Ever find yourself scrolling through a website and seeing an advertisement that’s a little too well-targeted? You know, as if the advertiser knew you recently twisted your ankle and need to buy some sturdier shoes?
Columbia University researchers are working on XRay, a tool to help innocent Internet users make sense of those ads that stalk us, sometimes in ways that are worse than creepy.
Climbing In Your Inbox, Snatching Your Searches Up
As most people know by now, your personal data is the price you pay for “free” services such as Facebook and Google. When it comes to targeted ads, Google bots scan Gmail accounts looking for keywords to then serve up tailored marketing. Facebook does the same thing with “likes,” status updates and other info.
How that information is analyzed to create personalized Internet advertising is the mystery the Columbia University researchers want to help solve with XRay, the Web transparency tool they’re currently working on.
XRay, still in development, “detects targeting through input/output correlation.” An Internet user’s “inputs”—email, searches, etc.—are compared to “outputs,” or ads that user is shown. As you can probably guess, most of the ads were largely predictable. If “shoes” shows up in an email you’ve sent, you’ll likely see an advertisement for a shoe sale at a department store.
Targeting, however, doesn’t stop at shoes. In developing XRay, researchers also found invasive ads targeting sensitive topics in user emails, including depression and pregnancy. What’s more, targeting based off such health-related keywords is potentially dangerous. For instance, one test showed that inputs containing the word “depression” would deliver ads for questionable quackery such as shamanic healing.
XRay also demonstrated the danger for consumers when companies misuse such keyword targeting:
Imagine an insurance company wanting to learn about pre-existing conditions of its customers before signing them up. The company could create two ad campaigns, one targeting cancer and the other youth, and assign different URLs to each campaign. It could then offer higher premium quotes to users coming in from the cancer-related ads to discourage them from signing up while offering lower premium quotes to people coming in from the youth-related ads.
XRay is still a prototype. Researchers tested it with Gmail to predict ads based off of email correspondence, and YouTube and Amazon video and purchasing suggestions based on previously viewed items. When widely available, XRay is expected to work across multiple platforms. In initial testing, XRay accurately predicted the types of ads that will be displayed in the future with 80 to 90% accuracy.
XRay’s code will be open source, and eventually this tool will be available to everyone with an Internet connection. Such insight could help the average Internet user better understand how companies use their data. It might also help privacy watchdogs call out malicious advertisers who abuse keyword targeting.
The team will release its research paper this week at USENIX Security 2014, a top security conference in San Diego, Calif. XRay is supported by the National Science Foundation, DARPA, Google and Microsoft.
Lead image by Asja Boroš