- From: benjaminsavage via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 Apr 2022 03:22:08 +0000
- To: public-patcg@w3.org
> I could ask all my partner sites to pre-commit to use fb1.com / fb2.com as identity providers without doing any kind of rotation / switching. Then I just double up all my source / trigger events (one per each match key provider) and get effectively double counts for the same privacy budget. Like @eriktaubeneck says, I think the idea is that if you want to use multiple match-key providers, that's fine, but each event will contain ALL of them. You don't get to pick and choose. I think that eliminates this attack. If you ask all your partner sides to pre-commit to use fb1.com / fb2.com as identity providers, then each time they generate an IPA event, it'll use both match keys (if present, defaulting to a randomly generated but stable-per-device value if not present). -- GitHub Notification of comment by benjaminsavage Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/9#issuecomment-1111700295 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 28 April 2022 03:22:09 UTC