Intent to Experiment: Protected Audience Bidding & Auction Services

1,095 views
Skip to first unread message

Paul Jensen

unread,
Oct 12, 2023, 6:40:45 PM10/12/23
to blink-dev, Russ Hamilton

Contact emails

paulj...@chromium.org, beham...@google.com


Explainer

Chrome:  https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md

Services: https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_api.md

Note that this explainer has a helpful onboarding section for setting up the services.


Specification

May be influenced by Origin Trial feedback, so not yet started.  Protected Audience auctions running on Bidding & Auction Services provide functionality very similar to existing on-device auctions so much of the existing spec applies.


Summary

The Protected Audience API (formerly known as FLEDGE) is a Privacy Sandbox proposal to serve remarketing and custom audience use cases, designed so third parties cannot track user browsing behavior across sites. This proposal, the Protected Audience Bidding & Auction Services proposal, outlines a way to allow Protected Audience computation to take place on cloud servers in a Trusted Execution Environment (TEE), rather than running locally on a user's device. Moving computation to cloud servers can help optimize the Protected Audience auction, and free up computational cycles and network bandwidth for a device.


Blink component

Blink>InterestGroups


TAG review

The parent proposal, Protected Audience, is still pending: https://github.com/w3ctag/design-reviews/issues/723


TAG review status

Pending


Risks

Interoperability and Compatibility

None. This is an optional new feature of the Protected Audience API. Ad techs can use this new feature by calling navigator.getInterestGroupAdAuctionData() and specifying values for new fields in the auction config. Without invoking the new function or explicit values for those new fields, there's no functional behavioral change as a result of this feature.


Gecko & WebKit: No signal on parent proposal, Protected Audience.  Asked in the Mozilla forum here, and in the Webkit forum here.


Web developers: Extensive interest in this feature from adtechs, evidenced by the myriad of discussions on Protected Audience’s issue tracker and weekly WICG calls.


Goals for experimentation

Operating Bidding and Auction services in TEEs represents a major shift from running Protected Audience auctions inside the browser.  During this Origin Trial we’d like to gain confidence that this is possible to do at scale and in a performant manner.  We want feedback on new API surfaces and how these servers are operated.


Debuggability

On-device API surfaces should be debuggable in Chrome DevTools, and we’ve added extensive mechanisms for debugging Bidding and Auction services.


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

It will be supported on all platforms that support Protected Audience, so all but WebView.


Is this feature fully tested by web-platform-tests?

No. More web-platform-test coverage is expected when the specification is closer to completion.


Flag name on chrome://flags

Overall control is not possible via chrome://flags, though the consented debugging support is controlled via chrome://flags/#protected-audience-debug-token


Finch feature name

FledgeBiddingAndAuctionServerAPI


Requires code in //chrome?

Only for UI for the consented debugging support.


Estimated milestones

We hope to start the Origin Trial sometime during M119 beta. We plan to continue the Origin Trial for at least three milestones to give developers time to test the API and provide feedback. Once we are confident that the APIs are working properly, we will transition the OT from beta to stable channel.


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4649601971257344


Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnSdvf7RgK2wxsmC6rWc8eRoqDZOvgwVFuEx1r2nqmAJg%40mail.gmail.com


This intent message was generated by Chrome Platform Status.

Chris Harrelson

unread,
Oct 13, 2023, 1:46:22 PM10/13/23
to Paul Jensen, blink-dev, Russ Hamilton
Please fill out and start the reviews for Privacy, Security and Debuggability in your chromestatus entry, thanks.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWr%3D7Cfcv00pao_rDJeT2-67jfRNzk%2BgTHQ13eCUyguPcfA%40mail.gmail.com.

Mike Taylor

unread,
Oct 18, 2023, 12:04:30 PM10/18/23
to Chris Harrelson, Paul Jensen, blink-dev, Russ Hamilton

Hi Paul,

Can you clarify what the proposed end milestone will be?

thanks,
Mike

Paul Jensen

unread,
Oct 19, 2023, 11:42:27 AM10/19/23
to Mike Taylor, Chris Harrelson, blink-dev, Russ Hamilton
> Please fill out and start the reviews for Privacy, Security and Debuggability in your chromestatus entry, thanks.
These are all in review now.  Sorry, I forgot about this new step.

> Can you clarify what the proposed end milestone will be?
I hope the Origin Trial to last M119 through M121, though I strongly suspect I'll need to extend this further to provide sufficient time to test.

Mike Taylor

unread,
Oct 19, 2023, 2:31:39 PM10/19/23
to Paul Jensen, Chris Harrelson, blink-dev, Russ Hamilton

LGTM to experiment from M119 to M121 (inclusive). Extending another 3 milestones if needed will be fairly mechanical, given our current policy on OT length.

Russ Hamilton

unread,
Apr 4, 2024, 12:19:28 PMApr 4
to blink-dev, Paul Jensen

Influenced by Origin Trial feedback, so work has just started.  Protected Audience auctions running on Bidding & Auction Services provide functionality very similar to existing on-device auctions so much of the existing spec applies.


