In this work, we model the end-to-end pipeline of the advertising ecosystem, allowing us to identify two main issues with the current trajectory of private advertising proposals. First, prior work has largely considered ad targeting and engagement metrics individually rather than in composition. This has resulted in privacy notions that, while reasonable for each protocol in isolation, fail to compose to a natural notion of privacy for the ecosystem as a whole, permitting advertisers to extract new information about the audience of their advertisements. The second issue serves to explain the first: we prove that \textit{perfect} privacy is impossible for any, even minimally, useful advertising ecosystem, due to the advertisers' expectation of conducting market research on the results. Having demonstrated that leakage is inherent in advertising, we re-examine what privacy could realistically mean in advertising, building on the well-established notion of \textit{sensitive} data in a specific context. We identify that fundamentally new approaches are needed when designing privacy-preserving advertising subsystems in order to ensure that the privacy properties of the end-to-end advertising system are well aligned with people's privacy desires.

翻译：在本研究中，我们对广告生态系统的端到端流程进行建模，从而识别出当前私有广告提案发展轨迹中的两个主要问题。首先，先前的研究大多单独考虑广告定向与互动指标，而未将其作为组合系统进行分析。这导致提出的隐私概念虽然对每个独立协议而言是合理的，却无法组合成适用于整个生态系统的自然隐私定义，使得广告主能够从其广告受众中提取新的信息。第二个问题解释了第一个问题的成因：我们证明任何（即使是最低限度）有用的广告生态系统都无法实现完全隐私，因为广告主期望对广告效果进行市场调研。在论证了信息泄露是广告系统固有属性的基础上，我们基于特定语境中已确立的敏感数据概念，重新审视广告领域中实际可行的隐私定义。研究发现，在设计隐私保护广告子系统时，需要采用根本性的新方法，以确保端到端广告系统的隐私属性与用户的隐私期望保持高度一致。