A Microsoft Research paper considers serving web-ads from your own computer
Thu 11 Jun 2015
In 2014 PageFair and Adobe released a report [PDF] estimating the number of users blocking ads in their internet-browsing sessions to stand at approximately 144 million, or 4.9% of all end-users – a significant rise from a ‘mere’ 21 million adblocking users in 2010.
Ad-blocking works because ads in web-pages are served from a different domain – servers owned by the likes of AdTech and DoubleClick, among others – than the rest of the content in the page. If the ads were hosted on the same site that you were viewing them on, the ad-blocker could not work nearly so easily, since it cannot exclude the host site without making the entire site unavailable. Any intra-site blocks would have to rely on ad companies using uniform and predictable naming conventions for their content.
Hosting commercial campaigns on web sites that seek to profit from those campaigns has always been an unlikely prospect for a number of reasons. In the first place it would be very difficult [PDF] for an ad-serving company to traverse native prohibitions on cross-domain content in order to present ad content from server B (the ad server) as if it were hosted on server A (the page that the end-user is viewing).
Yet genuinely hosting ad-serving content on the desired website is a rigid and unworkable solution, since the mechanisms that supply metrics, feedback and statistics will all be missing initially, and their addition, even if feasible, would be likely to compromise the speed and security of the host site. Additionally there is relatively little scope for ‘ad churn’ without placing a large quantity of campaigns directly in the directories of the host web site.
Really, advertisers have likely often thought, the best place to run the ads from would be the user’s own computer.
The less scrupulous do this already – Google estimates that 1 in 25 ad views in web pages are in fact already served from the user’s SuperFish-infected computer. Nor do you need to be selling ‘performance remedies’ or similar web flotsam to resort to such nefarious means. Major Chinese tech manufacturer Lenovo took the shilling – and a subsequent public roasting – for installing local ad-servers on their laptops; and the likes of Oracle, Adobe, BitTorrent and FileZilla are among the vast numbers of software developers that caused public ire by ‘bundling’ unwelcome installers, such as the Ask toolbar (now officially classed as ‘malware’ by Microsoft) with their own installers.
So it is with some interest that I came across today some research by Saikat Guha, a partner at Microsoft Research, which investigates the feasibility of running web ads from localhost – from the user’s own computer. The paper [PDF], entitled Serving Ads from localhost for Performance, Privacy, and Profit, proposes disseminating the software package ‘through adware-style software bundling, shopping discounts, toolbars or other incentives’.
The theoretical system is called ‘Privad’, and the paper sets it out with noble and enabling aims for the end-user, such as removing the need for the user to set ‘Do Not Track’ or other often-obscure privacy options in their browser. The system posits the mediation of an approved and trusted authority such as the Electronic Frontier Foundation or the American Civil Liberties Union as the ‘dealer’ between what the publishers want to show the user and the privacy of the end-user.
‘The dealer serves two roles. For the user the dealer ensures anonymity by hiding the user’s identity (e.g. IP address) from the broker, but itself does not learn any profile information about the user since all messages between the client and broker are encrypted,’
At this stage the end-user has already installed the software and is now seeing ads that are served from his or her own machine inserted into ‘placeholders’ in web pages. Many of the ads that the user will see later may have been waiting, saved on their machine, for some time:
‘Deciding what ads to show, as well as serving the ads is performed purely locally by the user’s computer. This is made possible by pushing (many or all) ads to users in advance. Reports about which ads are viewed or clicked are transmitted in such a way that user privacy is preserved while still allowing the advertising network to detect and defend against click-fraud,’
The ads are targeted at the user by local definitions rather than by tracking data provided via transactions that occur when the user interacts with web pages, or by cookies, HTML storage or any of the other traditional methods that flare up in contention so often when the subject is discussed on the web.
The team behind the research conducted a month-long study of the interaction of 130,000 ads on Google’s ad network, with 31,000 subjects via PlanetLab, a global proxy server instituted by Princeton University in 2003, and now a test-bed for researchers to analyse online behaviour on a per-country basis.
At one stage the project considered the use of Tor in a distribution model for the ads that would be silently saved over to the user’s computer:
‘One option that we considered, but ultimately rejected, was using a Tor-like model […] for privacy- preserving ad dissemination. In such a model the encryption cost would be borne out by the Tor exit- node (i.e. distributed across clients). Our problem with Tor, aside from the added complexity, is that it is of single-purpose use in Privad; it can be used for preserving privacy in ad dissemination, but cannot be used for private ad reporting since the exit-node can- not help defend against click-fraud,’
The balance between the project’s commercial and ethical ambit is accurately reflected in the paper’s title, but at several points the text becomes semi-apologetic, when returning to the subject of getting the system onto the user’s computer in the first place:
‘The user deployment for Privad is, admittedly, adware. The historical failure of adware is not due to its showing ads per se: Google and others have proven that ad-based businesses are viable…The key to Privad deployment is avoiding all the pitfalls of adware. Privad ads can be placed where they already exist—in banner ad boxes on web sites. The user won’t notice any difference in the browsing experience. The fact that relatively few users install ad blockers supports the supposition that most users are ok with existing ads,’
It has been observed that this paper is from 2009, before its originator joined Microsoft. At the ‘research’ link above (which was present in the original article), you can find an advanced version of the same paper [PDF], with additional details of new research, under the new name ‘Privad: Practical Privacy in Online Advertising’. This paper was presented at the Proceedings of the 8th Symposium on Networked Systems Design and Implementation (NSDI), Boston, MA in March 2011. There the author credits himself as belonging to ‘Microsoft Research India’, and provides an @microsoft.com email address.