Skip to main content
Privacy Sandstorm
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Privacy Sandstorm
  2. /
  3. Privacy Sandbox Proposals
  4. /
  5. Topics API
  6. /
  7. PETS 2023 Paper
Edit page

PETS 2023 Paper

Note
A journal version of this work was published in ACM Transactions on the Web in 2024.

Title: On the Robustness of Topics API to a Re-Identification Attack

Authors: Nikhil Jha (Politecnico di Torino), Martino Trevisan (Università degli Studi di Trieste), Emilio Leonardi (Politecnico di Torino), Marco Mellia (Politecnico di Torino)

Abstract/Summary: Web tracking through third-party cookies is considered a threat to users’ privacy and is supposed to be abandoned in the near future. Recently, Google proposed the Topics API framework as a privacy-friendly alternative for behavioural advertising. Using this approach, the browser builds a user profile based on navigation history, which advertisers can access. The Topics API has the possibility of becoming the new standard for behavioural advertising, thus it is necessary to fully understand its operation and find possible limitations. This paper evaluates the robustness of the Topics API to a re-identification attack where an attacker reconstructs the user profile by accumulating user’s exposed topics over time to later re-identify the same user on a different website. Using real traffic traces and realistic population models, we find that the Topics API mitigates but cannot prevent re-identification to take place, as there is a sizeable chance that a user’s profile is unique within a website’s audience. Consequently, the probability of correct re-identification can reach 15-17%, considering a pool of 1,000 users. We offer the code and data we use in this work to stimulate further studies and the tuning of the Topic API parameters.

Other: Artifact link

gdoc_arrow_left_alt Google 2023 Paper Apple 2023 Analysis gdoc_arrow_right_alt