Re: [docs-and-reports] fill out principle on safe but under user control (#61)

The subsequent section "Measurement should not significantly enable cross-context recognition" already addresses the re-identification risk of the API.

Maybe the additional protection here is that an aggregate measurement API should not give a caller any _new_ user-specific information?  (Or that any new information needs appropriate DP protection?)

I think the point of the discussion at TPAC was that the API caller can surely already know some information, e.g. the URL of the page where they just called the API, and we want to avoid saying that the API needs to somehow hide that already-known information.


-- 
GitHub Notification of comment by michaelkleber
Please view or discuss this issue at https://github.com/patcg/docs-and-reports/pull/61#issuecomment-2383326670 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 30 September 2024 14:11:54 UTC