Fwd: [security-lunch] Sept 3 | Yash Vekaria on "Understanding Opaque Data Practices and Risks in Online Marketing and User Personalization"

[Alan Karp]

--------------
Alan Karp

---------- Forwarded message ---------
From: Rumaisa Habib <rum...@stanford.edu>
Date: Tue, Sep 2, 2025 at 5:40 PM
Subject: [security-lunch] Sept 3 | Yash Vekaria on "Understanding Opaque Data Practices and Risks in Online Marketing and User Personalization"
To: securit...@lists.stanford.edu <securit...@lists.stanford.edu>

Security Lunch ☀️ Ed. — Wednesday,  Sept 3rd, 2025, 12:00 pm @ CoDa E160

Understanding Opaque Data Practices and Risks in Online Marketing and User Personalization

Yash Vekaria

Can't make it in person? Join us on zoom.

See our past & upcoming events on our website! 

Abstract: Modern web ecosystems comprise a network of interconnected technologies, platforms, and stakeholders that interact and collaborate with each other to provide integrated services to online users. These entities are primarily involved in collecting and sharing internet-generated data from user interactions, web traffic, and digital services in order to profile users and monetize it either via advertising and marketing or by creating personalized user experiences on the web. Despite data being a core component of web ecosystems, it remains unclear how different entities with often distinct or conflicting incentives handle complex data flows that shape user outcomes on the web. This talk explores the security and privacy risks posed to online users in both the data monetization use cases – marketing and personalization. In the first part it discussed risks posed from data practices followed by data brokers through the lead marketing ecosystem. Online lead generation websites collect huge amounts of personal and sensitive user data that is quickly sold to multiple entities in real-time. To this end, it is important to understand data sharing and usage practices, its implications and user perspectives in the context of lead marketing. Furthermore, with superior large language model capabilities, the adoption of generative AI on the web has drastically increased in recent years. When combined with user data, generative AI can allow much more sophisticated user profiling and personalization than traditional data profiling practices. The second part of the talk explores tracking, profiling, and personalization risks posed by generative AI assistants.

Bio: Yash Vekaria is a PhD candidate in Computer Science at the University of California, Davis, where he is advised by Professor Zubair Shafiq. His research interests broadly lie in Web Privacy and Security. Yash's research aims to uncover hidden risks emerging from non-transparent data practices on the web and study its resultant implications. At a high level, he builds novel data-driven black-box audit systems to reverse-engineer opaque data and monetary flows on the Internet. He is a recipient of the GGCS PhD Fellowship (2024), Georgia Tech Cybersecurity Summer Fellowship (2023) and was a Visiting Research Fellow at Max Planck Institute for Informatics (MPI-INF), Saarbrucken, Germany (2022).

                                                                    

Rumaisa Habib 🐸

CS PhD Student, Stanford University

rumaisahabib.com

_______________________________________________
security-lunch mailing list
securit...@lists.stanford.edu
https://mailman.stanford.edu/mailman/listinfo/security-lunch