-
Notifications
You must be signed in to change notification settings - Fork 269
Open
Labels
Non-breaking Feature RequestFeature request for functionality unlikely to break backwards compatibilityFeature request for functionality unlikely to break backwards compatibility
Description
Hello
In Fledge, in at least an alpha version, the advertiser would receive notifications for each display event.
How can the advertiser ensure that the notification he receives is genuine ? Especially knowing the following:
- the code emitting the notification is open-source
- the notification is emitted by the client, so the notification mechanism is done on the client, and the notification parameters (eg what is being reported) is also sent by the client
- bad clients could either do replay attack (re-send the notification) or send a different notification
Is where a built-in way in Fledge to address these issues ?
A way I see of tacking this issues, would be the following :
- As per issue Reporting on User signals and trusted server signals #213 , allow reporting to send back data coming from trusted bidding signals
- During bidding, the trusted bidding server computes the hash of a private key + a nonce + timestamp of the request + whatever needs to be authenticated (for instance, bid price), let's call this H
- this H is sent back as trusted bidding signals, along with the nonce and the request timestamp
- During reporting, the advertiser recovers the nonce, the request timestamp etc and can compute the same hash, let's call it H2
- Advertiser checks that H = H2, otherwise it means that the data sent through reporting was tampering with
What do you think about this ? Would such an idea work ?
Metadata
Metadata
Assignees
Labels
Non-breaking Feature RequestFeature request for functionality unlikely to break backwards compatibilityFeature request for functionality unlikely to break backwards compatibility