OK, so this doesn't solve the potential privacy issue, but pushes an alternative mechanism that would enable us to resolve it in the future. Got it!
On Mon, Jan 13, 2025 at 9:18 PM Caleb Raitto <carai...@chromium.org> wrote: > To clarify, the browser doesn’t actively send the auction nonce. The > browser provides an API, navigator.createAuctionNonce(), where sellers > can request the auction nonce. > > This proposal introduces a new mechanism where sellers provide nonces, but > does not deprecate the old behavior. We could consider deprecating the old > behavior once this new behavior is adopted. > > -Caleb > On Thursday, January 9, 2025 at 4:53:25 AM UTC-5 Yoav Weiss wrote: > >> What happens if sellers don't provide nonces of their own? Do we continue >> to send the auction nonces that can be used as an id? If so, are there >> plans to deprecate it? If we don't, what's the compat risk? >> >> On Wed, Jan 8, 2025, 20:37 Mike Taylor <miketa...@chromium.org> wrote: >> >>> LGTM2 >>> On 1/8/25 11:05 AM, Chris Harrelson wrote: >>> >>> LGTM1 >>> >>> On Wed, Dec 18, 2024 at 9:19 AM Caleb Raitto <carai...@chromium.org> >>> wrote: >>> >>>> Responses inline >>>> >>>> On Tuesday, December 3, 2024 at 9:03:22 PM UTC-5 Vladimir Levin wrote: >>>> >>>> On Mon, Nov 25, 2024 at 9:15 AM 'Orr Bernstein' via blink-dev < >>>> blink-dev@chromium.org> wrote: >>>> >>>> Contact emails >>>> >>>> o...@google.com, pauljen...@chromium.org, carai...@chromium.org >>>> >>>> >>>> Explainer >>>> >>>> https://github.com/WICG/turtledove/pull/1322 >>>> >>>> >>>> Specification >>>> >>>> https://github.com/WICG/turtledove/pull/1313 >>>> >>>> >>>> Summary >>>> >>>> Additional bids are a feature of the Protected Audience auction that >>>> provide buyers with a way to include server-constructed contextual bids in >>>> the auction, which allows negative targeting of those bids. We've >>>> identified a potential privacy risk with the current implementation, as >>>> well as a potential solution that addresses that risk. Additional bids come >>>> from buyers, but are transported to the auction by the auction's seller. To >>>> prevent replay of additional bids, additional bids rely on an auction nonce >>>> — a unique number created by and used by the browser to uniquely identify >>>> that auction. However, this introduces a privacy risk, in that all buyers >>>> see the same auction nonce, and could use that auction nonce as a key to >>>> join distinct bid requests for an auction. This proposal allows sellers to >>>> introduce an additional nonce that gets combined with the browser-provided >>>> one so that buyers see different combined nonces across bid requests, >>>> preventing the joining of bid requests. The combined nonce is generated >>>> through a one-way hash (SHA-256) to prevent the construction of a combined >>>> nonce that matches a previous combined nonce, which could otherwise be used >>>> to facilitate the replay of an additional bid. >>>> >>>> >>>> According to the explainer, the auction nonce (generated by the >>>> browser, and given to the seller (?)) is combined with a seller generated >>>> nonce to generate a bid nonce that >>>> >>>> >>>> Correct - the seller does receive the auction nonce. When constructing >>>> the auction config, the seller creates an auction nonce using the existing >>>> navigator.createAuctionNonce() function. The seller can then send this >>>> auction nonce as part of the request to their contextual server. >>>> >>>> >>>> buyers see. That's to make sure that buyers can't use the auction nonce >>>> to figure out other bids that are happening for the same auction, right? >>>> >>>> >>>> Correct - with this change, the auction nonce is no longer given to >>>> bidders, so that it can not be used to join bid-requests together >>>> server-side. >>>> >>>> >>>> Then the bid nonce is returned back to the seller. I presume this is to >>>> identify which auction the bid is for? >>>> >>>> >>>> Right -- we want to avoid replay attacks, where a bid is entered into >>>> an auction for which it wasn’t intended. This is why the original auction >>>> nonce mechanism was created, and this new design should preserve this >>>> replay attack protection. >>>> >>>> >>>> What I don't understand is that the bid nonce is then returned to the >>>> browser, but the browser only knows the auction nonce so wouldn't it have >>>> no way to match that with an auction because it doesn't know seller >>>> generated nonce for this bid? >>>> >>>> >>>> The seller nonce is also returned to the browser, via the >>>> Ad-Auction-Additional-Bid response header >>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#63-http-response-headers:~:text=The%20structure%20of,signed%20additional%20bid%3E>. >>>> The browser can then calculate >>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#61-auction-and-bid-nonces:~:text=The%20seller%20must%20combine,as%20a%20base64%20string.