-
Notifications
You must be signed in to change notification settings - Fork 244
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add View and Click Data explainer section #1279
base: main
Are you sure you want to change the base?
Conversation
* The `attributionsrc` HTML attribute may include multiple space-delimited URLs, in which case the browser will issue a background request for each. | ||
|
||
|
||
When the browser sends these request(s), it will include a new `Ad-Auction-Registration-Eligible` header whose value will be exactly one of "view" or "click". |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will Protected Audience "GREASE" the request header value as ARA does?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1 to greasing. IMO it makes sense to make this a structured header to ease future extensions, such as the addition of parameters.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok 👍 thanks
1. All other requests will not have the `Ad-Auction-Registration-Eligible` header. | ||
|
||
|
||
A server receiving the `Ad-Auction-Registration-Eligible` header may respond in such a way that indicates to the browser that this request should be counted among the events used to calculate that user's view and click counts. To do so, the server's response should include an `Ad-Auction-Register-Event` structured response header of the form: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suggest structured response header as structured field value header.
A server receiving the `Ad-Auction-Registration-Eligible` header may respond in such a way that indicates to the browser that this request should be counted among the events used to calculate that user's view and click counts. To do so, the server's response should include an `Ad-Auction-Register-Event` structured response header of the form: | ||
|
||
``` | ||
Ad-Auction-Register-Event: type=[view|click]; eligible-origins=https://www.example-dsp.com,https://www.example2.com; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is the top-level type a Dictionary?
FLEDGE.md
Outdated
``` | ||
|
||
* `type`: Required. Indicates whether this event should be counted as a "view" or a "click". The browser will verify that the type of event being registered matches the type for which this request is eligible - "view" or "click" - and discard events for which this request is not eligible. | ||
* `eligible-origins`: Optional. Conveys one or more origins for which this event should be included in the computed view and click counts that will be provided to UDFs in Protected Audience auctions. If omitted or blank, this event will **only** be included in the counts available to the origin that returned that `Ad-Auction-Register-Event`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The providing origin is implicitly an eligible-origin
even if not listed, yes?
#### 3.7.4 Access Controls | ||
|
||
**For sites**: | ||
* Recording of view and click events will only be allowed provided the publisher's Permissions-Policy permits interest group additions by the providing origin ([`join-ad-interest-group` directive](https://developers.google.com/privacy-sandbox/private-advertising/setup/web/permissions-policy)) . ARA permission policy is not required. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some publishers might see this as too expansive. They may be fine with adtechs recording views and clicks, but not joining IGs on their property.
* If an adtech wants to use ARA but not record Protected Audience views and clicks, they can simply exclude the Protected Audience view and click events header and/or not have its site (scheme, eTLD+1) attested for Protected Audience API. | ||
|
||
**For end users**: | ||
* View and click events are only recorded when the user control for Protected Audience is enabled. The user control for ARA is not considered. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If an end user deletes site data/QD, are the view and click and PA data included?
|
||
If specified, view/click counts will be computed by summing all counts for which the providing origin is included in `viewAndClickCountsProviders`, and for which the eligible origins include the interest group owner. If not specified, the browser will by default include only those view and click events that the interest group owner provided to itself. | ||
|
||
When the buyer-defined `generateBid()` is called, two new fields - `viewCounts` and `clickCounts` - will be provided in the `browserSignals` argument, each of which will be an object that contains a field for each of the five fixed time windows. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When the buyer-defined
generateBid()
is called...
This is for now on-device only?
|
||
When `attributionsrc` is used: | ||
* The browser will always look for view and click data on the response to the request that goes to a clickthrough URL ("href" on an `<a>` tag) or impression URL ("src" on an `<img>` or `<script>` tag). | ||
* When `attributionsrc` is non-empty, the browser will also send a background request to the URL specified in the value of `attributionsrc`, and then look for view and click data on the response. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Assume that foreground and background requests will process the headers on redirects to origins whose sites are attested?
|
||
``` | ||
viewCounts: { pastHour: 1, pastDay: 2, pastWeek: 3, past30Days: 3, past90Days: 3 } | ||
clickCounts: { pastHour: 0, pastDay: 0, pastWeek: 1, past30Days: 1, past90Days: 1 } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For measurement, would not be useful to include additional time windows? (e.g past15days)
* `eligible-origins`: Optional. Conveys one or more origins for which this event should be included in the computed view and click counts that will be provided to UDFs in Protected Audience auctions. If omitted or blank, this event will **only** be included in the counts available to the origin that returned that `Ad-Auction-Register-Event`. | ||
|
||
|
||
The "providing origin" is the origin from which the `Ad-Auction-Register-Event` header was received. The browser will only record view and click events for the providing origin if its [site](https://html.spec.whatwg.org/multipage/browsers.html#obtain-a-site) (scheme, eTLD+1) is attested for Protected Audience API. Please see [the Privacy Sandbox enrollment attestation model](https://github.com/privacysandbox/attestation#the-privacy-sandbox-enrollment-attestation-model). Similarly, the browser will only retain eligible origins whose site (scheme, eTLD+1) is attested for Protected Audience API. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Without talking about measurement platform but even a tech intermediary cannot be part of viewAndClickCountsProviders , right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, Paul.
No description provided.