Contact emailsale...@chromium.org Explainerhttps://github.com/patcg-individual-drafts/private-aggregation-api
Specification https://patcg-individual-drafts.github.io/private-aggregation-api Summary A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into "aggregatable reports". To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed. Blink componentBlink>PrivateAggregation <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPrivateAggregation> TAG reviewhttps://github.com/w3ctag/design-reviews/issues/846 TAG review statusPending Risks Interoperability and Compatibility *Gecko*: No signal specific to Private Aggregation ( https://github.com/mozilla/standards-positions/issues/805). However the Gecko position on Shared Storage (one of the ways Private Aggregation is exposed) is negative. *WebKit*: No signal ( https://github.com/WebKit/standards-positions/issues/189) *Web developers*: Developers have shown interest in the API both for cross-site use cases through Shared Storage and for Protected Audience aggregate reporting and have engaged on GitHub[1]. For Shared Storage, multiple testers have publicly flagged their interest via the public Shared Storage Testers List [2]. [1] https://github.com/patcg-individual-drafts/private-aggregation-api/issues [2] https://github.com/WICG/shared-storage/blob/main/shared-storage-tester-list.md *Other signals*: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? No Debuggability The proposal includes a temporary debugging mechanism to facilitate testing and integration. An internals page (chrome://private-aggregation-internals) is also available to view the status of pending and sent reports. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)? All but WebView Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> ? Reports sent through the API are subject to large delays and require overriding a public key endpoint. Some end-to-end tests <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/wpt_internal/private-aggregation/shared-storage-sends-report.https.html> are currently internal web tests. Where possible, tests are external <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/private-aggregation/> and we are proposing new WebDriver APIs <https://github.com/patcg-individual-drafts/private-aggregation-api/pull/64> to support testing via web-platform-tests. Tests for the integration with Protected Audience are in-progress <http://crbug.com/1456401> and should land soon. Flag nameprivacy-sandbox-ads-apis Requires code in //chrome?False Tracking bughttps://crbug.com/1316659 Launch bughttps://crbug.com/1292756 Estimated milestonesWe intend to start an incremental ramp towards 100% in Stable starting with M115. Anticipated spec changes A few changes to current behavior are expected including tying debug mode to third-party cookie eligibility (issue <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/57>) and padding the encrypted payload (issue <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/56>). Extensions to the API to support multiple aggregation services, enable Protected Audience report verification <https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/report_verification.md>, and allow arrays of contributions (issue <https://github.com/patcg-individual-drafts/private-aggregation-api/issues/44>) are also expected and are purely additive. The JS interface for all of these changes will be backwards compatible with the current API. Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5743412790689792 Links to previous Intent discussionsIntent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFkKSt4YBNUn2h42G3z%2BqjwxjFAo%3DsPnrbvvOoNaDa_aAQ%40mail.gmail.com Intent to Experiment: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DKQYXEVn%3DB4rMabH14UdYyA%2BF8qQkWyUVPB0rypS1N0Q%40mail.gmail.com This intent message was generated by Chrome Platform Status <https://chromestatus.com/>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFk4cb%2Bi69Symy-KCjHbtquGSQCn5scXy_YMSSWGut2vJw%40mail.gmail.com.
