Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add View and Click Data explainer section #1279

Open
wants to merge 3 commits into
base: main
Choose a base branch
from

Conversation

JensenPaul
Copy link
Collaborator

No description provided.

* The `attributionsrc` HTML attribute may include multiple space-delimited URLs, in which case the browser will issue a background request for each.


When the browser sends these request(s), it will include a new `Ad-Auction-Registration-Eligible` header whose value will be exactly one of "view" or "click".
Copy link
Contributor

@dmdabbs dmdabbs Sep 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will Protected Audience "GREASE" the request header value as ARA does?

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 to greasing. IMO it makes sense to make this a structured header to ease future extensions, such as the addition of parameters.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok 👍 thanks

1. All other requests will not have the `Ad-Auction-Registration-Eligible` header.


A server receiving the `Ad-Auction-Registration-Eligible` header may respond in such a way that indicates to the browser that this request should be counted among the events used to calculate that user's view and click counts. To do so, the server's response should include an `Ad-Auction-Register-Event` structured response header of the form:
Copy link
Contributor

@dmdabbs dmdabbs Sep 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest structured response header as structured field value header.

A server receiving the `Ad-Auction-Registration-Eligible` header may respond in such a way that indicates to the browser that this request should be counted among the events used to calculate that user's view and click counts. To do so, the server's response should include an `Ad-Auction-Register-Event` structured response header of the form:

```
Ad-Auction-Register-Event: type=[view|click]; eligible-origins=https://www.example-dsp.com,https://www.example2.com;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the top-level type a Dictionary?

FLEDGE.md Outdated
```

* `type`: Required. Indicates whether this event should be counted as a "view" or a "click". The browser will verify that the type of event being registered matches the type for which this request is eligible - "view" or "click" - and discard events for which this request is not eligible.
* `eligible-origins`: Optional. Conveys one or more origins for which this event should be included in the computed view and click counts that will be provided to UDFs in Protected Audience auctions. If omitted or blank, this event will **only** be included in the counts available to the origin that returned that `Ad-Auction-Register-Event`.
Copy link
Contributor

@dmdabbs dmdabbs Sep 18, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The providing origin is implicitly an eligible-origin even if not listed, yes?

#### 3.7.4 Access Controls

**For sites**:
* Recording of view and click events will only be allowed provided the publisher's Permissions-Policy permits interest group additions by the providing origin ([`join-ad-interest-group` directive](https://developers.google.com/privacy-sandbox/private-advertising/setup/web/permissions-policy)) . ARA permission policy is not required.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some publishers might see this as too expansive. They may be fine with adtechs recording views and clicks, but not joining IGs on their property.

* If an adtech wants to use ARA but not record Protected Audience views and clicks, they can simply exclude the Protected Audience view and click events header and/or not have its site (scheme, eTLD+1) attested for Protected Audience API.

**For end users**:
* View and click events are only recorded when the user control for Protected Audience is enabled. The user control for ARA is not considered.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If an end user deletes site data/QD, are the view and click and PA data included?


If specified, view/click counts will be computed by summing all counts for which the providing origin is included in `viewAndClickCountsProviders`, and for which the eligible origins include the interest group owner. If not specified, the browser will by default include only those view and click events that the interest group owner provided to itself.

When the buyer-defined `generateBid()` is called, two new fields - `viewCounts` and `clickCounts` - will be provided in the `browserSignals` argument, each of which will be an object that contains a field for each of the five fixed time windows.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When the buyer-defined generateBid() is called...

This is for now on-device only?

FLEDGE.md Show resolved Hide resolved

When `attributionsrc` is used:
* The browser will always look for view and click data on the response to the request that goes to a clickthrough URL ("href" on an `<a>` tag) or impression URL ("src" on an `<img>` or `<script>` tag).
* When `attributionsrc` is non-empty, the browser will also send a background request to the URL specified in the value of `attributionsrc`, and then look for view and click data on the response.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Assume that foreground and background requests will process the headers on redirects to origins whose sites are attested?


```
viewCounts: { pastHour: 1, pastDay: 2, pastWeek: 3, past30Days: 3, past90Days: 3 }
clickCounts: { pastHour: 0, pastDay: 0, pastWeek: 1, past30Days: 1, past90Days: 1 }
Copy link

@anderagakura anderagakura Sep 19, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For measurement, would not be useful to include additional time windows? (e.g past15days)

* `eligible-origins`: Optional. Conveys one or more origins for which this event should be included in the computed view and click counts that will be provided to UDFs in Protected Audience auctions. If omitted or blank, this event will **only** be included in the counts available to the origin that returned that `Ad-Auction-Register-Event`.


The "providing origin" is the origin from which the `Ad-Auction-Register-Event` header was received. The browser will only record view and click events for the providing origin if its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) is attested for Protected Audience API. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model). Similarly, the browser will only retain eligible origins whose site (scheme, eTLD+1) is attested for Protected Audience API.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without talking about measurement platform but even a tech intermediary cannot be part of viewAndClickCountsProviders , right?

Copy link
Collaborator

@orrb1 orrb1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks, Paul.

FLEDGE.md Outdated Show resolved Hide resolved
FLEDGE.md Outdated Show resolved Hide resolved
@WICG WICG deleted a comment from Saleemfarheen Oct 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants