[messaging] is E2E webmail commercially feasible? (was Re: The Simple Thing)

Daniel Roesler diafygi at gmail.com
Sat Sep 27 11:59:32 PDT 2014 

> I've been told this is how TV advertising works, as well.  There's a
> computer that monitors what programs you like and chooses a selection of ads
> to play during the break.  (Perhaps that's just some TVs / systems--I don't
> know).  Given that television has such a large audience, networks may be
> able to get very strong statistical guarantees that an ad has been played X
> times, despite the one-way nature of TV.
>
> With TV advertising and PPTA, all users get fairly well-targeted
> advertisements, but advertising networks learn nothing about the behavior of
> any users.

The way it works for Samba[1], at least, is they have firmware in the
TV sends fingerprints of what's on the screen to them and matches that
to one of their fingerprints they are collecting from live TV. From
the match they can tell which show or ad you're watching. Then, if
they see a website ad network request from the same IP they got the
fingerprint from, they send a matching ad for that website.

So if you're watching a Coke ad on TV, then pull up CNN.com on your
phone connected to your home wifi, you'll see a Coke ad there, too.

Daniel

[1] - http://www.samba.tv/ads

On Sat, Sep 27, 2014 at 8:23 AM, Brendan McMillion
<brendanmcmillion at gmail.com> wrote:
> In a previous thread (Modern anti-spam and E2E crypto), I talked about
> searchable symmetric encryption--how you can use it to build
> privacy-preserving search and anti-spam networks.
>
> Apple has a vested interest in good cryptography because they can get their
> money up front.  Google and Yahoo have a vested interest in good
> kleptography because of a business model built primarily on selling users to
> advertisers.
>
> Google and Yahoo would literally go out of business before they forgo ad
> revenue.
>
>> Contrary to what many marketers claim, most adult Americans (66%) do not
>> want marketers to tailor advertisements to their interests.  Moreover, when
>> Americans are informed of three common ways that marketers gather data about
>> people in order to tailor ads, even higher percentages (between 73% and 86%)
>> say they would not want such advertising.
>
> That's a fairly intuitive statement.  When I start having lapses in
> judgement and trying to buy another venus fly trap off of the internet, the
> last thing I want to see is Pandora plastered with ads from venus fly trap
> vendors--disregarding the creep factor.
>
> For advertising, there are ideas like filling up a wallet in exchange for
> hiding ads (Subbable, Patreon, AdBlock Absolution).  But, no one told me in
> the last thread that SSE was an utterly terrible idea, so I guess I'll
> continue with my crazy:  there's also privacy-preserving targeted
> advertising (PPTA).
>
> It works similar to P2P voting systems.  Users install a plugin in their
> browser that profiles their behavior, and when they go to a website with
> ads, the ad network will send about 20 possible options.  The plugin uses
> the profile it's built to choose the best ad, and sends back which one the
> user saw and/or clicked, encrypted with an additively homomorphic encryption
> scheme and possibly an OR proof (proving the user only encrypted a 1 or a 0,
> instead of 10^10 to make the publisher go bankrupt).
>
> I've been told this is how TV advertising works, as well.  There's a
> computer that monitors what programs you like and chooses a selection of ads
> to play during the break.  (Perhaps that's just some TVs / systems--I don't
> know).  Given that television has such a large audience, networks may be
> able to get very strong statistical guarantees that an ad has been played X
> times, despite the one-way nature of TV.
>
> With TV advertising and PPTA, all users get fairly well-targeted
> advertisements, but advertising networks learn nothing about the behavior of
> any users.
>
> - Brendan Mc.
>
> On Sat, Sep 27, 2014 at 8:29 AM, Andy Isaacson <adi at hexapodia.org> wrote:
>>
>> On Thu, Sep 25, 2014 at 01:48:06AM -0700, Trevor Perrin wrote:
>> > Bigger question:  Is this a route to widespread OE?  Or is this
>> > something only a tiny fraction of users would turn on?
>> >
>> > Widespread OE for email seems hard.  Much of the userbase is on
>> > browsers, relying on ad-funded infrastructure and server search.
>> > Worse, to manage spam it seems like email has evolved to be fairly
>> > hostile to content encryption, identity-hiding, and
>> > relationship-hiding.
>> >
>> > So if we're not attempting OE, and we just want email-like messaging
>> > for the small population that will install special security tools, I
>> > guess I'm not sure why should build those on email at all (vs
>> > Pond/Petmail, SMTorP, etc.)?
>>
>> I wonder if this is completely true.  I've been quite pleasantly
>> surprised by the pro-privacy rhetoric and actions coming out of
>> traditionally user-privacy-hostile shops like Apple, Microsoft, and
>> Yahoo.  I don't know for sure, but I suspect that some of the other
>> stack vendors have identified a weakness in Google's business model and
>> are attempting to exploit it.  (It seems to me that Google is *really*
>> good at monetizing user's data by looking at it in aggregate.  If
>> another vendor gets only a small benefit from that monetization because
>> they're not as good at it, then one business ploy is to take away your
>> competitor's advantage by making that monetization more difficult.)
>>
>> If it is true that Hotmail or Yahoo were willing to forego revenue from
>> content sensitive advertising, it might be possible to build a business
>> case for in-stack OE with E2E semantics and an interoperability story.
>>
>> As a case in point, Apple does seem to have built an actual E2E secure
>> iMessage. (To my great surprise.)
>>
>> Solving the business case for E2E email still leaves us with the search
>> problem, though.  I've got no bright ideas for how to solve that.
>>
>> -andy
>> _______________________________________________
>> Messaging mailing list
>> Messaging at moderncrypto.org
>> https://moderncrypto.org/mailman/listinfo/messaging
>
>
>
> _______________________________________________
> Messaging mailing list
> Messaging at moderncrypto.org
> https://moderncrypto.org/mailman/listinfo/messaging
>

More information about the Messaging mailing list