A security analysis of the facebook ad library

Laura Edelson; Tobias Lauinger; Damon McCoy

doi:10.1109/SP40000.2020.00084

A security analysis of the facebook ad library

Laura Edelson, Tobias Lauinger, Damon McCoy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.

Original language	English (US)
Title of host publication	Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	661-678
Number of pages	18
ISBN (Electronic)	9781728134970
DOIs	https://doi.org/10.1109/SP40000.2020.00084
State	Published - May 2020
Event	41st IEEE Symposium on Security and Privacy, SP 2020 - San Francisco, United States Duration: May 18 2020 → May 21 2020

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2020-May
ISSN (Print)	1081-6011

Conference

Conference	41st IEEE Symposium on Security and Privacy, SP 2020
Country	United States
City	San Francisco
Period	5/18/20 → 5/21/20

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Access to Document

10.1109/SP40000.2020.00084

Fingerprint Dive into the research topics of 'A security analysis of the facebook ad library'. Together they form a unique fingerprint.

Cite this

A security analysis of the facebook ad library. / Edelson, Laura; Lauinger, Tobias; McCoy, Damon.

Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 661-678 9152626 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2020-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Edelson, L, Lauinger, T & McCoy, D 2020, A security analysis of the facebook ad library. in Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020., 9152626, Proceedings - IEEE Symposium on Security and Privacy, vol. 2020-May, Institute of Electrical and Electronics Engineers Inc., pp. 661-678, 41st IEEE Symposium on Security and Privacy, SP 2020, San Francisco, United States, 5/18/20. https://doi.org/10.1109/SP40000.2020.00084

@inproceedings{3da2759f56d04da3a625a7ad4d759a43,

title = "A security analysis of the facebook ad library",

abstract = "Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.",

author = "Laura Edelson and Tobias Lauinger and Damon McCoy",

note = "Funding Information: First, we wish to acknowledge the efforts that the Facebook Ad Library team have put into building this product that enabled our analysis, and their willingness to work with us to improve it. We also thank Facebook employees for their insightful comments on earlier drafts of this paper. This work was funded by the NSF through grants 1717062 and 1814816, as well as by gifts from Democracy Fund and the Luminate Group. Our research lab has also received gifts from Google. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the view of our funders.; 41st IEEE Symposium on Security and Privacy, SP 2020 ; Conference date: 18-05-2020 Through 21-05-2020",

year = "2020",

month = may,

doi = "10.1109/SP40000.2020.00084",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "661--678",

booktitle = "Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020",

}

TY - GEN

T1 - A security analysis of the facebook ad library

AU - Edelson, Laura

AU - Lauinger, Tobias

AU - McCoy, Damon

N1 - Funding Information: First, we wish to acknowledge the efforts that the Facebook Ad Library team have put into building this product that enabled our analysis, and their willingness to work with us to improve it. We also thank Facebook employees for their insightful comments on earlier drafts of this paper. This work was funded by the NSF through grants 1717062 and 1814816, as well as by gifts from Democracy Fund and the Luminate Group. Our research lab has also received gifts from Google. Any opinions, findings, and conclusions or recommendations expressed in this paper are those of the authors and do not necessarily reflect the view of our funders.

PY - 2020/5

Y1 - 2020/5

N2 - Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.

AB - Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.

UR - http://www.scopus.com/inward/record.url?scp=85091594235&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85091594235&partnerID=8YFLogxK

U2 - 10.1109/SP40000.2020.00084

DO - 10.1109/SP40000.2020.00084

M3 - Conference contribution

AN - SCOPUS:85091594235

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 661

EP - 678

BT - Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 41st IEEE Symposium on Security and Privacy, SP 2020

Y2 - 18 May 2020 through 21 May 2020

ER -