这是indexloc提供的服务,不要输入任何密码
Skip to content

Undetectable opt out? #985

@martinthomson

Description

@martinthomson

I am not able to construct a situation whereby someone might tell their browser to pretend to do Protected Audience in a way that sites cannot detect.

Is there some discussion about how this might be achieved? Or maybe something close to an undetectable opt out, like one that provides differential privacy?

For instance, if you pretend to accept markings, but throw them away, that is detectable. I assume that a site can add many interest groups and then query for their presence arbitrarily. If you partition them by top-level site, that is detectable if a site is willing to create a second site.

The partitioning approach is appealing, but it also has some pretty interesting implications when it comes to limits. You can't enforce global limits or that breaks the partitioning (hello, tracking).

Does removal of the auction failure leakage (and negative targeting) address this? I don't think that it does until you close off all of the other auction result leakage vectors.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions