-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
K-anon check vs. dynamic URLs #54
Comments
@michaelkleber our current thinking is that indeed because of the S2S aspect we can update the k-anon status in the metadata passed between the BFE and SFE/Auction TEEs. Once any dynamic URLs are provided by a buyer to be part of the auction we can lookup if they are k-anon. Similarly the Auction/SFE can use the provided metadata to run an auction and keep track of potentially two winners (one non-k-anon and one k-anon) to be more likely to send a successful k-anon winning response to the browser. In parallel the winning ad(s) will be reported back to k-anon to potentially join. We believe this will also help with the cold-start problem for auctions and allow quicker deployment of new creatives and for auctions to see they have hit the k-anon threshold of unique clients/visibility. |
Hi Brandon! The key step I'm worried about is the Protected Audience "second chance to bid" logic:
Maybe you're thinking that if the bidding function gets to make multiple bids all at once, then it can just try really hard to make a bid that it thinks will be k-anon? But if that's not the idea, then I still don't understand your plan. |
When the BFE passes the set of potential creatives/IGs to the bidding service the intent is indeed that multiple bids may be returned and we will also check/add the k-anon metadata to these bids before returning to the seller. That way the scoreAd method can take these bids and make an informed decision to increment k-anon counts on the winner(s) and return a k-anon winner to the browser in the encrypted response. |
Sorry that I still haven't communicated my question successfully. What happens if an IG's In Chrome's approach, the IG gets a second chance to bid, with the browser infrastructure making clear which ads have passed the k-anon check. In Edge's approach, is that bidder just out of luck? |
Thanks for the clarification. Yes if the bidder ends up returning N bids which are all not k-anon none of those would win the auction and the current plan would not be to duplicate the bidding phase. We think this is okay if it is expected by the participants as in practice there is typically a contextual backup/default ad that can be rendered. Additionally, we believe the proximity to the k-anon service will aide in updating the cache to more quickly to allow new creatives that are winning to accurately reflect they are now k-anon and able to be rendered. If in practice during trials of the API we do experience non-ideal behaviour we are open to feedback and adjusting the flow to ensure successful outcomes while maintaining privacy and performance characteristics; this could include importing the well-worn ad tech notion of a default creative as part of the auction. Also CC: @thegreatfatzby |
Got it, thank you. This is a very interesting alternative, which we didn't really consider since the real-time k-anon check is not viable for on-device auctions. We like the notion of making multiple bids, and it would be great if that's sufficient to not need to worry about the dedicated k-anon duplicate bidding phase. |
Hello Edge folks! We're delighted to have you on board.
Can you explain a little more how you are planning to handle the combination of dynamically-generated ad URLs and checking for k-anonymity? This seemed challenging to us. WICG/turtledove#729 offered a partial solution, but it seems like you're going farther than that, and I'd like to understand the trade-offs.
The current Protected Audience flow is:
Of course this flow only makes sense because the browser already knows (in advance of the auction) the k-anon status for every ad in the IG.
I understand that your choice to not support on-device bidding makes your life easier here because your k-anon checks are server-to-server, which makes step 1 feasible in real time. But I still don't know how you handle step 2.
The text was updated successfully, but these errors were encountered: