- From: Martin Thomson via GitHub <sysbot+gh@w3.org>
- Date: Wed, 18 May 2022 02:38:29 +0000
- To: public-patcg@w3.org
Thanks @csharrison, On 1, my intent was to address the provenance issue more than the configuration issue. (I agree that configuration is the best way to address this, even if we can't rely on it being uniformly implemented by sites.) If you operate a reporting system, having some confidence that the information (or at least the information generated by honest clients) was generated by a certain actor, then you are able to apply the sorts of controls you have proposed. I don't think that HTTPS is sufficient here (though it is certainly necessary as a means of ensuring authenticity when loading content into a context in the browser, and for ensuring that data is only sent where it is intended). On 2, the intent is to have events recorded by any party present, then shared. Of course, if you are present, you can use the events you created yourself. (As we get more into the design, it seems like the events we are talking about might not change between API invocations, with the same information being presented to all parties for the same site over the course of each epoch, so having different people ask doesn't really make any difference.) As you say, if you aren't present, you don't get cross-channel attribution, so you need to rely on others to collect those events. But as noted, you choose who presents those events. -- GitHub Notification of comment by martinthomson Please view or discuss this issue at https://github.com/patcg/private-measurement/issues/14#issuecomment-1129506894 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 18 May 2022 02:38:30 UTC