As another comment mentioned, they're talking about using a technique that allows you to perform computations on encrypted data, with encrypted results output - the thing doing the computation never sees any decrypted data.
So they could target advertisements but, as far as I can tell, they wouldn't be able to know which advertisements were served ... until the phone makes a request to download them, which seems to me to render it fairly but not entirely pointless.
My understanding is that homomorphic encryption allows one to transform encrypted data, but the data is still encrypted (random noise). i.e:
decrypt(encrypt(x+1)) == decrypt(encrypt(x) +1)
This does not allow you to get any information about X, only perform computations with it. If advertisers are getting information out of encrypted data, that means the encryption is broken.
> If advertisers are getting information out of encrypted data, that means the encryption is broken.
I'm just suggesting that Facebook wants to use homomorphic encryption to tell your phone which adverts to download. It won't know which adverts it told you to download or why ... but it will know that you've downloaded them once you do.
It could in theory serve the adverts through homomorphic encryption, but then it wouldn't be able to invoice people based on how many times their adverts were served. I don't see that happening though.
Oh, thank you, I should have paid more attention to the original article as well.
As a complete layman on the topic, I am kind of wary of (fully) homomorphic encryption. Not sure if I understand it right, but it seems to me that anybody in possession of the ciphertext would be able to run it through an arbitrary circuit, even if the result is encrypted and they cannot read it; in theory it would be vulnerable to MITM attacks.
For instance, say Facebook servers are compromised (yes, I know…) and an attacker then runs their own version of the recommendation algorithm instead, presenting fake ads to people that mention specific terms.
I am certainly several steps behind any academic discussions on the subject, so if that is not a problem I am curious to know why.
So they could target advertisements but, as far as I can tell, they wouldn't be able to know which advertisements were served ... until the phone makes a request to download them, which seems to me to render it fairly but not entirely pointless.