Conversions coming from a different domain than landing page

[jinghao]

Hi @hober and @johnwilander !

Context

In past W3C web-adv calls, we've discussed the case where conversions come from a different domain than the landing page's domain. This could happen for a number of reasons--localized websites (i.e. shop.com taking you to shop.co.uk), commerce platforms (i.e. my-store.com taking you to my-store.shopify.com) or others (i.e. gap.com taking you to gapfactory.com).

My understanding is that the current draft specification would lose the conversion. From the calls, it seems that people believe this is a legitimate use case, so I'm eager to work with you all to come up with a privacy-safe way of supporting this use case.

I'm not attached to any particular solution if we can solve these problems, but to kick off the discussion, here are a few thoughts:

Delegation of trust

This could be either implicit or explicit. When my-store.com (the "landing page domain") takes you to my-store.shopify.com (the "destination domain"), it could be annotated (in the anchor tag or redirect) that it's delegating the reporting permissions to the destination. When conversions finally happen on the destination domain, they are reported to the publisher as if they came from the landing page domain.

This introduces more complexity because the browser has to track the pathway to the conversion. I don't think this requires significant amounts of new data but I appreciate that it has its costs.

Do people see privacy concerns with this?

Support of multiple domains in the original ad annotation

Instead of listing just one domain, perhaps the publisher can list multiple domains. There would have to be some limit to the number of domains, with perhaps an exception for country-level TLD variations. This could also be used in conjunction with the above proposal to add more protections, so that both the publisher side and the advertiser side need to certify the delegation.

Quick-redirect through the conversion domain

This was brought up by @csharrison during a call. It has a few downsides:

1. It presumes that the publisher knows where the conversion will happen. This is the case for commerce platforms but not the case for multi-national domains.
2. It adds another redirect overhead to the initial page load, which is a bad user experience
3. I'm not sure that it's compatible with PCM's privacy model. My understanding is that the ad must land on the adDestination domain, not merely traverse through it.

Next steps

How do we move this discussion forward? Are there other ideas for addressing this major use case without compromising privacy? I'm open to feedback on how we could build upon or improve any of the ideas above, or any other ones that can solve this problem.

Thanks!

[jinghao]

Hi @johnwilander and @hober, wondering if you've had a chance to think about this use case! Thanks

[johnwilander]

Hi! Thanks for the ping.

There is a user expectation viewpoint here that we must take into account.

If the user clicks an ad and is taken to shop-example.de and then five days later someone in the same browser makes a purchase on shop-example.se, would the expectation be for the ad click to get attribution? These could be two fully different contexts and users, one German and one Swedish.

If you take it one step further, a user clicks an ad that takes them to toy-store.example. Five days later they sign up for a subscription on streaming-games.example. Would the user expect attribution to be sent out just because toy-store.example and streaming-games.example happen to have the same owner?