On Friday, March 25, 2022 at 11:46:45 PM UTC+1 Paul Jensen wrote:
> Contact emails > > pauljen...@chromium.org <https://groups.google.com/>, kle...@google.com > <https://groups.google.com/> > > Developers interested in the FLEDGE API can also join the FLEDGE API > announcements > <https://groups.google.com/a/chromium.org/g/fledge-api-announce> group > for updates and announcements. > > Explainer > > https://github.com/WICG/turtledove/blob/master/FLEDGE.md > > Specification > > May be heavily influenced by origin trial feedback, so not yet started. > > Summary > > FLEDGE provides a privacy advancing API to facilitate interest group based > advertising. FLEDGE shifts the interest data and the final ad decision > browser-side instead of server-side, offering many advantages: strong > privacy guarantees, as well as time limits on group membership, > transparency into how the advertiser interest groups are built and used, > and granular or global controls over this type of ad targeting. > > Blink component > > Blink <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink> > > TAG review > > https://github.com/w3ctag/design-reviews/issues/723 > > (The first “F” and last “E” in FLEDGE stand for First Experiment, as such > FLEDGE specifies a prototype for ads serving in the TURTLEDOVE family, so > the TAG review request was made for the overall family, TURTLEDOVE, rather > than the first experiment specification, FLEDGE.) > > TAG review status > > Pending > > Risks > Interoperability > > Gecko: No signal > > WebKit: No signal > > Edge: Edge is also exploring interest group based advertising, namely with > the > PARAKEET proposal > <https://github.com/WICG/privacy-preserving-ads/blob/main/Parakeet.md>. > PARAKEET shares much of its API with FLEDGE but has a different trust > model. Deployment experience is necessary to inform the choice between the > trust models. > > Web developers: Significant interest from many web advertising technology > developers. WICG FLEDGE calls > <https://github.com/WICG/turtledove/issues/88> are heavily attended. > Interest in FLEDGE is further evidenced by the many related discussions > and proposals that FLEDGE design draws from, most notably: > > - > > The original TURTLEDOVE > <https://github.com/WICG/turtledove/blob/main/Original-TURTLEDOVE.md> > from Chrome. > - > > SPARROW <https://github.com/WICG/sparrow> from Criteo. > - > > Outcome-based TURTLEDOVE > <https://github.com/WICG/turtledove/blob/main/OUTCOME_BASED.md> and > Product-level > TURTLEDOVE > <https://github.com/WICG/turtledove/blob/main/PRODUCT_LEVEL.md> from > RTB House. > - > > Dovekey > <https://github.com/google/ads-privacy/tree/master/proposals/dovekey> > from Google Ads. > - > > PARRROT > > <https://github.com/prebid/identity-gatekeeper/blob/master/proposals/PARRROT.md> > > from Magnite. > - > > TERN <https://github.com/WICG/turtledove/blob/main/TERN.md> from > NextRoll. > > > Compatibility and WebView Application Risks > > FLEDGE does not deprecate or change existing web behavior, so there should > be no compatibility risk. > > Activation > > Successful testing of FLEDGE in-browser ad auctions requires participation > from both parties selling ad space and advertisers buying ad space. This > level of cooperation during an origin trial is a heavy lift, but one that > seems feasible given the high level of interest we’ve seen from ad techs. > > Security > > FLEDGE involves downloading and running JavaScript functions, referred to > as worklets. Chrome runs worklets from different origins in separate > processes in very constrained environments to limit security > vulnerabilities. You can read more about these constraints and security > considerations here > <https://github.com/WICG/turtledove/blob/main/Original-TURTLEDOVE.md#security-considerations> > . > > Privacy > > Unlike third-party cookies which are readable across sites, FLEDGE intends > to keep interest group information from being exposed to sites. For example > this is why there is no navigator.getAdInterestGroups() API. FLEDGE > worklets, which can read individual interest groups, are isolated and > cannot access the network, access storage or postMessage() to other > contexts. As the proposed first FLEDGE origin trial details document > <https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md> > > discusses, this first origin trial will not initially enable all of the > isolation and privacy controls in order to ease developer testing. Over > time, these privacy protections will be added as we introduce new releases. > To protect user privacy and honor user