Intent to Experiment: Private Aggregation API
Alex Turner
Contact emails
ale...@chromium.org, john...@chromium.org
Explainer
https://github.com/patcg-individual-drafts/private-aggregation-api
Specification
TBD
Summary
A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into "aggregatable reports". To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed.
Blink component
Blink>PrivateAggregation
TAG review
Will be requested shortly
TAG review status
Not yet requested
Risks
Interoperability and Compatibility
Gecko: No signal
WebKit: No signal
Web developers: Some interest for using in Shared Storage worklets for fraud and abuse, and frequency capping model calibration use cases. Strong interest for use in FLEDGE worklets for a wide range of use cases, especially in the long term where event-level reporting is no longer available.
Other signals:
WebView application risks
N/A
Goals for experimentation
The goal for the experiment is to seek feedback on the utility of the aggregated measurement available through the API and whether it satisfies the expected use cases for reporting from FLEDGE and Shared Storage worklets.
Experiment Configuration
As this API is (currently) only available from within FLEDGE and Shared Storage worklets, this API will join the unified Privacy Sandbox Ads APIs origin trial (OT). No additional OT configuration will be necessary for FLEDGE and Shared Storage experimenters. Initially, the Private Aggregation API will only be enabled for OT participants on Canary/Dev channels. As we gain confidence that the API is working properly, we will enable the API for all OT participants on the beta channel and eventually the stable channel.
Ongoing technical constraints
None
Debuggability
The proposal includes a temporary debugging mechanism to facilitate testing and integration.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Not supported on Android WebView
Is this feature fully tested by web-platform-tests?
No, but will be before shipping
Flag name
The API can be enabled using chrome://flags/#privacy-sandbox-ads-apis
Requires code in //chrome?
None other than the Privacy Sandbox Settings UI
Launch bug
Estimated milestones
We hope to start the experiment during M107 beta. After being fully ramped up, the experiment timeline will be shared with the other Privacy Sandbox Ads APIs in the unified origin trial; see also the recent Intent to Extend Experiment.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5743412790689792
Links to previous Intent discussions
Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFkKSt4YBNUn2h42G3z%2BqjwxjFAo%3DsPnrbvvOoNaDa_aAQ%40mail.gmail.com
Mike Taylor
Contact emails
ale...@chromium.org, john...@chromium.org
Explainer
https://github.com/patcg-individual-drafts/private-aggregation-api
Specification
TBD
Summary
A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into "aggregatable reports". To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed.
Blink component
Blink>PrivateAggregation
TAG review
Will be requested shortly
TAG review status
Not yet requested
Risks
Interoperability and Compatibility
Gecko: No signal
WebKit: No signal
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DKQYXEVn%3DB4rMabH14UdYyA%2BF8qQkWyUVPB0rypS1N0Q%40mail.gmail.com.