LGTM1 - this seems like an important privacy bugfix. Compatibility-wise,
this won't affect user experience (if my mental model is correct), but
sites using the API may receive less info than expected - but that's
kinda the point.
On 9/11/24 6:03 PM, 'Akash Nadan' via blink-dev wrote:
Contact emails
akashna...@google.com <mailto:akashna...@google.com>,
lin...@chromium.org <mailto:lin...@chromium.org>,
johni...@chromium.org <mailto:johni...@chromium.org>
Explainer
Attribution Reporting with event-level reports
<https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md>
Attribution Reporting API with Aggregatable Reports
<https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md>
Aggregation Service for the Attribution Reporting API
<https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATION_SERVICE_TEE.md>
Specification
https://wicg.github.io/attribution-reporting-api/
<https://wicg.github.io/attribution-reporting-api/>
Blink component
Internals > AttributionReporting
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting>
TAG review
Still under review
<https://github.com/w3ctag/design-reviews/issues/724>under the
original I2S for the Attribution Reporting API
TAG review status
Pending
Summary
We are landing the following changes to the Attribution Reporting API
focused on:
*
Improving privacy for debug keys
This change helps to mitigate a potential privacy gap with debug keys.
Currently the API allows a source debug key or a trigger debug key to
be specified if third party cookies are available and can be set by
API callers. If either a source or trigger debug key is specified then
it will be included in the attribution report. This may lead to a
privacy leak if third party cookies are only allowed on either the
publisher or the advertiser site but not both.
This change mitigates this issue by enforcing that source debug keys
and trigger debug keys are only included in the attribution report if
they’re present on both the source and trigger, which would mean that
third party cookies were available on both the publisher and
advertiser site. This change will apply to both event-level reports
and aggregatable reports.
Explainer/Spec changes
1.
Explainer & Spec:
https://github.com/WICG/attribution-reporting-api/pull/1403
<https://github.com/WICG/attribution-reporting-api/pull/1403>
Risks
Interoperability and Compatibility
This is a backwards incompatible change. API callers will continue to
receive Attribution Reporting API reports but the information
contained in the report may change if the API caller only specifies a
debug key on only the source or trigger registration. If they only
specify a debug key on one side, then they will no longer receive
debug key information in the report they receive but they will
continue to receive reports. We expect this to have minimal impact
since the API caller will continue to receive attribution reports as
expected.
Gecko: No signal (Original request:
https://github.com/mozilla/standards-positions/issues/791
<https://github.com/mozilla/standards-positions/issues/791>)
WebKit: No signal (Original request:
https://github.com/WebKit/standards-positions/issues/180
<https://github.com/WebKit/standards-positions/issues/180>)
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such
that it has potentially high risk for Android WebView-based applications?
No
Will this feature be supported on all six Blink platforms (Windows,
Mac, Linux, Chrome OS, Android, and Android WebView)?
The attribution reporting feature will be supported on all platforms
with the exception of Android WebView
Is this feature fully tested by web-platform-tests
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>?
Yes
Estimated milestones
This feature is anticipated to ship as part ofChrome 130
<https://chromiumdash.appspot.com/schedule>.
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/6257907243679744
<https://chromestatus.com/feature/6257907243679744>
Links to previous Intent discussions
Previous I2S:
Intent to Ship: Attribution Reporting API
<https://groups.google.com/a/chromium.org/g/blink-dev/c/2Rmj5V6FSaY>
Intent to Ship: Attribution Reporting features M117
<https://groups.google.com/a/chromium.org/g/blink-dev/c/nWF61c8xu-M/m/uMmH1ewcAQAJ>
Intent to Ship: Attribution Reporting features M118
<https://groups.google.com/a/chromium.org/g/blink-dev/c/Mh-mJiyJZFk/m/HlgzpphYBQAJ>
Intent to Ship: Attribution Reporting features M119
<https://groups.google.com/a/chromium.org/g/blink-dev/c/6e44SBtEtcQ>
Intent to Ship: Attribution Reporting features M120
<https://groups.google.com/a/chromium.org/g/blink-dev/c/jSk3xpNPzGQ/m/VZPsdYgGCAAJ>
Intent to Ship: Attribution Reporting features M121
<https://groups.google.com/a/chromium.org/g/blink-dev/c/g9KiC6Rg_mA/m/V679WcWuAQAJ>
Intent to Ship: Attribution Reporting features M123
<https://groups.google.com/a/chromium.org/g/blink-dev/c/NE7VGke1Bjc/m/bIX00t4CAAAJ>
Intent to Ship: Attribution Reporting features M124
<https://groups.google.com/a/chromium.org/g/blink-dev/c/aregp1li6xk/m/IhBB2z8tBQAJ>
Intent to Ship: Attribution Reporting features M125
<https://groups.google.com/a/chromium.org/g/blink-dev/c/9UyhI6SRyxM/m/zgWWckgWAQAJ>
Intent to Ship: Attribution Reporting features M126
<https://groups.google.com/a/chromium.org/g/blink-dev/c/7UQR2lPn5KE/m/q_kL6ZiJDgAJ>
Intent to Ship: Attribution Reporting features M127
<https://groups.google.com/a/chromium.org/g/blink-dev/c/LAgnyPsJyJg?pli=1>
Intent to Ship: Attribution Reporting features M128 (1)
<https://groups.google.com/a/chromium.org/g/blink-dev/c/qlsv7fn0zRE/m/SK8upePCCAAJ>
Intent to Ship: Attribution Reporting features M128 (2)
<https://groups.google.com/a/chromium.org/g/blink-dev/c/VKGn41wMYlg/m/VsNXktqvCAAJ>
Thanks,
Akash
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a5c21fe3-d87f-4b39-ab6a-897b875ba05a%40chromium.org.