Security Lunch ☀️ Ed. — Wednesday, Sept 3rd, 2025, 12:00 pm @ CoDa E160
Understanding Opaque Data Practices and Risks in Online Marketing and User Personalization
Yash Vekaria
Can't make it in person? Join us on
zoom.
See our past & upcoming events on our
website!
Abstract: Modern web ecosystems comprise a network of interconnected technologies, platforms, and stakeholders that interact and collaborate with each other to provide integrated services to online users. These entities are primarily involved in collecting
and sharing internet-generated data from user interactions, web traffic, and digital services in order to profile users and monetize it either via advertising and marketing or by creating personalized user experiences on the web. Despite data being a core
component of web ecosystems, it remains unclear how different entities with often distinct or conflicting incentives handle complex data flows that shape user outcomes on the web. This talk explores the security and privacy risks posed to online users in both
the data monetization use cases – marketing and personalization. In the first part it discussed risks posed from data practices followed by data brokers through the lead marketing ecosystem. Online lead generation websites collect huge amounts of personal
and sensitive user data that is quickly sold to multiple entities in real-time. To this end, it is important to understand data sharing and usage practices, its implications and user perspectives in the context of lead marketing. Furthermore, with superior
large language model capabilities, the adoption of generative AI on the web has drastically increased in recent years. When combined with user data, generative AI can allow much more sophisticated user profiling and personalization than traditional data profiling
practices. The second part of the talk explores tracking, profiling, and personalization risks posed by generative AI assistants.
Bio: Yash Vekaria is a PhD candidate in Computer Science at the University of California, Davis, where he is advised by Professor Zubair Shafiq. His research interests broadly lie in Web Privacy and Security. Yash's research aims to uncover hidden risks
emerging from non-transparent data practices on the web and study its resultant implications. At a high level, he builds novel data-driven black-box audit systems to reverse-engineer opaque data and monetary flows on the Internet. He is a recipient of the
GGCS PhD Fellowship (2024), Georgia Tech Cybersecurity Summer Fellowship (2023) and was a Visiting Research Fellow at Max Planck Institute for Informatics (MPI-INF), Saarbrucken, Germany (2022).
Rumaisa Habib 🐸
CS PhD Student, Stanford University