Bespoke Threat Models: Achieving Realistic Privacy Guarantees for Deployed Protocols

This thesis focuses on the question of what degree of privacy is achievable in the real world for long running applications. We explore this question in two main settings: anonymous communication and private advertising. 
In doing so we consider constraints each application may have in practice and what adversarial model is realistic for the context in which the application will be deployed.

In the space of private advertising, we propose a novel protocol, Adveil, that eliminates leakage of user data beyond that revealed by the input/output of the ads ecosystem as a whole. We also provide a minimal modeling of the functionality of digital advertising which we use to prove that, even for systems like Adveil with minimal leakage, the advertising metrics released at the end of the protocol are sufficient to leak information about end users to advertisers when combined with their audience targeting criteria.