Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Knowing the publisher domain for Fledge #14

Closed
alois-bissuel opened this issue Oct 14, 2022 · 2 comments
Closed

Knowing the publisher domain for Fledge #14

alois-bissuel opened this issue Oct 14, 2022 · 2 comments
Labels
enhancement New feature or request

Comments

@alois-bissuel
Copy link

Hello,

We have two use cases which are hard to find in the current design of the Private Aggregation API, and they both need the publisher domain. The first one is to report to the marketer on which publishers its ads were displayed. For brand safety reason, an advertiser may wish to not have its ad displayed on publishers incompatible with its brand image (eg a website with a lot of offensive content). In some countries, adtechs are legally bound to report this information (see issue #14 in PATCG). The other is fraud detection (and prevention). An adtech should monitor for any fraudulent website set up specifically for siphoning money off legitimate publishers. Here reactivity is paramount to detect in a minimal amount of time this kind of fraud.

Encoding the publisher domain in the 128 bit space of the key is a tricky problem given its dynamic nature and the cardinality of this dimension. A particularly thorny point is the fact that the domain is never available in the clear in Fledge (if it is not made available in this API).

An issue with some discussion and proposed solutions (including adding back the publisher domain in the metadata with empty reports for plausible deniability as a DP mechanism) was posted in ARA (issue #583), as the Private Aggregation API uses the same aggregatable reports, but the use cases were slightly different.
@alexmturner
Copy link
Collaborator

Hi! Sorry I seem to have missed this issue.

One piece of complexity here is that the existence of a bidder in an auction on a particular publisher is cross-site information; so we need to be careful about revealing that link. One option could be to ensure a report is sent to each possible bidder origin (i.e. origin listed in interestGroupBuyers) even if that bidder origin doesn't end up participating in the auction, as discussed here. However, this may cause a large number of 'null' reports -- i.e. reports with no contributions -- to be sent.

On the question of having access to the domain at all within a Protected Audience, I'd recommend filing an issue on their repo if there isn't one already.

@alexmturner alexmturner added the enhancement New feature or request label Jun 28, 2023
@alexmturner
Copy link
Collaborator

Closing for now, but as discussed, please feel free to file an issue in the Protected Audience repo. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alexmturner @alois-bissuel