Re: [blink-dev] Intent to Ship: Attribution Reporting Feature: Debug Key Privacy Improvement

[Mike Taylor]

LGTM1 - this seems like an important privacy bugfix. Compatibility-wise, 
this won't affect user experience (if my mental model is correct), but 
sites using the API may receive less info than expected - but that's 
kinda the point.

On 9/11/24 6:03 PM, 'Akash Nadan' via blink-dev wrote:
Contact emails
akashna...@google.com <mailto:akashna...@google.com>, 
lin...@chromium.org <mailto:lin...@chromium.org>, 
johni...@chromium.org <mailto:johni...@chromium.org>


Explainer

Attribution Reporting with event-level reports 
<https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md>

Attribution Reporting API with Aggregatable Reports 
<https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md>

Aggregation Service for the Attribution Reporting API 
<https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATION_SERVICE_TEE.md>


Specification

https://wicg.github.io/attribution-reporting-api/ 
<https://wicg.github.io/attribution-reporting-api/>


Blink component

Internals > AttributionReporting 
<https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting>


TAG review

Still under review 
<https://github.com/w3ctag/design-reviews/issues/724>under the 
original I2S for the Attribution Reporting API


TAG review status

Pending


Summary

We are landing the following changes to the Attribution Reporting API 
focused on:

 *

    Improving privacy for debug keys


This change helps to mitigate a potential privacy gap with debug keys.


Currently the API allows a source debug key or a trigger debug key to 
be specified if third party cookies are available and can be set by 
API callers. If either a source or trigger debug key is specified then 
it will be included in the attribution report. This may lead to a 
privacy leak if third party cookies are only allowed on either the 
publisher or the advertiser site but not both.


This change mitigates this issue by enforcing that source debug keys 
and trigger debug keys are only included in the attribution report if 
they’re present on both the source and trigger, which would mean that 
third party cookies were available on both the publisher and 
advertiser site. This change will apply to both event-level reports 
and aggregatable reports.



Explainer/Spec changes

1.

    Explainer & Spec:
    https://github.com/WICG/attribution-reporting-api/pull/1403
    <https://github.com/WICG/attribution-reporting-api/pull/1403>


Risks
Interoperability and Compatibility

This is a backwards incompatible change. API callers will continue to 
receive Attribution Reporting API reports but the information 
contained in the report may change if the API caller only specifies a 
debug key on only the source or trigger registration. If they only 
specify a debug key on one side, then they will no longer receive 
debug key information in the report they receive but they will 
continue to receive reports. We expect this to have minimal impact 
since the API caller will continue to receive attribution reports as 
expected.


Gecko: No signal (Original request: 
https://github.com/mozilla/standards-positions/issues/791 
<https://github.com/mozilla/standards-positions/issues/791>)


WebKit: No signal (Original request: 
https://github.com/WebKit/standards-positions/issues/180 
<https://github.com/WebKit/standards-positions/issues/180>)



WebView application risks

Does this intent deprecate or change behavior of existing APIs, such 
that it has potentially high risk for Android WebView-based applications?

No


Will this feature be supported on all six Blink platforms (Windows, 
Mac, Linux, Chrome OS, Android, and Android WebView)?

The attribution reporting feature will be supported on all platforms 
with the exception of Android WebView


Is this feature fully tested by web-platform-tests 
<https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>? 


Yes


Estimated milestones

This feature is anticipated to ship as part ofChrome 130 
<https://chromiumdash.appspot.com/schedule>.


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/6257907243679744 
<https://chromestatus.com/feature/6257907243679744>


Links to previous Intent discussions

Previous I2S:

Intent to Ship: Attribution Reporting API 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/2Rmj5V6FSaY>

Intent to Ship: Attribution Reporting features M117 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/nWF61c8xu-M/m/uMmH1ewcAQAJ>

Intent to Ship: Attribution Reporting features M118 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/Mh-mJiyJZFk/m/HlgzpphYBQAJ>

Intent to Ship: Attribution Reporting features M119 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/6e44SBtEtcQ>

Intent to Ship: Attribution Reporting features M120 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/jSk3xpNPzGQ/m/VZPsdYgGCAAJ>

Intent to Ship: Attribution Reporting features M121 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/g9KiC6Rg_mA/m/V679WcWuAQAJ>

Intent to Ship: Attribution Reporting features M123 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/NE7VGke1Bjc/m/bIX00t4CAAAJ>

Intent to Ship: Attribution Reporting features M124 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/aregp1li6xk/m/IhBB2z8tBQAJ>

Intent to Ship: Attribution Reporting features M125 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/9UyhI6SRyxM/m/zgWWckgWAQAJ>

Intent to Ship: Attribution Reporting features M126 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/7UQR2lPn5KE/m/q_kL6ZiJDgAJ>

Intent to Ship: Attribution Reporting features M127 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/LAgnyPsJyJg?pli=1>

Intent to Ship: Attribution Reporting features M128 (1) 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/qlsv7fn0zRE/m/SK8upePCCAAJ>

Intent to Ship: Attribution Reporting features M128 (2) 
<https://groups.google.com/a/chromium.org/g/blink-dev/c/VKGn41wMYlg/m/VsNXktqvCAAJ>


Thanks,
Akash
--
You received this message because you are subscribed to the Google 
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send 
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org 
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org?utm_medium=email&utm_source=footer>.

--
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a5c21fe3-d87f-4b39-ab6a-897b875ba05a%40chromium.org.