so explain to me how you can claim transparency? ..tom
On Fri, Sep 8, 2023 at 12:26 PM Shivani Sharma <[email protected]> wrote: > > > On Fri, Sep 8, 2023 at 2:51 PM Tom Jones <[email protected]> > wrote: > >> This statement is under non goals. So I think you need to change that or >> remove the claim of transparency. >> > This is specifically about whether the end user can see the result of > attestation of a given site "in the browser", which at this time is not > supported. > >> >> thx ..Tom (mobile) >> >> On Fri, Sep 8, 2023, 11:06 AM Shivani Sharma <[email protected]> >> wrote: >> >>> >>> >>> On Fri, Sep 8, 2023 at 12:55 PM Tom Jones <[email protected]> >>> wrote: >>> >>>> I cannot understand how it is possible to claim transparency with the >>>> following explanation. It seems completely misleading. >>>> >>>> Today, the attestation model does not seek to provide information to >>>> users within the browser or device in real-time about a developer's >>>> attestations >>>> >>> >>> Thanks for the question! The transparency for attestations is something >>> that would be added in a future iteration and as mentioned in the earlier >>> response, that will likely also include a public list of enrolled and >>> attested sites. >>> >>>> >>>> >>>> thx ..Tom (mobile) >>>> >>>> On Wed, Aug 30, 2023, 6:16 AM Shivani Sharma <[email protected]> >>>> wrote: >>>> >>>>> Contact emails >>>>> >>>>> [email protected], [email protected] >>>>> >>>>> >>>>> Explainer >>>>> >>>>> https://github.com/privacysandbox/attestation/blob/main/README.md >>>>> >>>>> Design document >>>>> >>>>> >>>>> https://docs.google.com/document/d/16PYa6wBBGBbV4YMujkFzBab8s4a7N4PcvpY0Js1qN1k/edit?usp=sharing >>>>> >>>>> Specification >>>>> >>>>> While the enrollment process itself is not intended to be >>>>> standardized, the impacted API specifications allow for a user agent >>>>> defined gating mechanism such as enrollment and attestation. The spec >>>>> changes for the gated APIs are linked below: >>>>> >>>>> Private aggregation (section with note on enrollment >>>>> <https://patcg-individual-drafts.github.io/private-aggregation-api/#scheduling-reports> >>>>> ) >>>>> >>>>> Shared Storage (pull request >>>>> <https://github.com/WICG/shared-storage/pull/105>) >>>>> >>>>> Topics (pull request >>>>> <https://github.com/patcg-individual-drafts/topics/pull/238/files>) >>>>> >>>>> Attribution reporting API (pull request >>>>> <https://github.com/WICG/attribution-reporting-api/pull/968>) >>>>> >>>>> Protected Audience (pull requests: 1 >>>>> <https://github.com/WICG/fenced-frame/pull/114/files>, 2 >>>>> <https://github.com/WICG/turtledove/pull/766/files>) >>>>> >>>>> >>>>> Summary and Motivation >>>>> >>>>> As the Privacy Sandbox relevance and measurement APIs start ramping up >>>>> for general availability, we want to make sure these technologies are used >>>>> as intended and with transparency. The APIs include Attribution Reporting, >>>>> the Protected Audience API, Topics, Private Aggregation and Shared >>>>> Storage. >>>>> As announced in a blog post >>>>> <https://developer.chrome.com/blog/announce-enrollment-privacy-sandbox/>, >>>>> a new Developer Enrollment process for Privacy Sandbox relevance and >>>>> measurement APIs is being introduced across Chrome and Android. This I2S >>>>> refers to Chrome’s implementation of fetching the enrolled-sites list from >>>>> the enrollment server (via component updater >>>>> <https://chromium.googlesource.com/chromium/src/+/lkgr/components/component_updater/README.md>) >>>>> and using it to gate access to the Privacy Sandbox APIs. >>>>> >>>>> Blink component >>>>> >>>>> Blink>PrivateAggregation >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EPrivateAggregation> >>>>> >>>>> Blink>Storage>SharedStorage >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EStorage%3ESharedStorage&can=2> >>>>> >>>>> Blink>TopicsAPI >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ETopicsAPI> >>>>> >>>>> Internals > AttributionReporting >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting> >>>>> >>>>> Blink>InterestGroups >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component%3ABlink%3EInterestGroups&can=2> >>>>> >>>>> Is this feature supported on all six Blink platforms (Windows, Mac, >>>>> Linux, Chrome OS, Android, and Android WebView)? >>>>> >>>>> Supported on all the above platforms except Android WebView. >>>>> >>>>> In the initial version, no gated APIs are supported on WebView , with >>>>> the caveat that the Attribution Reporting API delegates from WebView to >>>>> Android and would be gated as part of Android’s attestation based gating. >>>>> >>>>> Debuggability >>>>> Console errors: The API surfaces gated on enrollment and attestation >>>>> will output relevant console error messages if a given site is not allowed >>>>> to participate/invoke those API surfaces. (Private Aggregation API-related >>>>> console messages are output during its consumer API enrollment checks e.g. >>>>> Shared Storage, but could be made more specific in the future). >>>>> >>>>> Local override: For local testing, we are providing developer >>>>> overrides with a Chrome flag and CLI switch: >>>>> >>>>> Flag: chrome://flags/#privacy-sandbox-enrollment-overrides >>>>> >>>>> CLI: --privacy-sandbox-enrollment-overrides=https://example.com, >>>>> https://example.co.uk,... >>>>> >>>>> Initial public proposal >>>>> >>>>> https://github.com/privacysandbox/attestation/blob/main/README.md >>>>> >>>>> TAG review >>>>> >>>>> Private Aggregation (comment >>>>> <https://github.com/w3ctag/design-reviews/issues/846#issuecomment-1690139513> >>>>> ) >>>>> >>>>> Shared Storage (comment >>>>> <https://github.com/w3ctag/design-reviews/issues/747#issuecomment-1690156498> >>>>> ) >>>>> >>>>> Topics (comment >>>>> <https://github.com/w3ctag/design-reviews/issues/726#issuecomment-1690087586> >>>>> ) >>>>> >>>>> Attribution reporting API (comment >>>>> <https://github.com/w3ctag/design-reviews/issues/724#issuecomment-1690076332> >>>>> ) >>>>> >>>>> Protected Audience (comment >>>>> <https://github.com/w3ctag/design-reviews/issues/723#issuecomment-1690413217> >>>>> ) >>>>> >>>>> RisksInteroperability >>>>> >>>>> Initially the enrolled and attested sites list will only be available >>>>> to Chrome browsers. The list is publicly available in the sense that it's >>>>> shipped to Chrome browsers, but we don't have an official site currently >>>>> where we post it. However, we could potentially do so in the future and >>>>> that would enable other browsers to have a consistent gating mechanism. >>>>> >>>>> Compatibility >>>>> >>>>> No compatibility concerns. The existing APIs either return promises, >>>>> and will reject for callers that are not enrolled (and they can already >>>>> reject for other reasons today), or they don’t return anything and the >>>>> script will not break. >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> No, as there are no plans to standardize this behavior. >>>>> >>>>> Tracking bugcrbug.com/1448875 >>>>> Launch bug >>>>> >>>>> https://launch.corp.google.com/launch/4260778 >>>>> >>>>> Estimated milestones >>>>> >>>>> M118 >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Intent to prototype: >>>>> https://groups.google.com/a/chromium.org/g/blink-dev/c/Zy6uyaTdcJ8 >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to [email protected]. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADAcp086BcDbQX%2B2ED-9eU06ZZPH6_MMpB0cr2F0Jf40H4EACw%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CADAcp086BcDbQX%2B2ED-9eU06ZZPH6_MMpB0cr2F0Jf40H4EACw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK2Cwb5WAk215SzY%3DnKOgvhgXNH02TVn4NsOCKwFQoan5ZREjQ%40mail.gmail.com.
