Bloom Cookies: Web Search Personalization without User Tracking

Nitesh Mor

EECS Department
University of California, Berkeley
Technical Report No. UCB/EECS-2015-39
May 1, 2015

http://www2.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-39.pdf

We propose Bloom cookies that encode a user’s profile in a compactand privacy-preserving way, without preventing online services from using it for personalization purposes. The Bloom cookies design is inspired by our analysis of a large set of web search logs that shows drawbacks of two profile obfuscation techniques, namely profile generalization and noise injection, today used by many privacy-preserving personalization systems. We find that profile generalization significantly hurts personalization and fails to protect users from a server linking user sessions over time. Noise injection can address these problems, but only at the cost of a high communication overhead and a noise dictionary generated by a trusted third party. In contrast, Bloom cookies leverage Bloom filters as a privacy-preserving data structure to provide a more convenient privacy, personalization, and network efficiency tradeoff: they provide similar (or better) personalization and privacy than noise injection (and profile generalization), but with an order of magnitude lower communication cost and no noise dictionary. We discuss how Bloom cookies can be used for personalized web search, present an algorithm to automatically configure the noise in Bloom cookies given a user’s privacy and personalization goals, and evaluate their performance compared to the state-of-the-art.

Advisor: John D. Kubiatowicz


BibTeX citation:

@mastersthesis{Mor:EECS-2015-39,
    Author = {Mor, Nitesh},
    Title = {Bloom Cookies: Web Search Personalization without User Tracking},
    School = {EECS Department, University of California, Berkeley},
    Year = {2015},
    Month = {May},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-39.html},
    Number = {UCB/EECS-2015-39},
    Abstract = {We propose Bloom cookies that encode a user’s profile in a compactand privacy-preserving way, without preventing online services from using it for personalization purposes. The Bloom cookies design is inspired by our analysis of a large set of web search logs that shows drawbacks of two profile obfuscation techniques, namely profile generalization and noise injection, today used by many privacy-preserving personalization systems. We find that profile generalization significantly hurts personalization and fails to protect users from a server linking user sessions over time. Noise injection can address these problems, but only at the cost of a high communication overhead and a noise dictionary generated by a trusted third party. In contrast, Bloom cookies leverage Bloom filters as a privacy-preserving data structure to provide a more convenient privacy, personalization, and network efficiency tradeoff: they provide similar (or better) personalization and privacy than noise injection (and profile generalization), but with an order of magnitude lower communication cost and no noise dictionary. We discuss how Bloom cookies can be used for personalized web search, present an algorithm to automatically configure the noise in Bloom cookies given a user’s privacy and personalization goals, and evaluate their performance compared to the state-of-the-art.}
}

EndNote citation:

%0 Thesis
%A Mor, Nitesh
%T Bloom Cookies: Web Search Personalization without User Tracking
%I EECS Department, University of California, Berkeley
%D 2015
%8 May 1
%@ UCB/EECS-2015-39
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/2015/EECS-2015-39.html
%F Mor:EECS-2015-39