Contact emails
Summary
The Protected Audience API provides 2 mechanisms that allow signals to be passed into auctions in such a way that ensures the authenticity and integrity of the signals: the original version, which used subresource web bundles to contain the signals, and the subsequent version, which used special HTTP response headers on page-initiated fetch() requests.
This deprecation and removal is only for the original, subresource web bundle version, and does not affect the response header version.
Use counter metrics show the feature is used on less than 1 in 500 million page loads.
Deprecating and removing the original subresource web bundle version of directFromSellerSignals will improve code health and remove potential attack surfaces.
Motivation
Removing this unused feature will remove potential attack surface and reduce maintenance burden.
Interoperability and Compatibility Risk
Edge: not supported (Edge’s Ad Selection API, which is similar to the Protected Audience API, only supports on-server auctions which don’t use directFromSellerSignals)
Firefox: not supported
Safari: not supported
Alternative implementation suggestion for web developers
The header-based directFromSellerSignals provides the same functionality via a different mechanism.
Usage information from UseCounter
This feature is used on less than 1 in 500 million page loads: https://chromestatus.com/metrics/feature/timeline/popularity/5034
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrm2zO7GX%2B88wwj_nZ9N_LUX2P_%2BhhD3t3uAfvMFm73%3D9g%40mail.gmail.com.
Privacy and Security gates are also missing.
I would assume that removing this could only have a positive effect but they should still be given a heads-up in the chromestatus tool.
/Daniel
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/c14b13c1-586e-48ba-a92d-607ac7eadcb2n%40chromium.org.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
https://github.com/WICG/turtledove/blob/main/FLEDGE.md#251-using-subresource-bundles
Removal here: https://github.com/WICG/turtledove/pull/1368
New version specified in https://github.com/WICG/turtledove/pull/771; version being removed was not specified.
The Protected Audience API provides 2 mechanisms that allow signals to be passed into auctions in such a way that ensures the authenticity and integrity of the signals: the original version, which used subresource web bundles to contain the signals, and the subsequent version, which used special HTTP response headers on page-initiated fetch() requests.
This deprecation and removal is only for the original, subresource web bundle version, and does not affect the response header version.
Use counter metrics show the feature is used on less than 1 in 500 million page loads.
Deprecating and removing the original subresource web bundle version of directFromSellerSignals will improve code health and remove potential attack surfaces.
For Protected Audience: https://github.com/w3ctag/design-reviews/issues/723
Completed for Protected Audience, resolved unsatisfied.
Edge: not supported (Edge’s Ad Selection API, which is similar to the Protected Audience API, only supports on-server auctions which don’t use directFromSellerSignals)
Firefox: not supported
Safari: not supported
Web developers: Requestor of directFromSellerSignals said header mechanism preferred to web bundle mechanism here.
Protected Audience not supported on WebView.
Chrome DevTools allows you to place breakpoints in and debug bidding and scoring scripts where the directFromSellerSignals fields will now be null if the web bundle support is removed but relied upon.
Removing this support from all platforms that support Protected Audience, i.e. all but WebView.
We added a negative WPT here.
None
FledgeDirectFromSellerSignalsWebBundles
False
Planning to remove in M133.
None
https://chromestatus.com/feature/4926509595492352?gate=5314119119667200
This intent message was generated by Chrome Platform Status.
LGTM3
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.