{"slug": "attribute-inference-from-interactive-targeted-ads", "title": "Attribute Inference from Interactive Targeted Ads", "summary": "Researchers developed a model and benchmark for attribute inference from interactive targeted ads, showing that repeated campaigns with identity exposure produce measurable but bounded inference signals, with disclosure policy being the strongest control. The study found that Bayesian and supervised attacks reach about 0.64 AUC after 160 campaigns, and aggregate reporting removes the oracle input tied to users.", "body_md": "arXiv:2606.15209v1 Announce Type: new\nAbstract: Targeted advertising systems can pair audiences selected by advertisers with ad units that expose visible user actions. When an interaction remains linked to the campaign that elicited it, the advertiser may receive an observation tied to a user rather than only an aggregate report. We model that channel as a noisy oracle for attribute inference. The model separates targeting predicates, exposure, interaction, and disclosure. These boundaries capture the gap between eligibility and delivery, and the gap between interaction and advertiser visibility.\nWe build a reproducible benchmark using synthetic populations calibrated with public data, each with known sensitive labels. A generated campaign semantics layer provides topic variants and response priors. The simulator generates the ground truth, event traces, disclosed observations, and metrics. The evaluation compares Bayesian, supervised, positive and unlabeled, and adaptive attacks under common campaign and disclosure definitions.\nThe final evaluation uses four topic variants, seven simulator seeds, and two interaction settings. Repeated campaigns with identity exposure produce measurable but bounded inference signal. At $160$ campaigns, Bayesian and supervised attacks reach about $0.64$ AUC in the main setting and about $0.65$ AUC in the higher interaction setting. Disclosure policy is the strongest control. Aggregate reporting removes the evaluated oracle input tied to users. Type filtering and randomized disclosure reduce the released signal. The result is a model, artifact, and defense evaluation method for privacy in interactive targeted advertising. The code is available at https://github.com/P-HOW/Interactive-Ad-Oracle.", "url": "https://wpnews.pro/news/attribute-inference-from-interactive-targeted-ads", "canonical_source": "https://arxiv.org/abs/2606.15209", "published_at": "2026-06-16 04:00:00+00:00", "updated_at": "2026-06-16 04:21:31.997639+00:00", "lang": "en", "topics": ["ai-safety", "ai-policy", "ai-ethics", "machine-learning", "artificial-intelligence"], "entities": ["arXiv", "GitHub"], "alternates": {"html": "https://wpnews.pro/news/attribute-inference-from-interactive-targeted-ads", "markdown": "https://wpnews.pro/news/attribute-inference-from-interactive-targeted-ads.md", "text": "https://wpnews.pro/news/attribute-inference-from-interactive-targeted-ads.txt", "jsonld": "https://wpnews.pro/news/attribute-inference-from-interactive-targeted-ads.jsonld"}}