On Fri, Jul 26, 2024 at 10:30 PM Yoav Weiss (@Shopify) < yoavwe...@chromium.org> wrote:
> Thanks!! Do we have any stats RE how often the limits are exceeded? Is it > fair to assume it's a rare occasion? > The metric shows that the limits are exceeded rarely, and the change is based on feedbacks of a few ad-techs that exceed the limit. > > On Fri, Jul 26, 2024 at 3:36 PM Nan Lin <lin...@chromium.org> wrote: > >> Thanks Yoav. Please see the inline response. >> >> Best, >> Nan >> >> On Fri, Jul 26, 2024 at 5:09 PM Yoav Weiss (@Shopify) < >> yoavwe...@chromium.org> wrote: >> >>> >>> On Thu, Jul 25, 2024 at 11:24 PM Chris Harrelson <chris...@chromium.org> >>> wrote: >>> >>>> LGTM2 >>>> >>>> On Mon, Jul 22, 2024 at 11:42 AM Mike Taylor <miketa...@chromium.org> >>>> wrote: >>>> >>>>> > This change will not cause any site breakage or change for end users >>>>> of Chrome. >>>>> >>>>> LGTM1 >>>>> On 7/11/24 3:48 PM, 'Akash Nadan' via blink-dev wrote: >>>>> >>>>> Contact emails >>>>> >>>>> akashna...@google.com, lin...@chromium.org, johni...@chromium.org >>>>> >>>>> Explainer >>>>> >>>>> Attribution Reporting with event-level reports >>>>> <https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md> >>>>> >>>>> Attribution Reporting API with Aggregatable Reports >>>>> <https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md> >>>>> >>>>> Aggregation Service for the Attribution Reporting API >>>>> <https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATION_SERVICE_TEE.md> >>>>> >>>>> Specification >>>>> >>>>> https://wicg.github.io/attribution-reporting-api/ >>>>> >>>>> Blink component >>>>> >>>>> Internals > AttributionReporting >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting> >>>>> >>>>> TAG review >>>>> >>>>> Still under review >>>>> <https://github.com/w3ctag/design-reviews/issues/724> under the >>>>> original I2S for the Attribution Reporting API >>>>> >>>>> TAG review status >>>>> >>>>> Pending >>>>> >>>>> Summary >>>>> >>>>> We are landing the following change to the Attribution Reporting API >>>>> focused on: >>>>> >>>>> - >>>>> >>>>> Improving utility by changing the methodology for a rate limit >>>>> >>>>> >>>>> This change is based on ad-tech feedback that we have heard regarding >>>>> a current rate limit for the Attribution Reporting API. >>>>> >>>>> Currently the API has a limit called the source-destination-limit >>>>> which allows API callers to register up to 100 distinct destinations per >>>>> {source site, reporting site} applied to all unexpired sources per >>>>> browser. >>>>> >>>>> This rate limit also uses a LIFO model (last-in-first-out) in the >>>>> sense that once the limit is reached, any new source registrations will be >>>>> rejected. >>>>> >>>>> We have heard feedback from multiple ad-techs that they are running >>>>> into this limit which then causes some amount of loss in terms of not >>>>> being >>>>> able to register new sources. >>>>> >>>>> This change proposes to use a FIFO model (first-in-first-out) for this >>>>> rate limit. So once the limit is reached, any new source registration will >>>>> cause the API to delete the oldest pending source registration for the >>>>> same >>>>> {source site, reporting site} pair, and allow the new source registration >>>>> to be stored. >>>>> >>>>> In order to safely support this FIFO model, the following rate limit >>>>> needs to also be added to the API: >>>>> >>>>> - >>>>> >>>>> 100 distinct destinations per {source site, reporting site, 24 >>>>> hours}. >>>>> - >>>>> >>>>> This new rate limit will help to prevent any attacks where an >>>>> adversary may want to try to cycle through many different >>>>> destinations in >>>>> one attempt >>>>> >>>>> >>>>> In terms of the rollout plan for this feature, we would like to >>>>> directly switch this rate limit from being a LIFO model to a FIFO model. >>>>> This means the LIFO model will no longer be an option. Based on feedback >>>>> we >>>>> have heard, this type of model where more recent sources are given a >>>>> stronger preference is in line with how ad-techs think about measuring >>>>> conversions. Additionally, the API will support a priority field, so that >>>>> within the FIFO model ad-techs can still specify if certain destinations >>>>> require a higher priority than others. >>>>> >>>>> This change is not backwards compatible since the model for this rate >>>>> limit will be changing. >>>>> >>>>> Can you expand on that? >>> What would ad-tech folks need to do differently? Am I right to assume >>> that this would cause attribution breakage only in cases that are currently >>> exceeding the limit? >>> >> That's correct that this would only affect ad-techs that are currently >> exceeding the limit. No change is needed if they want to use the new FIFO >> behavior. Otherwise, they would need to set the destination priority for >> the source registrations properly to prioritize destinations and achieve >> the desired behavior, e.g. the previous LIFO behavior. >> >>> >>>>> This change will help to reduce