Using trusted execution environments for advertising use cases

This article is the next in a series of posts we will be writing to provide more information about how Anonymous technology works. We started with a general overview, which you can read here.

Mozilla acquired Anonymous in the summer of 2024 as an important pillar in raising data protection standards in the advertising industry. These privacy concerns are well documented, as described in the US Federal Trade Commission’s recent report. Unlike Mozilla interfaces like Firefox, which protect users from invasive data collection, Anonymous is an ad tech infrastructure focused on improving privacy protections for data commonly shared between advertisers and ad networks. An important part of this process is where this data is sent and stored. Instead of advertisers and ad networks sharing personal user data with each other, they encrypt it and send it to Anonym’s Trusted Execution Environment. The goal of this approach is to extract insights and value from data without enabling the development of cross-site behavioral profiles based on user-level data.

A Trusted Execution Environment (TEE) is a technology for securely processing confidential information, protecting code and data from unauthorized access and modification. A TEE can be viewed as a closed environment for processing confidential information. The term enclave refers to the secure storage part of the trusted execution environment.

Why TEAs?

TEEs improve standard computing infrastructure due to:

• confidentiality – Data within the TEE is encrypted and inaccessible outside the TEE, even if the underlying system is compromised. This ensures that sensitive information remains protected.
• certification – TEEs can provide cryptographic proof of their identity and the code they wish to execute. This allows other parts of the system to verify that the TEE is trustworthy before interacting with the TEE and ensures that only authorized code processes sensitive information.

Because humans cannot access TEEs to manipulate the code, Anonymous’s system requires that any operations that need to be performed on the data be programmed in advance. We do not support arbitrary queries or real-time data manipulation. Although this sounds like a disadvantage, it offers two main advantages. First, it ensures there are no surprises. Our partners know with certainty how their data is processed. Anonymous and its partners cannot inadvertently access or share user data. Second, this hardened approach is also suitable for highly repeatable use cases. For example, in our case, this means that advertising platforms can run a measurement method repeatedly with many advertisers without having to approve the code each time, knowing that the method and underlying data are inherently secure.

TEEs in practice

Today, Anonym uses hardware-based Trusted Execution Environments (TEEs) based on Intel SGX and offered by Microsoft Azure. We believe Intel SGX is the most researched and widely adopted approach to TEEs available today.

In collaboration with our advertising platform partners, Anonym develops the algorithm for the specific advertising application. For example, if an advertiser wants to find out whether and which ads deliver the most business value, we adjust our attribution algorithm to align with the ad platform’s standard approach to attribution. This includes creating differentiated private expenses to protect affected individuals from re-identification.

Before we run an algorithm on partner data, we provide our partners with documentation and access to source code through our transparency portal binary review. Once our partners have reviewed a binary, they can approve it via the Transparency Portal. If at any time our partners wish to deactivate Anonymous’s ability to process data, they may withdraw their consent.

Each “Order” processed by Anonymous begins with the establishment of a short-lived TEE. Encrypted data from our partners is transferred to the TEE’s encrypted storage. Before the data can be decrypted, the TEE must verify its identity and integrity. This process is called certification. The attestation begins with the TEE creating cryptographic proof of its identity and the code it wishes to execute (similar to a hash). The system compares this evidence with the approved data of each partner. Only if this attestation process is successful can the TEE decrypt the data. If the cryptographic signature of the binary does not match the approved binary, the TEE does not gain access to the keys to decrypt and cannot process the data.

Through the certification we ensure that our partners have control over their data and can revoke access at any time. It also ensures that anonymous enclaves never have access to sensitive data without visibility to the customer. We achieve this by providing our customers with a log that records an entry each time customer data is processed.

Once the job is complete and the anonymized data is written to memory, the TEE is shut down and the data it contains is destroyed. The aggregated and differentially private production is then shared with our partners.

We hope this overview was helpful. In our next blog post we will discuss Anonym’s approach to transparency and control via our transparency portal.