On Wed, Mar 30, 2022 at 5:53 AM Yoav Weiss <yoavwe...@chromium.org> wrote:
> > > On Friday, March 25, 2022 at 11:46:45 PM UTC+1 Paul Jensen wrote: > >> Contact emails >> >> pauljen...@chromium.org <https://groups.google.com/>, kle...@google.com >> <https://groups.google.com/> >> >> Developers interested in the FLEDGE API can also join the FLEDGE API >> announcements >> <https://groups.google.com/a/chromium.org/g/fledge-api-announce> group >> for updates and announcements. >> >> Explainer >> >> https://github.com/WICG/turtledove/blob/master/FLEDGE.md >> >> Specification >> >> May be heavily influenced by origin trial feedback, so not yet started. >> >> Summary >> >> FLEDGE provides a privacy advancing API to facilitate interest group >> based advertising. FLEDGE shifts the interest data and the final ad >> decision browser-side instead of server-side, offering many advantages: >> strong privacy guarantees, as well as time limits on group membership, >> transparency into how the advertiser interest groups are built and used, >> and granular or global controls over this type of ad targeting. >> >> Blink component >> >> Blink >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> >> >> TAG review >> >> https://github.com/w3ctag/design-reviews/issues/723 >> >> (The first “F” and last “E” in FLEDGE stand for First Experiment, as such >> FLEDGE specifies a prototype for ads serving in the TURTLEDOVE family, so >> the TAG review request was made for the overall family, TURTLEDOVE, rather >> than the first experiment specification, FLEDGE.) >> >> TAG review status >> >> Pending >> >> Risks >> Interoperability >> >> Gecko: No signal >> >> WebKit: No signal >> >> Edge: Edge is also exploring interest group based advertising, namely >> with the PARAKEET proposal >> <https://github.com/WICG/privacy-preserving-ads/blob/main/Parakeet.md>. >> PARAKEET shares much of its API with FLEDGE but has a different trust >> model. Deployment experience is necessary to inform the choice between the >> trust models. >> >> Web developers: Significant interest from many web advertising technology >> developers. WICG FLEDGE calls >> <https://github.com/WICG/turtledove/issues/88> are heavily attended. >> Interest in FLEDGE is further evidenced by the many related discussions >> and proposals that FLEDGE design draws from, most notably: >> >> - >> >> The original TURTLEDOVE >> <https://github.com/WICG/turtledove/blob/main/Original-TURTLEDOVE.md> >> from Chrome. >> - >> >> SPARROW <https://github.com/WICG/sparrow> from Criteo. >> - >> >> Outcome-based TURTLEDOVE >> <https://github.com/WICG/turtledove/blob/main/OUTCOME_BASED.md> and >> Product-level >> TURTLEDOVE >> <https://github.com/WICG/turtledove/blob/main/PRODUCT_LEVEL.md> from >> RTB House. >> - >> >> Dovekey >> <https://github.com/google/ads-privacy/tree/master/proposals/dovekey> >> from Google Ads. >> - >> >> PARRROT >> >> <https://github.com/prebid/identity-gatekeeper/blob/master/proposals/PARRROT.md> >> from Magnite. >> - >> >> TERN <https://github.com/WICG/turtledove/blob/main/TERN.md> from >> NextRoll. >> >> >> Compatibility and WebView Application Risks >> >> FLEDGE does not deprecate or change existing web behavior, so there >> should be no compatibility risk. >> >> Activation >> >> Successful testing of FLEDGE in-browser ad auctions requires >> participation from both parties selling ad space and advertisers buying ad >> space. This level of cooperation during an origin trial is a heavy lift, >> but one that seems feasible given the high level of interest we’ve seen >> from ad techs. >> >> Security >> >> FLEDGE involves downloading and running JavaScript functions, referred to >> as worklets. Chrome runs worklets from different origins in separate >> processes in very constrained environments to limit security >> vulnerabilities. You can read more about these constraints and security >> considerations here >> <https://github.com/WICG/turtledove/blob/main/Original-TURTLEDOVE.md#security-considerations> >> . >> >> Privacy >> >> Unlike third-party cookies which are readable across sites, FLEDGE >> intends to keep interest group information from being exposed to sites. For >> example this is why there is no navigator.getAdInterestGroups() API. FLEDGE >> worklets, which can read individual interest groups, are isolated and >> cannot access the network, access storage or postMessage() to other >> contexts. As the proposed first FLEDGE origin trial details document >> <https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md> >> discusses, this first origin trial will not initially enable all of the >> isolation and privacy controls in order to ease developer testing. Over >> time, these privacy protections will be added as we introduce new releases. >> To protect user privacy and honor user