Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Gathering Events" section is very confusing #46

Open
MattMenke2 opened this issue Mar 6, 2023 · 2 comments
Open

"Gathering Events" section is very confusing #46

MattMenke2 opened this issue Mar 6, 2023 · 2 comments

Comments

@MattMenke2
Copy link

The first sentence "collecting information on important events". It's unclear what events these are (source events, trigger events, both, something else?) and where information is being collected - is this a page's JS collecting source (trigger?) event information and passing it to the browser, the browser collecting this information (provided by sites) in a database, or this information being collected by a sever after reports have been triggered? The sentence does being with "IPA begins", but I don't know what the authors considered the "start" of IPA - is it the start of data being actually aggregated by a server, the start of one or both types of events, or what?

The section also mentions collecting information, collecting events, and collecting reports. It's not clear if these are one, two, or three distinct concepts.
@bmcase
Copy link
Collaborator

bmcase commented Mar 13, 2023

@MattMenke2, thanks for the feedback, we’ll try to make that section more clear. To your questions, IPA really begins before gathering reports when a Match Key Provider (MKP) sets a matchkey on the user agent. For gathering reports there are three steps:

  1. Getting the encrypted matchkey from the browser. When an event happens, the page can call the get_encrypted_matchkey() API and get back encrypted secret shares of the matchkey. This is done for both source and trigger events.
  2. Adding data to the report. Data known to the page about this event (timestamp, a bit indicating source/trigger, a conversion value for trigger reports, a breakdown key for source reports) needs to be added to the report. Most of this data also gets secret shared and encrypted under the public keys of the Helper Parties (timestamp remains in the clear as later we want a report collector to sort batches of reports by timestamp in the clear before submitting as a query). The computation for adding this data to a report could happen on the website's server or be implemented in JS like a pixel.
  3. Sharing reports with other report collectors. Once source and trigger sites have generated reports, they need to exchange them so each can use them in their own source/trigger fan-out queries.

The one other path than can happen instead of 1) for generating an encrypted matchkey is when a MKP creates reports for the events that happened on its own site. If a MKP knows who a user is, it could just create a report with the user's matchkey entirely serve-side and not need to call get_encrypted_matchkey().

Let me know if that still doesn't answer any of your questions.

@bmcase
Copy link
Collaborator

bmcase commented Mar 14, 2023

For more details on how get_encrypted_matchkey() might be implemented for browsers, see issue #25

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MattMenke2 @bmcase