Re: SPARROW Gatekeeper and hosted bidding logic from Michael Kleber on 2020-10-23 (public-web-adv@w3.org from October 2020)

From: Michael Kleber <kleber@google.com>
Date: Fri, 23 Oct 2020 14:20:25 -0400
To: Lionel Basdevant <l.basdevant@criteo.com>
Cc: "public-web-adv@w3.org" <public-web-adv@w3.org>, Basile Leparmentier <b.leparmentier@criteo.com>
Message-ID: <CAA6DcCfV8-dPckogamv6G-FeCz6WVp2BHHkA9jwgkKxvFn4G8Q@mail.gmail.com>
OK great, I've opened https://github.com/WICG/sparrow/issues/23 that I
think describes the central threat.  Let's continue the discussion there.

--Michael


On Fri, Oct 23, 2020 at 12:47 PM Lionel Basdevant <l.basdevant@criteo.com>
wrote:

> Hi Michael,
>
>
>
> Bid values are definitely protected variables in SPARROW reporting.
>
>
>
> Nevertheless the final auction is run by the SSP. At least one bid value
> per Gatekeeper and per opportunity (the highest) is transmitted to the SSP
> running the auction. (c.f. step by step in SPARROW:
> https://github.com/WICG/sparrow/blob/master/Step_by_step_auction.md).
>
>
>
> Reducing the number of digits in the bid value would prevent the DSP
> sending information to the SSP through the bid value, in case of collusion
> between the two. We are open to discussion on the appropriate number of
> digits, or other privacy mechanisms.
>
>
>
> Please note that other variables, like advertiser or DSP name, might also
> be needed alongside with the bid value. For example, as of today the
> winning bid is not always the highest one, but may depend on Ad Quality
> rules set by the publisher or specific deals between advertiser and
> publishers. Depending on the variables being sent alongside the bid value,
> stronger privacy mechanisms on the bid value might be needed.
>
>
>
> Please do not hesitate to open a GitHub issue to discuss it forward.
>
>
>
> Best,
>
> Lionel
>
>
>
>
>
> *De : *Michael Kleber <kleber@google.com>
> *Date : *vendredi 23 octobre 2020 à 17:54
> *À : *Lionel Basdevant <l.basdevant@criteo.com>
> *Cc : *"public-web-adv@w3.org" <public-web-adv@w3.org>, Basile
> Leparmentier <b.leparmentier@criteo.com>
> *Objet : *Re: SPARROW Gatekeeper and hosted bidding logic
>
>
>
> Hi Lionel, thanks again for the various TPAC discussions.
>
>
>
>
>    - Bidding logics provided to the Gatekeeper by Ad Tech companies only
>    output bid values. Some provision over bid value precision has to be taken
>    so it cannot be used to leak information (e.g.: 4 digits rounding).  But
>    bidding logics do not output any other info, nor do they call services
>    outside of the Gatekeeper. So there is no need for auditing on those, and
>    update frequency only depends on Gatekeeper and Ad Tech technical
>    considerations.
>
>
>
> Oh, this answer is not what I expected!
>
>
>
> In our previous discussions about the privacy properties of Gatekeeper
> reporting (especially SPARROW Issue #16
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fsparrow%2Fissues%2F16&data=04%7C01%7Cl.basdevant%40criteo.com%7C147207ef46b843275f9c08d8776be9c5%7C2a35d8fd574d48e3927c8c398e225a01%7C1%7C0%7C637390652653622167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=zUMvemModZT5rYk3L3rP2jpTmYeCmbUfLWHOlezVLyk%3D&reserved=0>),
> we were focused on the information leakage from the "unprotected
> variables".  These are still the part of SPARROW reporting that makes me
> the most nervous.  I thought that, aside from these, we were mostly just
> talking about the privacy properties of k-anonymity vs differential privacy.
>
>
>
> But your answer above now talks about bid values as a way to leak
> information.  How are these reported out?  Bid values don't appear in your Example
> of ranked privacy-preserving report
> <https://eur03.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Fsparrow%2Fblob%2Fmaster%2FReporting_in_SPARROW.md%23example-of-ranked-privacy-preserving-report&data=04%7C01%7Cl.basdevant%40criteo.com%7C147207ef46b843275f9c08d8776be9c5%7C2a35d8fd574d48e3927c8c398e225a01%7C1%7C0%7C637390652653622167%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=gf48Ihe15%2BWR0rxiGRs3DZzfh1Ef5LVhDAJKeC6hlDo%3D&reserved=0> at
> all.  If they are exposed at the event level (i.e. they are "unprotected
> variables"), then I am extremely worried!  Since the bidder can run
> arbitrary (and unaudited) logic that sees both interest-group and
> contextual signals, this seems like a huge opportunity for a malicious
> bidder to smuggle out bits of information that should never leave the
> Gatekeeper.
>
>
>
> Maybe this was an error, and in fact bids never leave the Gatekeeper?  If
> not, I'm happy to open a new SPARROW Issue to discuss further.
>
>
>
> --Michael
>
>
>
>
>
> On Fri, Oct 23, 2020 at 4:16 AM Lionel Basdevant <l.basdevant@criteo.com>
> wrote:
>
> Hi,
>
>
>
> Thanks everyone for the two days virtual F2F, I think it was very useful
> and that we’ve made progress. Thanks in particular to Wendy for the
> organization, and to all people who run presentations.
>
>
>
> There has been two questions from Gang Wang at the end of the last session
> that has been rapidly answered, and Basile and I wanted to give some
> precisions.
>
>
>
> The questions were, from what I recall:
>
>    - In the SPARROW proposal, Ad Tech companies bidding logics would be
>    hosted on the Gatekeeper. Do you think these Ad Tech companies will agree
>    to share this core private competency?
>    - Bidding logic might be a lot of code, changing often. How does it
>    fit with the Gatekeeper auditing requirements?
>
>
>
> On these:
>
>    - Bidding logics hosted by the Gatekeeper are private. The Gatekeeper
>    must not share them with any other actor. Indeed, Ad Tech companies have to
>    trust the Gatekeeper not to do so. Nevertheless, we see this as a great
>    improvement over TURTLEDOVE, where interest-group bidding logic (or at
>    least part of) is sent to the browser in the form of a javascript function,
>    which, IMHO, cannot be kept private.
>    - Bidding logics provided to the Gatekeeper by Ad Tech companies only
>    output bid values. Some provision over bid value precision has to be taken
>    so it cannot be used to leak information (e.g.: 4 digits rounding).  But
>    bidding logics do not output any other info, nor do they call services
>    outside of the Gatekeeper. So there is no need for auditing on those, and
>    update frequency only depends on Gatekeeper and Ad Tech technical
>    considerations.
>
>
>
> I hope it answers the questions, do not hesitate to say so if it doesn’t.
>
>
>
> Best,
>
> Lionel
>
>
>
>
>
>
> --
>
> Forewarned is worth an octopus in the bush.
>
>
>


-- 
Forewarned is worth an octopus in the bush.
Received on Friday, 23 October 2020 18:20:51 UTC