Summary

We propose extending the Bidding and Auction Services origin trial currently operating on 1% stable. We have decided to extend the experiment given developers need more time to onboard and to keep experimenting with new features. We would like to request extending the end milestone from M124 to M127.


Blink component

Blink>InterestGroups


TAG review

For Protected Audience: https://github.com/w3ctag/design-reviews/issues/723


TAG review status

Completed for Protected Audience, resolved unsatisfied.

Vladimir Levin

unread,
Apr 5, 2024, 11:19:56 AMApr 5
to Russ Hamilton, blink-dev, Paul Jensen
On Thu, Apr 4, 2024 at 12:19 PM 'Russ Hamilton' via blink-dev <blin...@chromium.org> wrote:

Contact emails

paulj...@chromium.org, beham...@google.com


Explainer

Chrome:  https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md

Services: https://github.com/privacysandbox/fledge-docs/blob/main/bidding_auction_services_api.md

Note that this explainer has a helpful onboarding section for setting up the services.


Specification

Influenced by Origin Trial feedback, so work has just started.  Protected Audience auctions running on Bidding & Auction Services provide functionality very similar to existing on-device auctions so much of the existing spec applies.


Is there an available summary of the OT feedback, or a summary of changes that the feedback has influenced? 


Summary

We propose extending the Bidding and Auction Services origin trial currently operating on 1% stable. We have decided to extend the experiment given developers need more time to onboard and to keep experimenting with new features. We would like to request extending the end milestone from M124 to M127.


Blink component

Blink>InterestGroups


TAG review

For Protected Audience: https://github.com/w3ctag/design-reviews/issues/723


TAG review status

Completed for Protected Audience, resolved unsatisfied.


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/4649601971257344


Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CABQTWrnSdvf7RgK2wxsmC6rWc8eRoqDZOvgwVFuEx1r2nqmAJg%40mail.gmail.com


Intent to Experiment:

https://groups.google.com/a/chromium.org/g/blink-dev/c/2bwMHd3Yz7I

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Mike Taylor

unread,
Apr 8, 2024, 11:41:06 AMApr 8
to Russ Hamilton, Paul Jensen, blink-dev

Hi Russ,

Could you summarize progress on the following, per the extension process:

Draft spec (early draft is ok, but must be spec-like and associated with the appropriate standardization venue, or WICG)
TAG review
bit.ly/blink-signals requests
Outreach for feedback from the spec community
WPT tests

I recognize some of this is touched on in your email - but having it explicitly in one spot would be helpful, thanks.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

Russ Hamilton

unread,
Apr 9, 2024, 4:12:59 PMApr 9
to Mike Taylor, Paul Jensen, blink-dev

Specification

We are just beginning writing the spec. We're drafting a WICG spec for the browser components and an IETF spec for the server interface.


TAG review

For Protected Audience: https://github.com/w3ctag/design-reviews/issues/723.


TAG review status

Completed for Protected Audience, resolved unsatisfied.


Interoperability and Compatibility


Gecko & WebKit: No signal on parent proposal, Protected Audience.  Asked in the Mozilla forum here, and in the Webkit forum here.


WPT Tests


We have not started on WPT tests for this feature.

Mike Taylor

unread,
Apr 12, 2024, 1:24:58 PMApr 12
to Russ Hamilton, Paul Jensen, blink-dev

Russ and I had a conversation offline about the progress here - mind summarizing, Russ?

Russ Hamilton

unread,
Apr 12, 2024, 2:52:58 PMApr 12
to Mike Taylor, Paul Jensen, blink-dev

To follow up on my previous email, I’d like to add some more details to clarify the state and progress of the Origin Trial:

In the past 6  months the server has added support for event-level reporting, multiple coordinators, currencies, multi-seller auctions, and hybrid on-device/on-server Protected Audience auctions. We've made 20+ changes to Chrome in the past 6 months to support new features for Bidding and Auction Services and address issues discovered during testing. 

The discussions needed to begin the specification work represent significant progress relative to where we were before, as now we have a plan and work has started on implementation.

The TAG review for Protected Audience finished in February. 

Although we haven't heard from Webkit or Gecko, Microsoft has proposed their Ad Selection API (https://github.com/WICG/privacy-preserving-ads/tree/main) as a similar TEE on-server auction API. That API looks like it would have an identical Web Platform API as the Bidding and Auction Services API. We have biweekly meetings with Microsoft, and are open to collaborating on specifying the API.

Although we don't have WPT, we have been working on integration testing with the existing implementation. Also, there is a substantial barrier to writing effective WPTs in our case due to the use of Hybrid Public Key Encryption (HPKE) in sending requests and responses. That said, we are thinking about ways to extend WPTs to make it possible to improve test coverage.

Mike Taylor

unread,
Apr 12, 2024, 4:02:09 PMApr 12
to Russ Hamilton, Paul Jensen, blink-dev

Thanks Russ.

LGTM to extend another 3 milestones. I would like to see draft specifications and progress on making this testable via WPTs, at the very least, before any further extensions are requested.

Reply all
Reply to author
Forward
0 new messages