-
Notifications
You must be signed in to change notification settings - Fork 227
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
System robustess to attacks from within #30
Comments
The explainer on Aggregated Reporting talks about some answers on reporting:
TURTLEDOVE could provide a similar re-use of the blind-signature cryptographic tokens to give an ad network a way to be sure the ad request genuinely came from someone they had added to the interest group. Browsers also choose what it's possible for extensions to do, which could offer protection against some attacks. But if you're worried about behavior by botnets of modified browsers, this won't be of much use. |
I am not sure that I understand how things would work here. |
Putting any attack aside, a bug of any form could happen and induce a billing discrepancy between the advertiser and the publisher. |
If you're thinking about bugs in the aggregation infrastructure, then the natural way to gain confidence in it is to send known data through the aggregation pipeline, and verify that you get the right aggregates out the other side. If you're thinking about bugs in the JS code that runs in the browser and creates individual events to be aggregated over (saying e.g. "advertiser A should pay $x" and "publisher P should receive $y"), this is the sort of code that can be audited, and indeed can be seen by everyone — basically what you were complaining about in #32, I think! The input to that in-browser JS is signals generated on a server, and those signals can be individually logged and reconciled just like in today's world. |
Closing this issue as it represents past design discussion that predates more recent proposals. I believe some of this feedback was incorporated into the Private Aggregation proposal. If you feel further discussion is needed, please feel free to reopen this issue or file a new issue. |
What are TURTLEDOVE protections against malicious browsers or any form of tampering with the bidding process or reporting happening in-browser?
In #20, it has been mentioned that:
But it doesn't seem to cover cases where the browser is malicious / infested (browser extensions, etc.).
Since the reporting will lead to payments by the advertisers, it is paramount that they can be assured that the bidding process was conducted fairly and that the reporting is accurate.
The text was updated successfully, but these errors were encountered: