LGTM3 On Tuesday, January 14, 2025 at 10:00:18 AM UTC+1 Yoav Weiss wrote:
> OK, so this doesn't solve the potential privacy issue, but pushes an > alternative mechanism that would enable us to resolve it in the future. Got > it! > > On Mon, Jan 13, 2025 at 9:18 PM Caleb Raitto <carai...@chromium.org> > wrote: > >> To clarify, the browser doesn’t actively send the auction nonce. The >> browser provides an API, navigator.createAuctionNonce(), where sellers >> can request the auction nonce. >> >> This proposal introduces a new mechanism where sellers provide nonces, >> but does not deprecate the old behavior. We could consider deprecating the >> old behavior once this new behavior is adopted. >> >> -Caleb >> On Thursday, January 9, 2025 at 4:53:25 AM UTC-5 Yoav Weiss wrote: >> >>> What happens if sellers don't provide nonces of their own? Do we >>> continue to send the auction nonces that can be used as an id? If so, are >>> there plans to deprecate it? If we don't, what's the compat risk? >>> >>> On Wed, Jan 8, 2025, 20:37 Mike Taylor <miketa...@chromium.org> wrote: >>> >>>> LGTM2 >>>> On 1/8/25 11:05 AM, Chris Harrelson wrote: >>>> >>>> LGTM1 >>>> >>>> On Wed, Dec 18, 2024 at 9:19 AM Caleb Raitto <carai...@chromium.org> >>>> wrote: >>>> >>>>> Responses inline >>>>> >>>>> On Tuesday, December 3, 2024 at 9:03:22 PM UTC-5 Vladimir Levin wrote: >>>>> >>>>> On Mon, Nov 25, 2024 at 9:15 AM 'Orr Bernstein' via blink-dev < >>>>> blink-dev@chromium.org> wrote: >>>>> >>>>> Contact emails >>>>> >>>>> o...@google.com, pauljen...@chromium.org, carai...@chromium.org >>>>> >>>>> >>>>> Explainer >>>>> >>>>> https://github.com/WICG/turtledove/pull/1322 >>>>> >>>>> >>>>> Specification >>>>> >>>>> https://github.com/WICG/turtledove/pull/1313 >>>>> >>>>> >>>>> Summary >>>>> >>>>> Additional bids are a feature of the Protected Audience auction that >>>>> provide buyers with a way to include server-constructed contextual bids >>>>> in >>>>> the auction, which allows negative targeting of those bids. We've >>>>> identified a potential privacy risk with the current implementation, as >>>>> well as a potential solution that addresses that risk. Additional bids >>>>> come >>>>> from buyers, but are transported to the auction by the auction's seller. >>>>> To >>>>> prevent replay of additional bids, additional bids rely on an auction >>>>> nonce >>>>> — a unique number created by and used by the browser to uniquely identify >>>>> that auction. However, this introduces a privacy risk, in that all buyers >>>>> see the same auction nonce, and could use that auction nonce as a key to >>>>> join distinct bid requests for an auction. This proposal allows sellers >>>>> to >>>>> introduce an additional nonce that gets combined with the >>>>> browser-provided >>>>> one so that buyers see different combined nonces across bid requests, >>>>> preventing the joining of bid requests. The combined nonce is generated >>>>> through a one-way hash (SHA-256) to prevent the construction of a >>>>> combined >>>>> nonce that matches a previous combined nonce, which could otherwise be >>>>> used >>>>> to facilitate the replay of an additional bid. >>>>> >>>>> >>>>> According to the explainer, the auction nonce (generated by the >>>>> browser, and given to the seller (?)) is combined with a seller generated >>>>> nonce to generate a bid nonce that >>>>> >>>>> >>>>> Correct - the seller does receive the auction nonce. When constructing >>>>> the auction config, the seller creates an auction nonce using the >>>>> existing >>>>> navigator.createAuctionNonce() function. The seller can then send this >>>>> auction nonce as part of the request to their contextual server. >>>>> >>>>> >>>>> buyers see. That's to make sure that buyers can't use the auction >>>>> nonce to figure out other bids that are happening for the same auction, >>>>> right? >>>>> >>>>> >>>>> Correct - with this change, the auction nonce is no longer given to >>>>> bidders, so that it can not be used to join bid-requests together >>>>> server-side. >>>>> >>>>> >>>>> Then the bid nonce is returned back to the seller. I presume this is >>>>> to identify which auction the bid is for? >>>>> >>>>> >>>>> Right -- we want to avoid replay attacks, where a bid is entered into >>>>> an auction for which it wasn’t intended. This is why the original auction >>>>> nonce mechanism was created, and this new design should preserve this >>>>> replay attack protection. >>>>> >>>>> >>>>> What I don't understand is that the bid nonce is then returned to the >>>>> browser, but the browser only knows the auction nonce so wouldn't it have >>>>> no way to match that with an auction because it doesn't know seller >>>>> generated nonce for this bid? >>>>> >>>>> >>>>> The seller nonce is also returned to the browser, via the >>>>> Ad-Auction-Additional-Bid response header >>>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#63-http-response-headers:~:text=The%20structure%20of,signed%20additional%20bid%3E>. >>>>> >>>>> The browser can then calculate >>>>> <https://github.com/WICG/turtledove/blob/main/FLEDGE.md#61-auction-and-bid-nonces:~:text=The%20seller%20must%20combine,as%20a%20base64%20string.