> >>>> the bid nonce from the auction nonce and the seller nonce in the same way >>>> that the seller did to send the bid nonce to the buyer. >>>> >>>> >>>> >>>> Another unrelated question, does this have any separate implications >>>> for Trusted Execution Environments? Specifically, does this apply to both >>>> or only to "local" auctions? >>>> >>>> >>>> Currently, additional bids aren’t supported for auctions conducted on >>>> Bidding and Auction (B&A) services, although such support could be added in >>>> the future, under a different I2S. >>>> >>>> >>>> >>>> Thanks, >>>> Vlad >>>> >>>> >>>> >>>> Blink component >>>> >>>> Blink>InterestGroups >>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups> >>>> >>>> >>>> TAG review >>>> >>>> For Protected Audience: https://github.com/w3ctag/ >>>> design-reviews/issues/723 >>>> >>>> >>>> TAG review status >>>> >>>> Completed for Protected Audience, resolved unsatisfied. >>>> >>>> >>>> Risks >>>> >>>> >>>> Interoperability and Compatibility >>>> >>>> Optional new functionality that does not break existing use. >>>> >>>> >>>> Gecko & WebKit: For Protected Audiences in general - Negative from >>>> Mozilla >>>> <https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>. >>>> No signal from Webkit >>>> <https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278> >>>> . >>>> >>>> >>>> Edge: Edge is running an Origin Trial of the Ad Selection API >>>> <https://github.com/WICG/privacy-preserving-ads/blob/main/README.md> >>>> which shares a Web API and services protocol with Protected Audience. >>>> >>>> >>>> Web developers: Requested by ad tech in GitHub issue #1198 >>>> <https://github.com/WICG/turtledove/issues/1198>. >>>> >>>> >>>> Debuggability >>>> >>>> Ad-Auction-Additional-Bid response headers are visible in the DevTools >>>> Network tab, and each can be trivially decoded into an auction nonce, a >>>> seller nonce, and a base-64 encoded signed additional bid. Errors >>>> encountered while decoding and parsing the signed additional bid are >>>> presented in the DevTools console. Additional bids are debuggable via >>>> DevTools debugging of Protected Audience scoring scripts. >>>> >>>> >>>> Will this feature be supported on all six Blink platforms (Windows, >>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>> >>>> It will be supported on all platforms that support Protected Audience, >>>> so all but WebView. >>>> >>>> >>>> Is this feature fully tested by web-platform-tests >>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>> ? >>>> >>>> Yes <https://chromium-review.googlesource.com/c/chromium/src/+/5979020> >>>> >>>> >>>> >>>> Flag name on chrome://flags >>>> >>>> None >>>> >>>> >>>> Finch feature name >>>> >>>> FledgeSellerNonce >>>> >>>> >>>> Requires code in //chrome? >>>> >>>> False >>>> >>>> >>>> Estimated milestones >>>> >>>> Shipping on desktop and Android in M132. >>>> >>>> >>>> Anticipated spec changes >>>> >>>> None >>>> >>>> >>>> Link to entry on the Chrome Platform Status >>>> >>>> https://chromestatus.com/feature/5081571282124800 >>>> >>>> >>>> This intent message was generated by Chrome Platform Status >>>> <https://chromestatus.com/>. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion visit https://groups.google.com/a/ >>>> chromium.org/d/msgid/blink-dev/CANHsO6stZ5OtCo3xy127pz_ >>>> 9w7V_NJjx2ZvfzP%2BnJowRC8cmzg%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANHsO6stZ5OtCo3xy127pz_9w7V_NJjx2ZvfzP%2BnJowRC8cmzg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/75fe8dee-bd6f-4515-b77d-4ceccda28cban%40chromium.org >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/75fe8dee-bd6f-4515-b77d-4ceccda28cban%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw88gzSNtR_JJ15xU%2B1S45R5jEw8DQJ8SN%2BuE88zvk-0%3DQ%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw88gzSNtR_JJ15xU%2B1S45R5jEw8DQJ8SN%2BuE88zvk-0%3DQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> >> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e7e3c769-85be-4984-9618-0e92b4b7ada1%40chromium.org >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e7e3c769-85be-4984-9618-0e92b4b7ada1%40chromium.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSKifFM1gqjyMGeJ3Cgrk1y7F9OyWtCKPCRzgiGU56H-ww%40mail.gmail.com.
