Re: [w3ctag/design-reviews] Shared Storage API (Issue #747) from Josh Karlin on 2023-05-19 (public-webapps-github@w3.org from May 2023)

From: Josh Karlin <notifications@github.com>
Date: Fri, 19 May 2023 11:40:31 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/747/1555083090@github.com>
> Having reviewed the Mozilla and Webkit position discussions, the TAG shares the privacy concerns Mozilla raised regarding this. We'd like to see these use cases worked on in PATCG, with broader participation from other implementors.

We’re happy to discuss the measurement and targeting needs addressed by Shared Storage, Topics, FLEDGE, etc. within the PATCG. However the priority of the group has been to focus on a single use case at a time with the current focus being conversion measurement. When the PATCG broadens its focus to other use cases, we will happily engage and work together on solutions with multi-vendor support


> We are concerned about the privacy implications of any storage intended to be available across sites or origins without the user's explicit permission, and see that this could lead to capabilities used to create a drop-in replacement for third-party cookies as they work now. 

We certainly do not feel that differentially private reporting and limited (~3 bits on ad click) leakage are equivalent in capability to third party cookies. The budgets (e.g., epsilon and delta, or entropy, per unit time) matter.

> This goes against the Ethical Web Principle The web must enhance individuals' control and power. The TAG is explicitly trying to encourage development of new web technologies to replace 3rd party cookies that do not replicate the privacy pitfalls of 3rd party cookies. See our draft finding Improving the web without third-party cookies.

We are quite aligned with the principles you point to. 

I will reiterate that any proposal in this space involves reducing the near infinite bit budget of today’s third-party cookies via rate limiting (e.g., with differential privacy or entropy rate limits). The user’s control and power is their ability to disable the API. 


> We are concerned that the user needs given aren't technical needs. For example, a comparison table between the way these use cases are currently serviced and the way they are envisioned to be serviced with this new technology in place, and what the user benefit would be, would be more like what we're looking for. We recognise the use cases (cross-origin A/B experiments, user measurement, etc — which are site owner or developer needs) can provide value, but are not convinced that the value is worth the compromise to users' privacy. We'd be grateful if you would please clarify the user needs as outlined above.

The user need we are trying to support is the continued existence of a large amount of content freely available on the web.  The collection of use cases that are proximate goals of Privacy Sandbox are, to the best of our understanding, the essential tools that enable the flow of money from advertisers to most of the web sites in the world.

We agree that it is not immediately obvious that a use case like "cross-origin A/B experiments" is a necessary contributor to that goal.  But the Privacy Sandbox effort was rooted in years of discussions in the Improving Web Advertising Business Group to learn what capabilities were widely agreed to be required for the ads ecosystem to retain its ability to move money from advertisers to publishers.


> One last more general question we'd like to get a clear answer on is on a scale of 1 to 100, what pieces of the proposals in privacy sandbox will need to be in place to have a clear deprecation plan for third-party cookies, and how much does Shared Storage get us there? With so many related proposals coming in, we are concerned that the collective amount of entropy might result in a supercookie that maintains the status quo. We would likely be able to provide more constructive (and likely pragmatic) feedback with some level of clarity on roughly how close we will be getting to deprecation (of third-party cookies) with the current set of proposals.

Please see https://privacysandbox.com/timeline for Chrome's intended timeline for third-party cookie removal.  This targets removal starting in Q3 of 2024, and is based on the same collection of proposals that we've been incubating for years.

This doesn't answer your "on a scale of 1 to 100" question, though, and it's hard to know how to address that.  The Blink process pushes us to provide as much transparency as possible about future plans, and we think we have done so throughout, even in the face of considerable uncertainty.  And if something arises that has implications for this timeline, we will update [privacysandbox.com](http://privacysandbox.com/) and our other communication channels as promptly as we can.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/747#issuecomment-1555083090
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/747/1555083090@github.com>
Received on Friday, 19 May 2023 18:40:37 UTC