Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Privacy Preserving Attribution #319

Closed
sertonix opened this issue Jul 16, 2024 · 7 comments
Closed

Privacy Preserving Attribution #319

sertonix opened this issue Jul 16, 2024 · 7 comments

Comments

@sertonix
Copy link
Contributor

When PPA is disabled the functions are a no-op. This skips the argument checking too so it is possible to detect whenever or not PPA is enabled. From what I have seen it should be possible to hide whenever PPA is enabled or disabled.

let enabled = false;
try {
  // The ~ is considered an invalid url and will cause an error when PPA is enabled.
  navigator.privateAttribution.saveImpression({ type: "view", index: 6, ad: "shoes", target: "~" });
} catch (e) {
  if (e instanceof DOMException)
    enabled = true;
}

Since PPA is an Origin Trial you currently need to set dom.origin-trials.private-attribution.state: 1 for the API to be available on any website.
@sertonix sertonix mentioned this issue Jul 16, 2024
Closed
2 tasks
@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Jul 17, 2024
edited
Loading

AFAICT ... when this becomes available on any website ... this is not a thing

  • see https://github.com/mozilla/explainers/issues/11#issuecomment-2228913120

  • The API appears to function fully when someone is opted out, but no private information is released. That is, saveImpression appears to save something (but saves nothing), and measureConversion generates a measurement message that contains all zero values. From the perspective of the sites involved, things appear to be exactly the same as someone who has the feature enabled.

@sertonix
Copy link
Contributor Author

sertonix commented Jul 17, 2024
edited
Loading

Then this is a bug in firefox. Made a report here https://bugzilla.mozilla.org/show_bug.cgi?id=1908470

@Thorin-Oakenpants
Copy link
Contributor

sorry, I have a lot going on and am not really following this

@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Jul 17, 2024
edited
Loading

I honestly can't quite follow this - I tried the other day in nightly with it enabled and not enabled and couldn't detect a difference (using console on live web sites)

edit: OK I needed to flip the pref for all sites? right?

@sertonix
Copy link
Contributor Author

Setting dom.origin-trials.private-attribution.state to 1 enables the API for all sites. This is needed cause the API is experimental (and the other options are too complicated).

@Thorin-Oakenpants
Copy link
Contributor

okie dokie - soz, am super busy with TB stuff - ESR128 is a huge jump :)

@Thorin-Oakenpants
Copy link
Contributor

ok, so being a Origin Trial (OT) this currently doesn't make a viable FP as it's not universal. And once 1908470 is fixed then when OT becomes obsolete (i.e enabled universally?) it's no longer a FP vector. So closing. But good catch

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thorin-Oakenpants @sertonix