the registration and conversion loss >>>>> ad-techs may see with the current limit. >>>>> >>>>> >>>>> Explainer/Spec changes >>>>> >>>>> 1. >>>>> >>>>> Deactivate earliest destinations if exceeding distinct destination >>>>> limit for unexpired sources >>>>> <https://github.com/WICG/attribution-reporting-api/pull/1217> >>>>> >>>>> >>>>> Risks >>>>> Interoperability and Compatibility >>>>> >>>>> This feature is not a backwards compatible change because the behavior >>>>> for which sources will be rejected or deleted once the source destination >>>>> limit is hit will now be different. The new behavior is intuitively more >>>>> in >>>>> line with how ad-techs measure conversions currently, however there may be >>>>> some scenarios where keeping older source registrations is more important >>>>> to an ad-tech, which may still be achieved through the use of the priority >>>>> field that is part of this feature. >>>>> >>>>> This change will not cause any site breakage or change for end users >>>>> of Chrome. Additionally, once this feature is released it will only be >>>>> applicable to users running on Chrome M128 and future chrome versions. >>>>> This >>>>> change will also not delete any existing source registrations in storage >>>>> unless the limit is hit and there are source registrations that exceed the >>>>> limit. >>>>> >>>>> Gecko: No signal (Original request: >>>>> https://github.com/mozilla/standards-positions/issues/791) >>>>> >>>>> WebKit: No signal (Original request: >>>>> https://github.com/WebKit/standards-positions/issues/180) >>>>> >>>>> Web developers: >>>>> https://github.com/WICG/attribution-reporting-api/issues/1228 >>>>> >>>>> >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> None >>>>> >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? >>>>> >>>>> The attribution reporting feature will be supported on all platforms >>>>> with the exception of Android WebView >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> No, the behavior around destination limiting is not covered in WPT due >>>>> to performance issues when registering many events to trigger the limits. >>>>> We are looking at adding WebDriver support to better test some of these >>>>> privacy limits in the future. >>>>> >>>>> Estimated milestones >>>>> >>>>> This feature is anticipated to ship as part of Chrome 128 >>>>> <https://chromiumdash.appspot.com/schedule>. >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/6320694358179840 >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Previous I2S: >>>>> >>>>> Intent to Ship: Attribution Reporting API >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/2Rmj5V6FSaY> >>>>> >>>>> Intent to Ship: Attribution Reporting features M117 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/nWF61c8xu-M/m/uMmH1ewcAQAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M118 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/Mh-mJiyJZFk/m/HlgzpphYBQAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M119 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/6e44SBtEtcQ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M120 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/jSk3xpNPzGQ/m/VZPsdYgGCAAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M121 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/g9KiC6Rg_mA/m/V679WcWuAQAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M123 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/NE7VGke1Bjc/m/bIX00t4CAAAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M124 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/aregp1li6xk/m/IhBB2z8tBQAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M125 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/9UyhI6SRyxM/m/zgWWckgWAQAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M126 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/7UQR2lPn5KE/m/q_kL6ZiJDgAJ> >>>>> >>>>> Intent to Ship: Attribution Reporting features M127 >>>>> <https://groups.google.com/a/chromium.org/g/blink-dev/c/LAgnyPsJyJg?pli=1> >>>>> >>>>> >>>>> Thanks, >>>>> >>>>> Akash >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/305f8767-6782-4432-b37e-dbd58ada703en%40chromium.org >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/305f8767-6782-4432-b37e-dbd58ada703en%40chromium.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7e647d22-1ce9-46b2-ae03-887131c6bbd8%40chromium.org >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/7e647d22-1ce9-46b2-ae03-887131c6bbd8%40chromium.org?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-NMpZHfekH2OZScDRFg70H%2BULuTmx4DtA2ArQswoQLww%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw-NMpZHfekH2OZScDRFg70H%2BULuTmx4DtA2ArQswoQLww%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSLcQnZr_XxgJFQQnrVd9ydRwGyAhhXm8Mnj5V0L%3DjjYRA%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSLcQnZr_XxgJFQQnrVd9ydRwGyAhhXm8Mnj5V0L%3DjjYRA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CA%2BVrgPmMZ0aEC3UHyO7sbxfBVAkvinct8w9zy4DZ%2Bd04Mx%3Dg2Q%40mail.gmail.com.