choice, we will not enable this >> first origin trial for users that have disabled 3rd party cookies. We >> anticipate that this will also help ad-techs to more realistically compare >> their existing ad selection methods relying on third-party cookie >> availability. Privacy considerations for the overall TURTLEDOVE family are >> discussed here >> <https://github.com/WICG/turtledove/blob/main/Original-TURTLEDOVE.md#privacy-considerations> >> . >> >> Browser Performance >> >> If advertisers place users into large numbers of interest groups, there >> is a risk of on-device FLEDGE ad auctions consuming excessive amounts of >> processing resources which could make the auctions introduce significant >> latency into the ad serving process, or slowing down the overall browsing >> experience. This is an area of intense discussion, investigation, and >> improvement. >> >> Goals for experimentation >> >> Shifting interest data and final ad decision browser-side instead of >> server-side represents a major shift in interest group based advertising. >> We hope to get feedback from ad tech on FLEDGE’s effectiveness and >> performance. >> >> Experiment Configuration >> >> The origin trial for this experiment will be shared among various Privacy >> Sandbox APIs. Our goal is to allow for coordinated experiments to be run by >> multiple different sites, across multiple APIs in one OT. >> >> This shared origin trial, Privacy Sandbox Ads APIs, will be a third-party >> origin trial. To ensure that developers can run coordinated experiments >> without concern for exceeding page load usage thresholds, this Origin Trial >> will be available for a subset of users by default. Therefore, it will be >> necessary to feature test to ensure that the API surface you want to use is >> available after providing your OT token. A second advantage of this >> configuration is that different experimenters will experiment with the same >> users, which enables coordination for APIs like FLEDGE across third parties. >> >> Ongoing technical constraints >> >> FLEDGE depends on several other in-development web technologies, e.g. >> Fenced Frames, trusted key-value servers, and aggregate reporting. To ease >> developer testing and measurement, this first FLEDGE origin trial will not >> require use of these other in-development web technologies. For details of >> exactly what we’re proposing including in this first FLEDGE origin trial >> and why please read >> https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md >> >> Debuggability >> >> FLEDGE worklets can be debugged in Chrome’s Developer tools, instructions >> here >> <https://developer.chrome.com/blog/fledge-api/#debug-fledge-worklets>. >> >> FLEDGE interest groups can also be viewed in Chrome’s Developer tools: in >> the "Application" tab, there is an "Interest Groups" item on the left >> side-bar that, when clicked, should display all interest groups that this >> page interacted with, e.g. when a page joins/leaves an interest group, bids >> on an auction, or wins an auction on this page then the interest group >> should show up. >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)? >> >> No, this origin trial will be supported on all platforms except Android >> for reasons discussed here >> <https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md#mobile-devices> >> . >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >> ? >> >> No. More web-platform-test >> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >> coverage is expected when the specification is closer to completion. >> >> Flag name >> >> privacy-sandbox-ads-apis >> >> Requires code in //chrome? >> >> Nearly all code is outside //chrome, the exception being the related >> Privacy Sandbox Settings UI. >> >> Launch bug >> >> https://bugs.chromium.org/p/chromium/issues/detail?id=1181739 >> >> Estimated milestones >> >> We hope to start the Origin Trial sometime during M101 beta. We plan to >> continue the Origin Trial until at least M104 to give developers time to >> test the API and provide feedback. Once we are confident that the APIs are >> working properly, we will transition the OT from beta to stable channel. >> > > Same question as on > https://groups.google.com/a/chromium.org/g/blink-dev/c/jEnNpideO1Y/m/5gSCiXUtAQAJ > regarding OT duration. > We're planning to start in M101 beta. We plan to progress to stable in M101 or later, if issues arise, and to continue the origin trial through M104, inclusive. > > >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/5733583115255808 >> >> Links to previous Intent discussionsIntent to prototype: >> https://groups.google.com/a/chromium.org/g/blink-dev/c/w9hm8eQCmNI >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrmTRunapDYR4hMfmFyv2Cp5OpXTwNBqOLJJXdmLrn%3Dp6g%40mail.gmail.com.
