thegreatfatzby
commented
6 months ago @TheTamFamily take a look in here, few highlights:
From here:
...K-anonymity requirements on updateURL were originally considered to improve the privacy of interest group updates, but they were not a particularly strong privacy protection, mostly because the cost to add a user to an interest group (and increase the chance of passing the k-anonymity requirement on updating) is not high. K-anonymity requirements on updateURL were also found to cause a proliferation of interest groups which degraded auction performance significantly, and degrade the usefulness of interest group updates, as further discussed in https://github.com/WICG/turtledove/issues/333 and https://github.com/WICG/turtledove/issues/361. Updating interest groups after the auction does not suffer from these problems, and because each interest group update only contains information from a single site, the cross-site identity join risks occur from side channels like IP address and timing correlation. The k-anonymity protection for the auction winning ad creative URL is still important as the URL potentially contains information from two sites, the joining and auction sites.
and:
buyerAndSellerReportingId: If set, the value is used instead of the interest group name or buyerReportingId for reporting in reportWin and reportResult. Note that this field needs to be jointly k-anonymous with the interest group owner, bidding script URL, and render URL to be provided to these reporting fuctions (in the same way that the interest group name would have needed to be).
and from the reporting section:
The browserSignals argument must be handled carefully to avoid tracking. It certainly cannot include anything like the full list of interest groups, which would be too identifiable as a tracking signal. The renderURL can be included since it has passed a k-anonymity check. Because renderSize will not be included in the k-anonymity check initially, it is not included in the browser signals. The browser may limit the precision of the bid and desirability values by stochastically rounding them so that they fit into a floating point number with an 8 bit mantissa and 8 bit exponent to avoid these numbers exfiltrating information from the interest group's userBiddingSignals. On the upside, this set of signals can be expanded to include useful additional summary data about the wider range of bids that participated in the auction, e.g. the number of bids.
TheTamFamily
Apologies if this has been answered, if so can someone point me to the issue that addresses the following question:
Is there a list of interest group attributes that are subjected to kanon?
Thanks