New Tool Expands Tracking of Personal Data on the Web

Columbia Researchers Present “Sunlight” at Computer Security Conference 

A second-generation tool called Sunlight is intended to bring greater transparency to the Web. (Tumblr)

Navigating the Web gets easier by the day as corporate monitoring of our emails and browsing habits fine-tune the algorithms that serve us personalized ads and recommendations. But convenience comes at a cost. In the wrong hands, our personal information can be used against us, to discriminate on housing and health insurance, and overcharge on goods and services, among other risks.

“The Web is like the Wild West,” says Roxana Geambasu, a computer scientist at Columbia Engineering and the Data Science Institute. “There’s no oversight of how our data are being collected, exchanged and used.”

With computer scientists, Augustin Chaintreau and Daniel Hsu, and graduate students Mathias Lecuyer, Riley Spahn and Yannis Spiliopoulos, Geambasu has designed a second-generation tool for bringing transparency to the Web. It’s called Sunlight and builds on its predecessor, XRay, which linked ads shown to Gmail users with text in their emails, and recommendations on Amazon and YouTube with their shopping and viewing patterns. The researchers will present the new tool and a related study on Oct. 14 in Denver, at the Association for Computing Machinery’s annual conference on security.

Sunlight works at a wider scale than XRay, and more accurately matches user-tailored ads and recommendations to tidbits of information supplied by users, the researchers say. Prior researchers have traced specific ads, product recommendations and prices to specific inputs like location, search terms and gender, one by one. One tool, AdFisher, received attention earlier this year after showing that fake Web users thought to be male job seekers were more likely than female job seekers to be shown ads for executive jobs when later visiting a news site.

Sunlight, by contrast, is the first to analyze numerous inputs and outputs together to form hypotheses that are tested on a separate dataset carved out from the original. At the end, each hypothesis, and its linked input and output, is rated for statistical confidence. “We’re trying to strike a balance between statistical confidence and scale so that we can start to see what’s happening across the Web as a whole,” said Hsu.

Columbia researchers found evidence that some Gmail ads appeared to contradict Google’s ban on using sensitive information in targeted ads. (Courtesy of the researchers)

The researchers set up 119 Gmail accounts, and over a month last fall sent 300 messages with sensitive words in the subject line and body of the email. About 15 percent of the ads that followed appeared to be targeted; some seemed to contradict Google’s policy to not target ads based “on race, religion, sexual orientation, health or sensitive financial categories,” the researchers said. For example, words typed into the subject line of a message-- “unemployed,” “depressed,” and “Jewish,” were found to trigger ads for “easy auto financing,” a service to find “cheating spouses,” and a “free ancestor” search, respectively.

The researchers also set up fake browsing profiles and surfed the 40 most popular sites on the Web to see what ads popped up. They found that just 5 percent of the ads appeared to be targeted, but some seemed to violate Google’s advertising ban on products and services facilitating drug use, they said. For example, a visit to “” triggered an ad for bongs at AquaLab Technologies, researchers said. Interestingly, the algorithms also seemed to pick up on the political leanings of popular news sites, pitching Israeli bonds to Fox News readers, and an anti-Tea Party candidate to Huffington Post readers.

The researchers caution against inferring that Google and other companies are intentionally using sensitive information to target ads and recommendations. The flow of personal data on the Web has become so complex, they said, that companies themselves may not know how targeting is taking place.

On Nov. 10, 2014, Google abruptly shut down Gmail ads – the last day that Geambasu and her colleagues were able to collect data. The ads appear to have been replaced by so-called organic ads displayed in the promotions tab. Sunlight has the ability to detect targeting in those ads, too, said Geambasu, but the researchers haven't yet given that a try.

Sunlight’s intended audience is regulators, consumer watchdogs and journalists who could use the tool to explore how personal information is being used and decide where closer investigation is needed, the researchers said. “In many ways the Web has been a force for good, but there needs to be accountability if it’s going to remain that way,” said Chaintreau.

Others working to untangle how personal data is being used across the Internet called Sunlight an important contribution. “Sunlight is distinctive in that it can examine multiple types of inputs simultaneously (e.g., gender, age, browsing activity) to develop hypotheses about which of these inputs impact certain outputs (e.g., ads on Gmail),” said Anupam Datta, a researcher at Carnegie Mellon who led the development of the AdFisher tool and was not involved in the current study. “This tool takes us closer to the critical goal of discovering personal data use effects at scale.”

Sunlight: Fine-grained Targeting Detection at Scale with Statistical Confidence

Related stories:

New Tool Makes Online Privacy More Transparent, Aug. 18, 2014

— Kim Martineau

550 W. 120th St., Northwest Corner 1401, New York, NY 10027    212-854-5660
©2016 Columbia University