[w3ctag/design-reviews] Early design review request: IPA (Issue #823)

こんにちは TAG-さん!

I'm requesting a TAG review of Interoperable Private Attribution (IPA).

IPA proposes a system that enables cross-site attribution. The idea is to provide businesses that use advertising with a way to measure how their advertising is performing without having to rely on tracking. To do this, IPA assigns users with an identifier - a match key - that cannot be used outside of a multi-party compute (MPC) system. The MPC system only executes a specific protocol that has been vetted to ensure that it only provides aggregated information.

  - Explainer¹ (minimally containing user needs and example code): https://github.com/patcg-individual-drafts/ipa/blob/main/IPA-End-to-End.md

  - User research: none yet
  - Security and Privacy self-review²: https://github.com/patcg-individual-drafts/ipa/blob/main/sec-priv-q.md

  - GitHub repo: https://github.com/patcg-individual-drafts/ipa

  - Primary contacts:
   - Ben Savage (@benjaminsavage), Meta
   - Erik Taubeneck (@eriktaubeneck), Meta
   - Martin Thomson (@martinthomson), Mozilla
  - Organization/project driving the design: Meta
  - External status/issue trackers for this feature:
   - https://github.com/WebKit/standards-positions/issues/142

   - https://github.com/mozilla/standards-positions/issues/753


Further details:

  - [x] I have reviewed the TAG's [Web Platform Design Principles](https://www.w3.org/TR/design-principles/)
  - The group where the incubation/design work on this is being done (or is intended to be done in the future): [PATCG](https://patcg.githu.io/)
  - The group where standardization of this work is intended to be done ("unknown" if not known): PATWG (not approved, [draft charter](https://github.com/patcg/patwg-charter/))
  - Existing major pieces of multi-stakeholder review or discussion of this design: Records of some discussion can be found in [the project repository](https://github.com/patcg-individual-drafts/ipa) and [PATCG minutes](https://github.com/patcg/meetings/).
  - Major unresolved issues with or opposition to this design:  The explainer includes sections that describe a number of open issues.  We are planning trials that should help answer some of these.
  - This work is being funded by: Meta and Mozilla.

You should also know that...

The security and privacy questionnaire covers two key challenges, that I will highlight again here:

1. This proposal uses information - match keys - that might be used to perform cross-site tracking if the protections in the proposal were to fail.  The API allows any web site to request and receive this information from user agents.  The proposal includes a number of measures that are designed to protect this information.

2. The aggregated information that is provided to sites is based on the use of match keys.  The use of differential privacy ensures that there is some protection for the contribution of individual users.  The design limits the rate at which sites gain this information, so while the amount of information each week has strict limits, over time this limit always increases without bound.

Any conclusions about the privacy properties of the API will depend on an assessment of the adequacy of these protections.

We'd prefer the TAG provide feedback as 🐛 open issues in [our GitHub repo](https://github.com/patcg-individual-drafts/ipa) for each point of feedback.  We're happy to engage with general feedback, commentary, and questions in this thread; we expect some feedback to be very broad in nature.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/823

You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/823@github.com>

Received on Friday, 3 March 2023 01:43:39 UTC