Contact emails

o...@google.com, pauljen...@chromium.org, carai...@chromium.org


Explainer

https://github.com/WICG/turtledove/pull/1322


Specification

https://github.com/WICG/turtledove/pull/1313


Summary

Additional bids are a feature of the Protected Audience auction that
provide buyers with a way to include server-constructed contextual bids in
the auction, which allows negative targeting of those bids. We've
identified a potential privacy risk with the current implementation, as
well as a potential solution that addresses that risk. Additional bids come
from buyers, but are transported to the auction by the auction's seller. To
prevent replay of additional bids, additional bids rely on an auction nonce
— a unique number created by and used by the browser to uniquely identify
that auction. However, this introduces a privacy risk, in that all buyers
see the same auction nonce, and could use that auction nonce as a key to
join distinct bid requests for an auction. This proposal allows sellers to
introduce an additional nonce that gets combined with the browser-provided
one so that buyers see different combined nonces across bid requests,
preventing the joining of bid requests. The combined nonce is generated
through a one-way hash (SHA-256) to prevent the construction of a combined
nonce that matches a previous combined nonce, which could otherwise be used
to facilitate the replay of an additional bid.


Blink component

Blink>InterestGroups
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups>


TAG review

For Protected Audience: https://github.com/w3ctag/design-reviews/issues/723


TAG review status

Completed for Protected Audience, resolved unsatisfied.


Risks


Interoperability and Compatibility

Optional new functionality that does not break existing use.


Gecko & WebKit: For Protected Audiences in general - Negative from Mozilla
<https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>.
No signal from Webkit
<https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278>
.


Edge: Edge is running an Origin Trial of the Ad Selection API
<https://github.com/WICG/privacy-preserving-ads/blob/main/README.md> which
shares a Web API and services protocol with Protected Audience.


Web developers: Requested by ad tech in GitHub issue #1198
<https://github.com/WICG/turtledove/issues/1198>.


Debuggability

Ad-Auction-Additional-Bid response headers are visible in the DevTools
Network tab, and each can be trivially decoded into an auction nonce, a
seller nonce, and a base-64 encoded signed additional bid. Errors
encountered while decoding and parsing the signed additional bid are
presented in the DevTools console. Additional bids are debuggable via
DevTools debugging of Protected Audience scoring scripts.


Will this feature be supported on all six Blink platforms (Windows, Mac,
Linux, ChromeOS, Android, and Android WebView)?

It will be supported on all platforms that support Protected Audience, so
all but WebView.


Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
?

Yes <https://chromium-review.googlesource.com/c/chromium/src/+/5979020>


Flag name on chrome://flags

None


Finch feature name

FledgeSellerNonce


Requires code in //chrome?

False


Estimated milestones

Shipping on desktop and Android in M132.


Anticipated spec changes

None


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5081571282124800


This intent message was generated by Chrome Platform Status
<https://chromestatus.com/>.

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANHsO6stZ5OtCo3xy127pz_9w7V_NJjx2ZvfzP%2BnJowRC8cmzg%40mail.gmail.com.

Reply via email to