dialtone
commented
2 years ago From a buyer perspective this doesn't change much in the incentive structure. You can see Facebook and Snapchat announcements on their earnings where due to lack of measurement ability spend is moving away from their platforms and into others. This doesn't seem to change much compared to where we are at today regarding measurement on PCM. The greater context to allow longer windows is also to remove the incentive of going after last click measurement and optimization which is the kind that searches and incentivizes the use of personal data and linkages, and one in which contextual-type campaigns typically don't perform as well.
I understand the goal of avoiding entropy for tracking purposes, but a 1-7 day delay on conversion already means that a buyer would need to wait a full 7 days while purchasing traffic before they know anything meaningful about how it performed. On top of it, any change made to such purchase parameters would need to wait at least a further 7 days before anything can be said about its performance. And to further on top, the buyer only gets access to a fairly coarse 1 bit or 1.5 bits after 2 days, that seems pretty rough for whoever is optimizing on the other side, virtually impossible to recollect what drove the purchase of ads on the other side which means that changes to said campaign really need to move one by one at the slowest pace possible making all of this optimization (manual or not) impractical.
I don't think I fully understand your attack vector about cheery-picking windows and users, but I'd like to understand better what is the data leakage there, mostly because on one side you are setting quite severe limitations and thresholds but on the other side I've not seen an impact assessment to go with it.
There are my $0.02 and it's possible my lack of understanding of your explained threat clouds my judgement here a bit.
johnwilander
The Attribution Reporting for Click-Through Measurement proposal has the concept of reporting windows.
The spec authors propose that up to three attribution reports can be sent for a single source. My interpretation is that that means for a single source click.
They also provide an example of reporting windows a browser could use:
I'd like to explore the idea of reporting windows for PCM where the privacy restrictions are quite different from Attribution Reporting API. PCM does not support user IDs on either side.
Currently, PCM's triggering event is allowed a 4-bit value which goes into the subsequent attribution report. If we were to support two or three reporting windows, the opportunity for cherry-picking of which users to even fire a triggering event for increases and with it the risk of linking a report to a specific user. The risk of being able to link attribution reports from multiple windows also increases. I therefore think the triggering event value needs to be much smaller for reporting windows beyond the first.
Here's a straw man to get us started:
The reason why I bring up such a long window as day 8 to 35 is to open up the conversation on return on ad spend (ROAS). A month's worth of measurement if valuable when the advertising is not about a single purchase but about the longer term value of the acquired customer.
The delay in reporting must scale with the length of the reporting window. Otherwise a bad actor can cherry-pick users to trigger events for in distinct subwindows and know exactly for whom the report is sent when it arrives later. With scale I don't necessarily mean 1:1 scale but for an 8 to 35-day window, the delay would have to be 24 to 168 hours (1 to 7 days) or something like that to deter cherry-picking.
This relationship between length of reporting window and necessary length of delay means diminishing returns when considering even longer report windows.
Let me know what you think, both of the usefulness for advertisers and the privacy implications of such a scheme.
(Also, @csharrison and @johnivdel, please check that I've understood your spec right.)