Undetectable opt out?

[martinthomson]

I am not able to construct a situation whereby someone might tell their browser to pretend to do Protected Audience in a way that sites cannot detect.

Is there some discussion about how this might be achieved? Or maybe something close to an undetectable opt out, like one that provides differential privacy?

For instance, if you pretend to accept markings, but throw them away, that is detectable. I assume that a site can add many interest groups and then query for their presence arbitrarily. If you partition them by top-level site, that is detectable if a site is willing to create a second site.

The partitioning approach is appealing, but it also has some pretty interesting implications when it comes to limits. You can't enforce global limits or that breaks the partitioning (hello, tracking).

Does removal of the auction failure leakage (and negative targeting) address this? I don't think that it does until you close off all of the other auction result leakage vectors.

[michaelkleber]

While the 1-bit leak is in place (i.e. the surrounding page can know that some Protected Audience ad won), opt out is indeed detectable, by adding a browser to some PA Interest Group and then running an auction in which that IG is sure to bid.

The work on the Additional Bids and Negative Targeting features is an early step in the direction of closing off that 1-bit leak and having even contextually-targeted ads emerge from the protected auction. As you say, we will need to land that ecosystem change, and also move to Fenced Frame rendering and aggregate outcome reporting, before the API state is really undetectable.