This is the summary of an article by David C. Parkes and Nevena Vratonjic, et al. You can get the pdf of the behavioral targeting article here: Security Games in Online Advertising: Can Ads Help Secure the Web?.
Internet Service Providers, or ISPs, are originally made to give users internet access faithfully, without them interfering the data that these users are spreading around. ISPs are designed to follow the Network Neutrality Policy, as they are capable of looking at the online traffic, getting private information from users and creating profiles of their behavior online.
ISPs have been requested to keep track of user activities and be ready to provide them to law enforcement when necessary. They have to spend a lot of money for data storage and implementing new technologies for inspecting packets. The question now is how ISPs can get extra revenue to sustain this responsibility. Well, they can try online advertising, which is the most popular method for earning money in the Internet and is the most successful one as well. ISPs also hold user information which is very high in commercial value. ISPs can earn through cooperative means by selling user profiles to ad networks, or through non-cooperative means by putting up the ads themselves or replacing ads that are existing with their own ads.
Online Advertising Systems
Advertisers employ the aid of ad networks, also known as ad servers, who are responsible for putting up ads in web pages. If someone wants to have ads on his websites, he also contacts an ad network for that service. Now, if a user visits a certain website which is prescribed to the services of an ad network, the ad network will put up ads that are most relevant to the interests of the user, so that he will be most likely to click on that ad. A user that clicks an ad will be linked to the website of the advertiser, then the advertiser will pay the ad network for a click conversion, and a portion of that wil go to the web site for hosting the ad.
Threats and Countermeasures
An Internet Service Provider’s nominal mode is defined as when the ISP only forwards traffic for users. But with ISPs ability to profile the online behavior of their subsribers and to observe traffic, they can get a rich amount of private data from its users, which will be very useful for ad networks. Sure, they can do that as well, but ISPs can do it so much better, and a cooperative mode may ensue between the ad server and the ISP. A non-cooperative mode, on the other hand, can even give more revenue for the ISP, with techniques such as showing altered ads to users, modifying the DNS traffic of users, so that the revenue which was supposed to go to the ad network now goes to the ISP.
Now this won’t turn out well for the ad server, so it will have to do something to prevent the exploits of the non-cooperative ISP. It can deploy https instead of http, which will encrypt the data and reduce the private data that can get to the ISPs. However, most websites don’t want HTTPS because that means buying an expensive authentication certificate, so Ad servers might have to cover expenses themselves if they want that to happen.
A website that is associated with the ISP and the ad network will worry about losing ad revenue if the ISP is non-cooperative, replacing ad network hosted ads with ISP ads. What the website can do is deploy HTTPS, which is expensive, but if the ad network sponsors the payment, the website’s revenue will be maximized, and the ad server secures the website.
To analyze the relationship between the ISP and the ad network, this study uses game-theorteic model. The ISP first decides whether it will be cooperative or non-cooperative with the ad network. There are six possible actions between the ISP and AS, namely, Divert, Cooperate for ISP, Abstain for ISP, Abstain for AS, Cooperate for AS, and Secure. Details of each is discussed in the link above.
The game is multi-stage, finite and dynamic, and there is complete and perfect information between the ISP and the ad network. The game models behaviors that can be seen in practice. Furthermore, this model considers ads that are generated in one website and clicked by the subscribers of ISPs, but a generalization involving multiple websites is also considered.
Summary of Analysis
The game outcome between ISP and ad network is found to be dependent on the value of the private information of users and the revenue share that ISPs get from ad networks. If the ad network uses private information successfully, so that highly targeted ads are made, then ISPs tend to be cooperative. Otherwise, ISPs become non-cooperative, and they divert a small portion of the clicks from ad networks, which doesn’t hurt the latter. But if ISPs act all greedy and divert a huge portion of the clicks, ad networks will secure the websites with the highest volumes of web page clicks through HTTPS. Therefore, ISPs would tend not to divert high volume of clicks.