A Public and Reproducible Assessment of the Topics API on Real Data

Yohan Beugin, Patrick McDaniel

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

The Topics API for the web is Google's privacyenhancing alternative to replace third-party cookies. Results of prior work have led to an ongoing discussion between Google and research communities about the capability of Topics to trade off both utility and privacy. The central point of contention is largely around the realism of the datasets used in these analyses and their reproducibility; researchers using data collected on a small sample of users or generating synthetic datasets, while Google's results are inferred from a private dataset. In this paper, we complement prior research by performing a reproducible assessment of the latest version of the Topics API on the largest and publicly available dataset of real browsing histories. First, we measure how unique and stable real users' interests are over time. Then, we evaluate if Topics can be used to fingerprint the users from these real browsing traces by adapting methodologies from prior privacy studies. Finally, we call on web actors to perform and enable reproducible evaluations by releasing anonymized distributions. We find that 46%, 55%, and 60% of the 1207 users in the dataset are uniquely re-identified across websites after only 1, 2, and 3 observations of their topics by advertisers, respectively. This paper shows on real data that Topics does not provide the same privacy guarantees to all users, further highlighting the need for public and reproducible evaluations of the claims made by new web proposals.

Original languageEnglish (US)
Title of host publicationProceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages1-8
Number of pages8
ISBN (Electronic)9798350354874
DOIs
StatePublished - 2024
Event45th IEEE Symposium on Security and Privacy Workshops, SPW 2024 - San Francisco, United States
Duration: May 23 2024 → …

Publication series

NameProceedings - 45th IEEE Symposium on Security and Privacy Workshops, SPW 2024

Conference

Conference45th IEEE Symposium on Security and Privacy Workshops, SPW 2024
Country/TerritoryUnited States
CitySan Francisco
Period5/23/24 → …

All Science Journal Classification (ASJC) codes

  • Communication
  • Artificial Intelligence
  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Cite this