Selling Off Privacy at Auction

Real-Time Bidding (RTB) and Cookie Matching (CM) are transforming the advertising landscape to an extremely dynamic market and make targeted advertising considerably permissive. The emergence of these technologies allows companies to exchange user data as a product and therefore raises important concerns from privacy perspectives. In this paper, we perform a privacy analysis of CM and RTB and quantify the leakage of users' browsing histories due to these mechanisms. We study this problem on a corpus of users' Web histories, and show that using these technologies, certain companies can significantly improve their tracking and profiling capabilities. We detect $41$ companies serving ads via RTB and over $125$ using Cookie Matching. We show that $91\%$ of users in our dataset were affected by CM and in certain cases, $27\%$ of users' Web browsing histories could be leaked to 3rd-party companies through RTB. We expose a design characteristic of RTB systems to observe the prices which advertisers pay for serving ads to Web users. We leverage this feature and provide important insights into these prices by analyzing different user profiles and visiting contexts. Our study shows the variation of prices according to context information including visiting site, time and user's physical location. We experimentally confirm that users with known Web browsing history are evaluated higher than new comers, that some user profiles are more valuable than others, and that users' intents, such as looking for a commercial product, are sold at higher prices than users' Web browsing histories. In addition, we show that there is a huge gap between users' perception of the value of their personal information and its actual value on the market. A recent study by Carrascal et al. showed that, on average, users evaluate the price of the disclosure of their presence on a Web site to EUR 7. We show that user's Web browsing history elements are routinely being sold off for less than $\$0.0005$.

Data and Resources

Additional Info

Field Value
Source https://inria.hal.science/hal-00915249
Author Olejnik, Lukasz, Minh-Dung, Tran, Castelluccia, Claude
Maintainer CCSD
Last Updated May 7, 2026, 22:08 (UTC)
Created May 7, 2026, 22:08 (UTC)
Identifier hal-00915249
Language en
Rights https://about.hal.science/hal-authorisation-v1/
contributor Privacy Models, Architectures and Tools for the Information Society (PRIVATICS) ; Centre Inria de l'Université Grenoble Alpes ; Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-CITI Centre of Innovation in Telecommunications and Integration of services (CITI) ; Institut National des Sciences Appliquées de Lyon (INSA Lyon) ; Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National des Sciences Appliquées de Lyon (INSA Lyon) ; Université de Lyon-Institut National des Sciences Appliquées (INSA)-Université de Lyon-Institut National des Sciences Appliquées (INSA)-Centre Inria de Lyon ; Institut National de Recherche en Informatique et en Automatique (Inria)
creator Olejnik, Lukasz
date 2013-12-06T00:00:00
harvest_object_id 51cf42fc-5257-482b-acfe-92f14e7f9eba
harvest_source_id 3374d638-d20b-4672-ba96-a23232d55657
harvest_source_title test moissonnage SELUNE
metadata_modified 2025-10-06T00:00:00
set_spec type:UNDEFINED