LGTM3 On Thursday, September 12, 2024 at 7:41:22 PM UTC+2 Chris Harrelson wrote:
> LGTM2 > > On Thu, Sep 12, 2024 at 9:58 AM Mike Taylor <miketa...@chromium.org> > wrote: > >> LGTM1 - this seems like an important privacy bugfix. Compatibility-wise, >> this won't affect user experience (if my mental model is correct), but >> sites using the API may receive less info than expected - but that's kinda >> the point. >> On 9/11/24 6:03 PM, 'Akash Nadan' via blink-dev wrote: >> >> Contact emails >> >> akashna...@google.com, lin...@chromium.org, johni...@chromium.org >> >> Explainer >> >> Attribution Reporting with event-level reports >> <https://github.com/WICG/attribution-reporting-api/blob/main/EVENT.md> >> >> Attribution Reporting API with Aggregatable Reports >> <https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATE.md> >> >> Aggregation Service for the Attribution Reporting API >> <https://github.com/WICG/attribution-reporting-api/blob/main/AGGREGATION_SERVICE_TEE.md> >> >> Specification >> >> https://wicg.github.io/attribution-reporting-api/ >> >> Blink component >> >> Internals > AttributionReporting >> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Internals%3EAttributionReporting> >> >> TAG review >> >> Still under review <https://github.com/w3ctag/design-reviews/issues/724> >> under the original I2S for the Attribution Reporting API >> >> TAG review status >> >> Pending >> >> Summary >> >> We are landing the following changes to the Attribution Reporting API >> focused on: >> >> - >> >> Improving privacy for debug keys >> >> >> This change helps to mitigate a potential privacy gap with debug keys. >> >> Currently the API allows a source debug key or a trigger debug key to be >> specified if third party cookies are available and can be set by API >> callers. If either a source or trigger debug key is specified then it will >> be included in the attribution report. This may lead to a privacy leak if >> third party cookies are only allowed on either the publisher or the >> advertiser site but not both. >> >> This change mitigates this issue by enforcing that source debug keys and >> trigger debug keys are only included in the attribution report if they’re >> present on both the source and trigger, which would mean that third party >> cookies were available on both the publisher and advertiser site. This >> change will apply to both event-level reports and aggregatable reports. >> >> >> Explainer/Spec changes >> >> 1. >> >> Explainer & Spec: >> https://github.com/WICG/attribution-reporting-api/pull/1403 >> >> >> Risks >> Interoperability and Compatibility >> >> This is a backwards incompatible change. API callers will continue to >> receive Attribution Reporting API reports but the information contained in >> the report may change if the API caller only specifies a debug key on only >> the source or trigger registration. If they only specify a debug key on one >> side, then they will no longer receive debug key information in the report >> they receive but they will continue to receive reports. We expect this to >> have minimal impact since the API caller will continue to receive >> attribution reports as expected. >> >> Gecko: No signal (Original request: >> https://github.com/mozilla/standards-positions/issues/791) >> >> WebKit: No signal (Original request: >> https://github.com/WebKit/standards-positions/issues/180) >> >> >> WebView application risks >> >> Does this intent deprecate or change behavior of existing APIs, such that >> it has potentially high risk for Android WebView-based applications? >> >> No >> >> >> Will this feature be supported on all six Blink platforms (Windows, Mac, >> Linux, Chrome OS, Android, and Android WebView)? >> >> The attribution reporting feature will be supported on all platforms with >> the exception of Android WebView >> >> Is this feature fully tested by web-platform-tests >> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >> ? >> >> Yes >> >> Estimated milestones >> >> This feature is anticipated to ship as part of Chrome 130 >> <https://chromiumdash.appspot.com/schedule>. >> >> Link to entry on the Chrome Platform Status >> >> https://chromestatus.com/feature/6257907243679744 >> >> Links to previous Intent discussions >> >> Previous I2S: >> >> Intent to Ship: Attribution Reporting API >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/2Rmj5V6FSaY> >> >> Intent to Ship: Attribution Reporting features M117 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/nWF61c8xu-M/m/uMmH1ewcAQAJ> >> >> Intent to Ship: Attribution Reporting features M118 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/Mh-mJiyJZFk/m/HlgzpphYBQAJ> >> >> Intent to Ship: Attribution Reporting features M119 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/6e44SBtEtcQ> >> >> Intent to Ship: Attribution Reporting features M120 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/jSk3xpNPzGQ/m/VZPsdYgGCAAJ> >> >> Intent to Ship: Attribution Reporting features M121 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/g9KiC6Rg_mA/m/V679WcWuAQAJ> >> >> Intent to Ship: Attribution Reporting features M123 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/NE7VGke1Bjc/m/bIX00t4CAAAJ> >> >> Intent to Ship: Attribution Reporting features M124 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/aregp1li6xk/m/IhBB2z8tBQAJ> >> >> Intent to Ship: Attribution Reporting features M125 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/9UyhI6SRyxM/m/zgWWckgWAQAJ> >> >> Intent to Ship: Attribution Reporting features M126 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/7UQR2lPn5KE/m/q_kL6ZiJDgAJ> >> >> Intent to Ship: Attribution Reporting features M127 >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/LAgnyPsJyJg?pli=1> >> >> Intent to Ship: Attribution Reporting features M128 (1) >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/qlsv7fn0zRE/m/SK8upePCCAAJ> >> >> Intent to Ship: Attribution Reporting features M128 (2) >> <https://groups.google.com/a/chromium.org/g/blink-dev/c/VKGn41wMYlg/m/VsNXktqvCAAJ> >> >> Thanks, >> Akash >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/19b60fd8-79c3-462d-9ff5-1ece30fb64fen%40chromium.org?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> > To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a5c21fe3-d87f-4b39-ab6a-897b875ba05a%40chromium.org >> >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/a5c21fe3-d87f-4b39-ab6a-897b875ba05a%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/f9939b91-7930-4e87-a60e-d2df9af55134n%40chromium.org.
