Intent to Ship: Attribution Reporting Feature: Debug Key Privacy Improvement

115 views
Skip to first unread message

Akash Nadan

unread,
Sep 11, 2024, 6:03:29 PMSep 11
to blink-dev
Contact emails

akash...@google.com, lin...@chromium.org, john...@chromium.org


Explainer

Attribution Reporting with event-level reports

Attribution Reporting API with Aggregatable Reports

Aggregation Service for the Attribution Reporting API


Specification

https://wicg.github.io/attribution-reporting-api/


Blink component

Internals > AttributionReporting


TAG review

Still under review under the original I2S for the Attribution Reporting API


TAG review status

Pending


Summary

We are landing the following changes to the Attribution Reporting API focused on:

  • Improving privacy for debug keys


This change helps to mitigate a potential privacy gap with debug keys.


Currently the API allows a source debug key or a trigger debug key to be specified if third party cookies are available and can be set by API callers. If either a source or trigger debug key is specified then it will be included in the attribution report. This may lead to a privacy leak if third party cookies are only allowed on either the publisher or the advertiser site but not both. 


This change mitigates this issue by enforcing that source debug keys and trigger debug keys are only included in the attribution report if they’re present on both the source and trigger, which would mean that third party cookies were available on both the publisher and advertiser site. This change will apply to both event-level reports and aggregatable reports.



Explainer/Spec changes
  1. Explainer & Spec: https://github.com/WICG/attribution-reporting-api/pull/1403


Risks
Interoperability and Compatibility

This is a backwards incompatible change. API callers will continue to receive Attribution Reporting API reports but the information contained in the report may change if the API caller only specifies a debug key on only the source or trigger registration. If they only specify a debug key on one side, then they will no longer receive debug key information in the report they receive but they will continue to receive reports. We expect this to have minimal impact since the API caller will continue to receive attribution reports as expected.


Gecko: No signal (Original request: https://github.com/mozilla/standards-positions/issues/791)


WebKit: No signal (Original request: https://github.com/WebKit/standards-positions/issues/180)



WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

No


              

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

The attribution reporting feature will be supported on all platforms with the exception of Android WebView


Is this feature fully tested by web-platform-tests?

Yes


Estimated milestones

This feature is anticipated to ship as part of Chrome 130


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6257907243679744


Links to previous Intent discussions

Previous I2S: 

Intent to Ship: Attribution Reporting API

Intent to Ship: Attribution Reporting features M117

Intent to Ship: Attribution Reporting features M118

Intent to Ship: Attribution Reporting features M119

Intent to Ship: Attribution Reporting features M120

Intent to Ship: Attribution Reporting features M121

Intent to Ship: Attribution Reporting features M123

Intent to Ship: Attribution Reporting features M124

Intent to Ship: Attribution Reporting features M125

Intent to Ship: Attribution Reporting features M126

Intent to Ship: Attribution Reporting features M127

Intent to Ship: Attribution Reporting features M128 (1)

Intent to Ship: Attribution Reporting features M128 (2)


Thanks,
Akash

Mike Taylor

unread,
Sep 12, 2024, 12:58:39 PMSep 12
to Akash Nadan, blink-dev

LGTM1 - this seems like an important privacy bugfix. Compatibility-wise, this won't affect user experience (if my mental model is correct), but sites using the API may receive less info than expected - but that's kinda the point.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org.

Chris Harrelson

unread,
Sep 12, 2024, 1:41:22 PMSep 12
to Mike Taylor, Akash Nadan, blink-dev

Yoav Weiss (@Shopify)

unread,
Sep 18, 2024, 8:57:39 AMSep 18
to blink-dev, Chris Harrelson, Akash Nadan, blink-dev, Mike Taylor
LGTM3

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Reply all
Reply to author
Forward
0 new messages