Fenced Frames with no network access will break Brand Safety and Fraud Protection for Advertisers

[dchristian-ias]

Description: AdTech companies that provide Advertisers products like Brand Safety and Fraud Protection depend on network request access within Fenced Frames in order to deliver these products.

The documentation, as it stands, is unclear to the extent in which Network Access will be constrained inside of Fenced Frames in the future.

Does the Chrome team plan on completely cutting off Network Access inside FencedFrames in favor of serving ads as static assets (like Web Bundles), or is the plan to just constrain network access in some smaller capacity?

Referenced Documentation:

As currently described in the Fledge documentation, Section 4. Browsers Render the Winning Ad:

Fenced Frames are designed to be able to provide a second type of protection as well: they will not use the network to load any data from a server, instead only rendering content that was previously downloaded (e.g. as a Web Bundle). This restriction is focused on preventing information leakage based on server-side joins via timing attacks.

As a temporary mechanism, we will still allow network access, rendering the winning ad in a Fenced Frame that is able to load resources from servers.

The TURTLEDOVE privacy goals mean that this cannot be the long-term solution. Rendering ads from previously-downloaded Web Bundles…. Another possibility is ad rendering in which all network-loaded resources come from a trusted CDN that does not keep logs of the resources it serves.

As currently described in the Protected Audience API Developer Guide - Reporting Section:

Network access will be constrained sometime after third-party cookie deprecation.

[robert-fiedor]

adding this for reference: https://github.com/WICG/fenced-frame/issues/5