Account for the number of entropy bits exposed in reportingdomain #9
Comments
|
It occurred to me that the work-around I suggested above may not be sufficient for removing all possible entropy here. Here is another possible example: https://ad-tech.example is the impression side, where |
|
The input reporting domain at impression time is defined as an eTLD+1, so you shouldn't be able to do tricks with unique sub-domains (see https://github.com/csharrison/conversion-measurement-api#impression-declaration). We should always send the report to the root. If folks are registering unique full domains per user at impression time, they will hit a pretty difficult problem: matching users to those domains at conversion time in the advertiser's context. We only send reports to the reporting domain if they are declared in the conversion registration .well-known URL. In order to learn the unique reporting domain, the advertiser would need to cycle through every possible domain which is easily thwarted (see this section https://github.com/csharrison/conversion-measurement-api#limits-on-the-number-of-conversion-pixels). |
Let's say on the impression side we have a link like:
https://github.com/csharrison/conversion-measurement-api#conversion-reports mentions the conversion report will be sent to:
The number of unique bits sent alongside with this request seems more than what's mentioned there, since
uniqueidmay be a string that is unique e.g. per user (like a hash of their email address) or per their device (like a fingerprint).This could be solved for example by submitting the conversion report to:
Where
reportingrootdomainis the eTLD+1 ofreportingdomain.The text was updated successfully, but these errors were encountered: