TY - GEN
T1 - A Public and Reproducible Assessment of the Topics API on Real Data
AU - Beugin, Yohan
AU - McDaniel, Patrick
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - The Topics API for the web is Google's privacyenhancing alternative to replace third-party cookies. Results of prior work have led to an ongoing discussion between Google and research communities about the capability of Topics to trade off both utility and privacy. The central point of contention is largely around the realism of the datasets used in these analyses and their reproducibility; researchers using data collected on a small sample of users or generating synthetic datasets, while Google's results are inferred from a private dataset. In this paper, we complement prior research by performing a reproducible assessment of the latest version of the Topics API on the largest and publicly available dataset of real browsing histories. First, we measure how unique and stable real users' interests are over time. Then, we evaluate if Topics can be used to fingerprint the users from these real browsing traces by adapting methodologies from prior privacy studies. Finally, we call on web actors to perform and enable reproducible evaluations by releasing anonymized distributions. We find that 46%, 55%, and 60% of the 1207 users in the dataset are uniquely re-identified across websites after only 1, 2, and 3 observations of their topics by advertisers, respectively. This paper shows on real data that Topics does not provide the same privacy guarantees to all users, further highlighting the need for public and reproducible evaluations of the claims made by new web proposals.
AB - The Topics API for the web is Google's privacyenhancing alternative to replace third-party cookies. Results of prior work have led to an ongoing discussion between Google and research communities about the capability of Topics to trade off both utility and privacy. The central point of contention is largely around the realism of the datasets used in these analyses and their reproducibility; researchers using data collected on a small sample of users or generating synthetic datasets, while Google's results are inferred from a private dataset. In this paper, we complement prior research by performing a reproducible assessment of the latest version of the Topics API on the largest and publicly available dataset of real browsing histories. First, we measure how unique and stable real users' interests are over time. Then, we evaluate if Topics can be used to fingerprint the users from these real browsing traces by adapting methodologies from prior privacy studies. Finally, we call on web actors to perform and enable reproducible evaluations by releasing anonymized distributions. We find that 46%, 55%, and 60% of the 1207 users in the dataset are uniquely re-identified across websites after only 1, 2, and 3 observations of their topics by advertisers, respectively. This paper shows on real data that Topics does not provide the same privacy guarantees to all users, further highlighting the need for public and reproducible evaluations of the claims made by new web proposals.
UR - http://www.scopus.com/inward/record.url?scp=85199199285&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85199199285&partnerID=8YFLogxK
U2 - 10.1109/SPW63631.2024.00005
DO - 10.1109/SPW63631.2024.00005
M3 - Conference contribution
AN - SCOPUS:85199199285
T3 - Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
SP - 1
EP - 8
BT - Proceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
Y2 - 23 May 2024
ER -