> >>>>> >>>>> the bid nonce from the auction nonce and the seller nonce in the same way >>>>> that the seller did to send the bid nonce to the buyer. >>>>> >>>>> >>>>> >>>>> Another unrelated question, does this have any separate implications >>>>> for Trusted Execution Environments? Specifically, does this apply to both >>>>> or only to "local" auctions? >>>>> >>>>> >>>>> Currently, additional bids aren’t supported for auctions conducted on >>>>> Bidding and Auction (B&A) services, although such support could be added >>>>> in >>>>> the future, under a different I2S. >>>>> >>>>> >>>>> >>>>> Thanks, >>>>> Vlad >>>>> >>>>> >>>>> >>>>> Blink component >>>>> >>>>> Blink>InterestGroups >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EInterestGroups> >>>>> >>>>> >>>>> TAG review >>>>> >>>>> For Protected Audience: https://github.com/w3ctag/ >>>>> design-reviews/issues/723 >>>>> >>>>> >>>>> TAG review status >>>>> >>>>> Completed for Protected Audience, resolved unsatisfied. >>>>> >>>>> >>>>> Risks >>>>> >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> Optional new functionality that does not break existing use. >>>>> >>>>> >>>>> Gecko & WebKit: For Protected Audiences in general - Negative from >>>>> Mozilla >>>>> <https://github.com/mozilla/standards-positions/issues/770#issuecomment-2432124085>. >>>>> >>>>> No signal from Webkit >>>>> <https://github.com/WebKit/standards-positions/issues/158#issuecomment-2432121278> >>>>> . >>>>> >>>>> >>>>> Edge: Edge is running an Origin Trial of the Ad Selection API >>>>> <https://github.com/WICG/privacy-preserving-ads/blob/main/README.md> >>>>> which shares a Web API and services protocol with Protected Audience. >>>>> >>>>> >>>>> Web developers: Requested by ad tech in GitHub issue #1198 >>>>> <https://github.com/WICG/turtledove/issues/1198>. >>>>> >>>>> >>>>> Debuggability >>>>> >>>>> Ad-Auction-Additional-Bid response headers are visible in the DevTools >>>>> Network tab, and each can be trivially decoded into an auction nonce, a >>>>> seller nonce, and a base-64 encoded signed additional bid. Errors >>>>> encountered while decoding and parsing the signed additional bid are >>>>> presented in the DevTools console. Additional bids are debuggable via >>>>> DevTools debugging of Protected Audience scoring scripts. >>>>> >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>> >>>>> It will be supported on all platforms that support Protected Audience, >>>>> so all but WebView. >>>>> >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> Yes >>>>> <https://chromium-review.googlesource.com/c/chromium/src/+/5979020> >>>>> >>>>> >>>>> Flag name on chrome://flags >>>>> >>>>> None >>>>> >>>>> >>>>> Finch feature name >>>>> >>>>> FledgeSellerNonce >>>>> >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> False >>>>> >>>>> >>>>> Estimated milestones >>>>> >>>>> Shipping on desktop and Android in M132. >>>>> >>>>> >>>>> Anticipated spec changes >>>>> >>>>> None >>>>> >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/5081571282124800 >>>>> >>>>> >>>>> This intent message was generated by Chrome Platform Status >>>>> <https://chromestatus.com/>. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion visit https://groups.google.com/a/ >>>>> chromium.org/d/msgid/blink-dev/CANHsO6stZ5OtCo3xy127pz_ >>>>> 9w7V_NJjx2ZvfzP%2BnJowRC8cmzg%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CANHsO6stZ5OtCo3xy127pz_9w7V_NJjx2ZvfzP%2BnJowRC8cmzg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/75fe8dee-bd6f-4515-b77d-4ceccda28cban%40chromium.org >>>>> >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/75fe8dee-bd6f-4515-b77d-4ceccda28cban%40chromium.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw88gzSNtR_JJ15xU%2B1S45R5jEw8DQJ8SN%2BuE88zvk-0%3DQ%40mail.gmail.com >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw88gzSNtR_JJ15xU%2B1S45R5jEw8DQJ8SN%2BuE88zvk-0%3DQ%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> >>> To view this discussion visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e7e3c769-85be-4984-9618-0e92b4b7ada1%40chromium.org >>>> >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e7e3c769-85be-4984-9618-0e92b4b7ada1%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b7d274cf-9e84-41fc-9509-045a53a87a2en%40chromium.org.
