Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attributes in Interest Group that are subjected to kanon #1012

Open
TheTamFamily opened this issue Feb 6, 2024 · 1 comment
Open

Attributes in Interest Group that are subjected to kanon #1012

TheTamFamily opened this issue Feb 6, 2024 · 1 comment

Comments

@TheTamFamily
Copy link

Apologies if this has been answered, if so can someone point me to the issue that addresses the following question:

Is there a list of interest group attributes that are subjected to kanon?

Thanks
@thegreatfatzby
Copy link
Contributor

@TheTamFamily take a look in here, few highlights:

From here:

...K-anonymity requirements on updateURL were originally considered to improve the privacy of interest group updates, but they were not a particularly strong privacy protection, mostly because the cost to add a user to an interest group (and increase the chance of passing the k-anonymity requirement on updating) is not high. K-anonymity requirements on updateURL were also found to cause a proliferation of interest groups which degraded auction performance significantly, and degrade the usefulness of interest group updates, as further discussed in #333 and #361. Updating interest groups after the auction does not suffer from these problems, and because each interest group update only contains information from a single site, the cross-site identity join risks occur from side channels like IP address and timing correlation. The k-anonymity protection for the auction winning ad creative URL is still important as the URL potentially contains information from two sites, the joining and auction sites.

and:

buyerAndSellerReportingId: If set, the value is used instead of the interest group name or buyerReportingId for reporting in reportWin and reportResult. Note that this field needs to be jointly k-anonymous with the interest group owner, bidding script URL, and render URL to be provided to these reporting fuctions (in the same way that the interest group name would have needed to be).

and from the reporting section:

The browserSignals argument must be handled carefully to avoid tracking. It certainly cannot include anything like the full list of interest groups, which would be too identifiable as a tracking signal. The renderURL can be included since it has passed a k-anonymity check. Because renderSize will not be included in the k-anonymity check initially, it is not included in the browser signals. The browser may limit the precision of the bid and desirability values by stochastically rounding them so that they fit into a floating point number with an 8 bit mantissa and 8 bit exponent to avoid these numbers exfiltrating information from the interest group's userBiddingSignals. On the upside, this set of signals can be expanded to include useful additional summary data about the wider range of bids that participated in the auction, e.g. the number of bids.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@thegreatfatzby @TheTamFamily