Privacy Risks with Facebook's PII-Based Targeting

Explore the privacy risks associated with Facebook's PII-based targeting in this IEEE Symposium on Security & Privacy conference talk. Delve into the vulnerabilities of custom audience implementations, focusing on how adversaries can exploit these interfaces to infer users' personal information and online activity. Learn about attacks that allow inferring full phone numbers from email addresses, determining website visits, and de-anonymizing website visitors en masse. Understand the implications of these attacks, which can be conducted without victim interaction or detection. Examine the proposed fix for these vulnerabilities and Facebook's response to the security concerns. Gain insights into the broader privacy implications for advertising platforms and the need for careful consideration of interface designs to protect user data.

Introduction
Why is this important
How does it work
Why we are concerned
Outline
Audience
Size Estimates
Deduplication
Phone Numbers
Size estimate obfuscation
Deduplication of PA
Facebooks response
Conclusion