choice, we will not enable this > first origin trial for users that have disabled 3rd party cookies. We > anticipate that this will also help ad-techs to more realistically compare > their existing ad selection methods relying on third-party cookie > availability. Privacy considerations for the overall TURTLEDOVE family are > discussed here > <https://github.com/WICG/turtledove/blob/main/Original-TURTLEDOVE.md#privacy-considerations> > . > > Browser Performance > > If advertisers place users into large numbers of interest groups, there is > a risk of on-device FLEDGE ad auctions consuming excessive amounts of > processing resources which could make the auctions introduce significant > latency into the ad serving process, or slowing down the overall browsing > experience. This is an area of intense discussion, investigation, and > improvement. > > Goals for experimentation > > Shifting interest data and final ad decision browser-side instead of > server-side represents a major shift in interest group based advertising. > We hope to get feedback from ad tech on FLEDGE’s effectiveness and > performance. > > Experiment Configuration > > The origin trial for this experiment will be shared among various Privacy > Sandbox APIs. Our goal is to allow for coordinated experiments to be run by > multiple different sites, across multiple APIs in one OT. > > This shared origin trial, Privacy Sandbox Ads APIs, will be a third-party > origin trial. To ensure that developers can run coordinated experiments > without concern for exceeding page load usage thresholds, this Origin Trial > will be available for a subset of users by default. Therefore, it will be > necessary to feature test to ensure that the API surface you want to use is > available after providing your OT token. A second advantage of this > configuration is that different experimenters will experiment with the same > users, which enables coordination for APIs like FLEDGE across third parties. > > Ongoing technical constraints > > FLEDGE depends on several other in-development web technologies, e.g. > Fenced Frames, trusted key-value servers, and aggregate reporting. To ease > developer testing and measurement, this first FLEDGE origin trial will not > require use of these other in-development web technologies. For details of > exactly what we’re proposing including in this first FLEDGE origin trial > and why please read > https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md > > Debuggability > > FLEDGE worklets can be debugged in Chrome’s Developer tools, instructions > here <https://developer.chrome.com/blog/fledge-api/#debug-fledge-worklets> > . > > FLEDGE interest groups can also be viewed in Chrome’s Developer tools: in > the "Application" tab, there is an "Interest Groups" item on the left > side-bar that, when clicked, should display all interest groups that this > page interacted with, e.g. when a page joins/leaves an interest group, bids > on an auction, or wins an auction on this page then the interest group > should show up. > > Will this feature be supported on all six Blink platforms (Windows, Mac, > Linux, Chrome OS, Android, and Android WebView)? > > No, this origin trial will be supported on all platforms except Android > for reasons discussed here > <https://github.com/WICG/turtledove/blob/main/Proposed_First_FLEDGE_OT_Details.md#mobile-devices> > . > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ? > > No. More web-platform-test > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > > coverage is expected when the specification is closer to completion. > > Flag name > > privacy-sandbox-ads-apis > > Requires code in //chrome? > > Nearly all code is outside //chrome, the exception being the related > Privacy Sandbox Settings UI. > > Launch bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=1181739 > > Estimated milestones > > We hope to start the Origin Trial sometime during M101 beta. We plan to > continue the Origin Trial until at least M104 to give developers time to > test the API and provide feedback. Once we are confident that the APIs are > working properly, we will transition the OT from beta to stable channel. > Same question as on https://groups.google.com/a/chromium.org/g/blink-dev/c/jEnNpideO1Y/m/5gSCiXUtAQAJ regarding OT duration. > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/5733583115255808 > > Links to previous Intent discussionsIntent to prototype: > https://groups.google.com/a/chromium.org/g/blink-dev/c/w9hm8eQCmNI > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2d86fb7-9fc4-43ac-8669-b87d926e61ffn%40chromium.org.
