A security analysis of the facebook ad library

Laura Edelson; Tobias Lauinger; Damon McCoy

doi:10.1109/SP40000.2020.00084

A security analysis of the facebook ad library

Laura Edelson, Tobias Lauinger, Damon McCoy

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.

Original language	English (US)
Title of host publication	Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	661-678
Number of pages	18
ISBN (Electronic)	9781728134970
DOIs	https://doi.org/10.1109/SP40000.2020.00084
State	Published - May 2020
Event	41st IEEE Symposium on Security and Privacy, SP 2020 - San Francisco, United States Duration: May 18 2020 → May 21 2020

Publication series

Name	Proceedings - IEEE Symposium on Security and Privacy
Volume	2020-May
ISSN (Print)	1081-6011

Conference

Conference	41st IEEE Symposium on Security and Privacy, SP 2020
Country	United States
City	San Francisco
Period	5/18/20 → 5/21/20

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software
Computer Networks and Communications

Access to Document

10.1109/SP40000.2020.00084

Fingerprint Dive into the research topics of 'A security analysis of the facebook ad library'. Together they form a unique fingerprint.

Cite this

Edelson, L., Lauinger, T., & McCoy, D. (2020). A security analysis of the facebook ad library. In Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020 (pp. 661-678). [9152626] (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2020-May). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/SP40000.2020.00084

A security analysis of the facebook ad library. / Edelson, Laura; Lauinger, Tobias; McCoy, Damon.

Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020. Institute of Electrical and Electronics Engineers Inc., 2020. p. 661-678 9152626 (Proceedings - IEEE Symposium on Security and Privacy; Vol. 2020-May).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Edelson, L, Lauinger, T & McCoy, D 2020, A security analysis of the facebook ad library. in Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020., 9152626, Proceedings - IEEE Symposium on Security and Privacy, vol. 2020-May, Institute of Electrical and Electronics Engineers Inc., pp. 661-678, 41st IEEE Symposium on Security and Privacy, SP 2020, San Francisco, United States, 5/18/20. https://doi.org/10.1109/SP40000.2020.00084

@inproceedings{3da2759f56d04da3a625a7ad4d759a43,

title = "A security analysis of the facebook ad library",

abstract = "Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.",

author = "Laura Edelson and Tobias Lauinger and Damon McCoy",

year = "2020",

month = may,

doi = "10.1109/SP40000.2020.00084",

language = "English (US)",

series = "Proceedings - IEEE Symposium on Security and Privacy",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "661--678",

booktitle = "Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020",

note = "41st IEEE Symposium on Security and Privacy, SP 2020 ; Conference date: 18-05-2020 Through 21-05-2020",

}

TY - GEN

T1 - A security analysis of the facebook ad library

AU - Edelson, Laura

AU - Lauinger, Tobias

AU - McCoy, Damon

PY - 2020/5

Y1 - 2020/5

N2 - Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.

AB - Actors engaged in election disinformation are using online advertising platforms to spread political messages. In response to this threat, online advertising networks have started making political advertising on their platforms more transparent in order to enable third parties to detect malicious advertisers. We present a set of methodologies and perform a security analysis of Facebook's U.S. Ad Library, which is their political advertising transparency product. Unfortunately, we find that there are several weaknesses that enable a malicious advertiser to avoid accurate disclosure of their political ads. We also propose a clustering-based method to detect advertisers engaged in undeclared coordinated activity. Our clustering method identified 16 clusters of likely inauthentic communities that spent a total of over four million dollars on political advertising. This supports the idea that transparency could be a promising tool for combating disinformation. Finally, based on our findings, we make recommendations for improving the security of advertising transparency on Facebook and other platforms.

UR - http://www.scopus.com/inward/record.url?scp=85091594235&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85091594235&partnerID=8YFLogxK

U2 - 10.1109/SP40000.2020.00084

DO - 10.1109/SP40000.2020.00084

M3 - Conference contribution

AN - SCOPUS:85091594235

T3 - Proceedings - IEEE Symposium on Security and Privacy

SP - 661

EP - 678

BT - Proceedings - 2020 IEEE Symposium on Security and Privacy, SP 2020

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 41st IEEE Symposium on Security and Privacy, SP 2020

Y2 - 18 May 2020 through 21 May 2020

ER -