Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How might the browser detect abusive usage of the API to keep the topic dissemination rate in line with expectations? #5

Open
jkarlin opened this issue Jan 21, 2022 · 2 comments
Open

How might the browser detect abusive usage of the API to keep the topic dissemination rate in line with expectations? #5

jkarlin opened this issue Jan 21, 2022 · 2 comments

Comments

@jkarlin
Copy link
Collaborator

jkarlin commented Jan 21, 2022

No description provided.

@igrigorik
Copy link

Existing proposal already imposes an upper-bound rate limit...

It is possible for an entity (or entities) to cooperate across hosts and acquire up to 15 topics per epoch for the same user in the first week.

Is the intent to explore how to reduce "15 topics per epoch" even further? What are some example scenarios?

@dmarti
Copy link
Contributor

dmarti commented Oct 14, 2022

One option would be to require each calling domain to obtain a signature from a known organization, and maintain a public repository of signers and their policies for any key shipped with the browser. If a caller violates the policy and uses Topics API for malicious or non-ad purposes, any keys used to sign it could be dropped from the browser. (This is based on the First-Party Sets proposal) (#87)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@igrigorik @dmarti @jkarlin