A. Contribution

  1. Problem addressed by the paper

Preserving privacy while maintaining personalization result on web search.

  1. Solution proposed in the paper. Why is it better than previous work?

Obfuscating user profile using bloom filter and bloom cookies. Previous works consider generalization and noise addition. Generalization usually has disadvantage of personalization loss. Noise addition usually has disadvantage of higher communication cost and needs trusted noise dictionary.

  1. The major results.

Tested on small dataset (1,300 users) with excellent trade off over previous methods.

Personalization Loss Linkable Users
Generalization 24 % 44.1 %
Noise Addition 1.1 % 20.0 %
Bloom Cookies 3.3 % 2.3 %


B. Basic idea and approach. How does the solution work?

Obfuscating user profile while maintaining enough information for personalization result. It is done by creating bloom filter and bloom cookies which is a space efficient data structure for set-membership queries.


C. Strengths

  1. Excellent trade off with low personalization loss and low user linkability.

D. Weaknesses

  1. There are still false positives possibility that might cause inconvenience to the user since it might not display part of the result that the user wants.
  2. Attacker can still narrow user target by other means, such as: filtering by geolocation and filtering by language.
  3. Attacker can narrow user by tracking across services. Linkability will be made easier by combining it with tracking across many services such as Facebook, Twitter, and email.
  4. Distinct users may still be linkable because their profiles are still unique after being obfuscated.
  5. It may not work well across all search engine platforms. Each search engine platform may have their own personalization result algorithm. Although all search engine platform may implement this bloom cookies method.

E. Future work, Open issues, possible improvements

  1. It should check for longer period of online activities.