that rely on cryptographic hardness and best-case privacy, rather than syntactic privacy guarantees or reliance on real-world anonymization tools. PrivateFetch utilizes local computation of preferences followed by high-performance single-server private information retrieval (PIR) to ensure that clients can pre-fetch ad content from servers, without revealing any of their inherent characteristics to the content provider. When considering an database of > 1, 000, 000 ads, we show that we can deliver 30 ads to a client in 40 seconds, with total communication costs of 192KB. We also demonstrate the feasibility of PrivateFetch by showing that the monetary cost of running it is less than 1% of average ad revenue. As such, our system is capable of pre-fetching ads for clients based on behavioral and contextual user information, before displaying them during a typical browsing session.

In addition, while we test PrivateFetch as a private addelivery, the generality of our approach means that it could also be used for asynchronous and private fetching of other content types with minimal changes to the protocol flow.

View paper

Links

Ready to Brave the new internet?

Brave is built by a team of privacy focused, performance oriented pioneers of the web. Help us fix browsing together.

close
close

Almost there…

You’re just 60 seconds away from the best privacy online

If your download didn’t start automatically, .

  1. Download Brave

    Click “Save” in the window that pops up, and wait for the download to complete.

    Wait for the download to complete (you may need to click “Save” in a window that pops up).

  2. Run the installer

    Click the downloaded file at the bottom left of your screen, and follow the instructions to install Brave.

    Click the downloaded file at the top right of your screen, and follow the instructions to install Brave.

    Click the downloaded file, and follow the instructions to install Brave.

  3. Import settings

    During setup, import bookmarks, extensions, & passwords from your old browser.

Need help?

Get better privacy. Everywhere!

Download Brave mobile for privacy on the go.

Download QR code
Brave logo Click this file to install Brave
Click this file to install Brave Brave logo