Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

New Reporting Origin Rate Limit #725

Closed
akashnadan opened this issue Mar 16, 2023 · 4 comments · Fixed by #796
Closed

New Reporting Origin Rate Limit #725

akashnadan opened this issue Mar 16, 2023 · 4 comments · Fixed by #796

Comments

@akashnadan
Copy link
Collaborator

We are considering adding the following reporting origin rate limit: 1 reporting origin per {source site, reporting site}

Site = eTLD + 1

This change would have a positive impact on privacy and help prevent some potential attacks i.e. ad techs using multiple reporting origins to achieve additional privacy budget.

We are looking for feedback on if this change puts any use-cases at risk.
@dmdabbs
Copy link
Contributor

dmdabbs commented Mar 16, 2023
edited
Loading

I'm not grokking your 'reporting site' reference.

There is reporting origin that must be identical across Source and Trigger registration responses, correct? IOW, https://ara.adtech.example or https://ara.advertiser.example on both sides.

Destination site, the location where Triggers are registered whose eTLD+1 must match prior source registrations by the same reporter.

And source site, the eTLD+1 where sources are registered.

If by {source site, reporting site} you meant {source site, destination site}, wouldn't that limit an advertiser to a single measurement partner (reporting origin)?

@csharrison
Copy link
Collaborator

@dmdabbs if I understand correctly, this is about restricting the number of origins a given site can use as reporting endpoints, on one source site. That is, in the following sequence:

  1. a.adtech.example registers a source on publisher.com
  2. b.adtech.example registers a source on publisher.com

(2) would be disallowed by this new rate-limit, because the reporting endpoint's site (adtech.example) has already had one origin register on publisher.com.

@dmdabbs
Copy link
Contributor

dmdabbs commented Mar 20, 2023
edited
Loading

@csharrison thank you for the clarification!
I certainly understand the need to head adtech privacy budget attacks off at the pass.

One use case for which this might produce friction is a multi-brand CPG or other entity using the same origin for various 'product lines' conversions. The advertiser or their partner will need to use separate reporting origins for each in order to create separate 'attribution lanes' for each line. Those lines would no longer have use of linea.advertiser.com, brandb.advertiser.com &c.

@csharrison
Copy link
Collaborator

One use case for which this might produce friction is a multi-brand CPG or other entity using the same origin for various 'product lines' conversions. The advertiser or their partner will need to use separate reporting origins for each in order to create separate 'attribution lanes' for each line. Those lines would no longer have use of linea.advertiser.com, brandb.advertiser.com &c.

Thanks for the feedback! We hoped to solve this in some way with the attribution filtering mechanism, but this doesn't quite support multiple independent lanes like multiple reporting origins does. The filtering mechanism just lets you selectively ignore conversions that attribute to the wrong category/lane.

The problem with wholey supporting this use-case is that unfortunately it can lead to unintuitive privacy violations.

@bmcase bmcase mentioned this issue Mar 24, 2023
Open
@csharrison csharrison mentioned this issue May 12, 2023
Merged
This was referenced May 12, 2023
Closed
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@dmdabbs @csharrison @akashnadan