Skip to content

Trusted Key Value Server v2 protocol is available in Chrome #1395

New issue
New issue
Open
Open
Trusted Key Value Server v2 protocol is available in Chrome#1395
Labels
Looking for feedbackDesign issues looking for partner feedback
@peiwenhu

Description

@peiwenhu
peiwenhu
opened on Feb 5, 2025

The Key Value Service (TKV) V2 protocol is available in Chrome Stable for on-device Protected Audiences auctions. We recommend testing the V2 protocol for existing developers who've deployed BYOS and expect key-value to be part of their long-term PA design. This is an optional, early-access opportunity for developers.

This enhanced protocol replaces the plaintext HTTPS communication of the existing "Bring Your Own Server" (BYOS) model with encryption, significantly improving user privacy. This is a key step in our journey to transition from BYOS to a privacy-advancing, TEE-based key-value service.

Key benefits of the new protocol:

  • Enhanced Privacy: Encryption ensures that sensitive user data remains protected.
  • Future-looking: Gives adopters the opportunity to begin migrating to TEE-based key-value services before they're required.

Adtechs are encouraged to evaluate TKV during this phase to:

  • Familiarize themselves with the technology: Gain experience with this new solution for providing real time signals for Protected Audience auctions.
  • Provide feedback: Contribute to the direction of TKV by offering insights and suggestions.
  • Prepare for future changes: Ensure a smooth transition from BYOS.

To start using the feature, follow the steps below:

  1. Onboard and deploy a TEE KV server.
  2. Users can set up flags and configurations to enable the feature via the command line:
chrome --enable-privacy-sandbox-ads-apis --enable-features=FledgeTrustedSignalsKVv2Support --disable-features=EnforcePrivacySandboxAttestations,FledgeEnforceKAnonymity
  1. Once Chrome has started, users can check if the feature is enabled within the context of a web page by running the following code:
navigator.protectedAudience && navigator.protectedAudience.queryFeatureSupport(
    "trustedSignalsKVv2")
  1. For buyers to use this feature to fetch real-time bidding signals, set 'trustedBiddingSignalsURL' and trustedBiddingSignalsCoordinator fields when joining interest groups. For example:
const myGroup = {
  'owner': 'https://www.example-dsp.com',
  'name': 'womens-running-shoes'
  ...
  'trustedBiddingSignalsURL': ...,
  'trustedBiddingSignalsCoordinator': 'https://www.publickeyservice.com',
  ...
}
  1. For sellers to use this feature to fetch real-time scoring signals, set 'trustedScoringSignalsURL' and trustedScoringSignalsCoordinator fields in auction configuration. For example:
const myAuctionConfig = {
  'seller': 'https://www.example-ssp.com',
  'decisionLogicURL': ...,
  ...
  'trustedScoringSignalsURL': ...,
  'trustedScoringSignalsCoordinator': 'https://www.publickeyservice.com',
  ...
}
  1. There are two default coordinator endpoints which can be applied to 'trustedBiddingSignalsCoordinator' and 'trustedScoringSignalsCoordinator':
    1. GCP: https://publickeyservice.pa.gcp.privacysandboxservices.com
    2. AWS: https://publickeyservice.pa.aws.privacysandboxservices.com

Please engage and share feedback by replying to this issue or in other ways you prefer.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Looking for feedbackDesign issues looking for partner feedback

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions