Intent to Experiment: Private Aggregation API

613 views
Skip to first unread message

Alex Turner

unread,
Oct 5, 2022, 3:00:43 PM10/5/22
to blin...@chromium.org

Contact emails

ale...@chromium.org, john...@chromium.org


Explainer

https://github.com/patcg-individual-drafts/private-aggregation-api


Specification

TBD


Summary

A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into "aggregatable reports". To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed.


Blink component

Blink>PrivateAggregation

TAG review

Will be requested shortly


TAG review status

Not yet requested


Risks



Interoperability and Compatibility



Gecko: No signal


WebKit: No signal


Web developers: Some interest for using in Shared Storage worklets for fraud and abuse, and frequency capping model calibration use cases. Strong interest for use in FLEDGE worklets for a wide range of use cases, especially in the long term where event-level reporting is no longer available.


Other signals:


WebView application risks

N/A



Goals for experimentation

The goal for the experiment is to seek feedback on the utility of the aggregated measurement available through the API and whether it satisfies the expected use cases for reporting from FLEDGE and Shared Storage worklets.


Experiment Configuration

As this API is (currently) only available from within FLEDGE and Shared Storage worklets, this API will join the unified Privacy Sandbox Ads APIs origin trial (OT). No additional OT configuration will be necessary for FLEDGE and Shared Storage experimenters. Initially, the Private Aggregation API will only be enabled for OT participants on Canary/Dev channels. As we gain confidence that the API is working properly, we will enable the API for all OT participants on the beta channel and eventually the stable channel.


Ongoing technical constraints

None


Debuggability

The proposal includes a temporary debugging mechanism to facilitate testing and integration.


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Not supported on Android WebView


Is this feature fully tested by web-platform-tests?

No, but will be before shipping


Flag name

The API can be enabled using chrome://flags/#privacy-sandbox-ads-apis


Requires code in //chrome?

None other than the Privacy Sandbox Settings UI


Launch bug

https://crbug.com/1292756


Estimated milestones

We hope to start the experiment during M107 beta. After being fully ramped up, the experiment timeline will be shared with the other Privacy Sandbox Ads APIs in the unified origin trial; see also the recent Intent to Extend Experiment.


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5743412790689792


Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiFkKSt4YBNUn2h42G3z%2BqjwxjFAo%3DsPnrbvvOoNaDa_aAQ%40mail.gmail.com


Mike Taylor

unread,
Oct 5, 2022, 4:20:24 PM10/5/22
to Alex Turner, blink-dev
LGTM to experiment from M107 to M110 inclusive (which I believe is what you're requesting, feel free to correct me).

On 10/5/22 3:00 PM, Alex Turner wrote:

Contact emails

ale...@chromium.org, john...@chromium.org


Explainer

https://github.com/patcg-individual-drafts/private-aggregation-api


Specification

TBD


Summary

A generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. The potentially identifying cross-site data is encapsulated into "aggregatable reports". To prevent leakage, this data is encrypted, ensuring it can only be processed by the aggregation service. During processing, this service will add noise and impose limits on how many queries can be performed.


Blink component

Blink>PrivateAggregation

TAG review

Will be requested shortly


TAG review status

Not yet requested


Risks



Interoperability and Compatibility



Gecko: No signal


WebKit: No signal

It's not a bad idea to request these signal now.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAA%2BBiF%3DKQYXEVn%3DB4rMabH14UdYyA%2BF8qQkWyUVPB0rypS1N0Q%40mail.gmail.com.


Reply all
Reply to author
Forward
0 new messages