こんにちは TAG-さん!

I'm requesting a TAG review of the Private Aggregation API.

This proposal introduces a generic mechanism for measuring aggregate, cross-site data in a privacy preserving manner. This general-purpose API can be called from isolated contexts that have access to cross-site data (such as a Shared Storage worklet). Within these contexts, potentially identifying data is encapsulated into "aggregatable reports". To prevent leakage, the cross-site data in these reports is encrypted to ensure it can only be processed by the aggregation service. During processing, this service adds noise and imposes limits on how many queries can be performed.

• Explainer¹ (minimally containing user needs and example code): https://github.com/patcg-individual-drafts/private-aggregation-api
• Specification URL: https://patcg-individual-drafts.github.io/private-aggregation-api/ (WIP)
• Tests: WPTs not yet available
• User research: N/A
• Security and Privacy self-review²: https://github.com/patcg-individual-drafts/private-aggregation-api/blob/main/security_and_privacy_questionnaire.md
• GitHub repo (if you prefer feedback filed there): https://github.com/patcg-individual-drafts/private-aggregation-api
• Primary contacts (and their relationship to the specification):
  • Alex Turner (@alexmturner), Google
  • John Delaney (@johnivdel), Google
• Organization(s)/project(s) driving the specification: Google Chrome, Privacy Sandbox
• Key pieces of existing multi-stakeholder review or discussion of this specification: This API has already been brought for review as part of the Shared Storage design review and the Protected Audience (then TURTLEDOVE) design review.
• External status/issue trackers for this specification (publicly visible, e.g. Chrome Status): https://chromestatus.com/feature/5743412790689792

Further details:

• I have reviewed the TAG's Web Platform Design Principles
• Relevant time constraints or deadlines:
• The group where the work on this specification is currently being done: PATCG (Individual Drafts)
• The group where standardization of this work is intended to be done (if current group is a community group or other incubation venue): PATWG (assuming eventual creation)
• Major unresolved issues with or opposition to this specification: Concerns have been raised in the Shared Storage and Protected Audience design reviews (linked above). Mozilla has a Negative position on Shared Storage (link).
• This work is being funded by: Google

We'd prefer the TAG provide feedback as (please delete all but the desired option):

☂️ open a single issue in our GitHub repo for the entire review