Tracking Ad Clicks Without Exposing User Data: A Privacy‑Preserving Approach

Where Do Ad Clicks Come From?

Ever felt bombarded by ads, like the iPhone 11 campaign appearing on bus stops, social apps, video apps, and shopping apps? Advertisers need to know how many clicks come from each channel to evaluate their marketing strategies.

A simple, widely used method is to append tracking parameters to the landing‑page URL after an ad click, such as utm_source=weibo to indicate the click originated from Weibo and utm_medium=social to denote a social platform.

When the parameterized URL is visited, the source is recorded. For example, a brand promoting product A might use the following URLs on different platforms:

Tencent Video:

www.xx.com/a_main.html?utm_source=tencentvideo&utm_medium=video

WeChat:

www.xx.com/a_main.html?utm_source=weixin&utm_medium=social

QQ.com:

www.xx.com/a_main.html?utm_source=qqcom&utm_medium=web

How Effective Is Ad Exposure?

Beyond click‑based pricing (CPC), many online ads use impression‑based pricing (CPM). Users may view an ad multiple times before deciding to purchase, so click counts alone cannot capture the full impact. Some ads aim to build brand awareness rather than drive immediate clicks, making CPM a more appropriate metric.

Ad platforms can control impression counts accurately, but advertisers also want to know conversion rates from exposure to click or purchase, and conversely, what proportion of purchasers have previously seen the ad.

Privacy Is a Hard Problem

Consider a brand’s product A: the e‑commerce platform knows every purchase, while the ad platform knows every ad view. In theory, matching these datasets would reveal exactly which buyers saw the ad, enabling precise measurement of exposure effectiveness.

In practice, direct data sharing is impossible because the two parties are often separate companies and because user privacy laws prohibit exposing personal identifiers.

Nevertheless, both parties have strong commercial incentives to estimate the overlap, prompting researchers to seek privacy‑preserving solutions.

Collaborative Data Use Under Encryption

A paper titled “Unbalanced Private Set Intersection Cardinality Protocol with Low Communication Cost” (Future Generation Computer Systems) proposes a cryptographic private‑set‑intersection (PSI) method. Each side encrypts every record with its own function— f(x) for the e‑commerce side and g(y) for the ad side—such that the functions are commutative: f(g(y)) = g(f(x)) when x = y.

Both parties exchange their encrypted datasets, apply their own encryption again, and then compare the doubly‑encrypted values. Because the original data never leaves its owner in plaintext, the intersection size can be determined without revealing individual records.

Extracting More Insights from Data Intersection

Beyond counting how many purchasers saw the ad, the same PSI technique can compute aggregate metrics like the total spend of the overlapping users, still preserving privacy. The authors also evaluate security, handling asymmetric scenarios (e.g., a low‑power IoT device on one side) and demonstrate high efficiency when one dataset is much larger than the other.

By using privacy‑preserving set intersection, platforms can uncover valuable commercial insights—such as the number of buyers who viewed an ad or their combined purchase amount—while fully protecting user identities.

Details of the protocol and further technical discussion will be presented by the paper’s authors in an upcoming WizTalk academic video series.