Privacy Preserving Attribution for Advertising

Advertising provides critical support for the Web. We’ve been looking to apply privacy preserving advertising technology to the attribution problem, so that advertisers can get answers to important questions without harming privacy.

Attribution is how advertisers know if their advertising campaigns are working. Attribution generates metrics that allow advertisers to understand how their advertising campaigns are performing. Related measurement techniques also help publishers understand how they are helping advertisers. Though attribution is crucial to advertising, current attribution practices have terrible privacy properties.

For the last few months we have been working with a team from Meta (formerly Facebook) on a new proposal that aims to enable conversion measurement – or attribution – for advertising called Interoperable Private Attribution, or IPA.

IPA aims to provide advertisers with the ability to perform attribution while providing strong privacy guarantees. IPA has two key privacy-preserving features. First, it uses Multi-Party Computation (MPC) to avoid allowing any single entity — websites, browser makers, or advertisers — to learn about user behavior. Mozilla has some experience with MPC systems as we’ve deployed Prio for privacy-preserving telemetry. Second, it is an aggregated system, which means that it produces results that cannot be linked to individual users. Together these features mean that IPA cannot be used to track or profile users.

IPA is designed to provide a lot of flexibility for advertising businesses in terms of how they use the system. Cross-device and cross-browser attribution options in IPA enable new and more robust attribution capabilities, while maintaining privacy. The IPA proposal aims to ensure that all sites benefit from these features with the match key concept, which allows smaller players to access the greater reach of entities to cross-device attribution.

Together with our co-authors from Meta, we’ve recently proposed IPA to the Private Advertising Technology Community Group, or PATCG. PATCG is a group in the W3C specifically formed to work on improving advertising without compromising on privacy.

IPA is promising, but it is still a work in progress. We are still improving it and so welcome feedback on this idea and invite people to contribute to the discussion in PATCG. We hope this contribution will help make privacy-preserving attribution a reality.

The IPA overview contains more details on the proposal.

For more on this:

Building a more privacy-preserving ads-based ecosystem

The future of ads and privacy

Privacy analysis of FLoC

Mozilla responds to the UK CMA consultation on Google’s commitments on the Chrome Privacy Sandbox

Privacy analysis of and Unified ID 2.0

Analysis of Google’s Privacy Budget proposal

Share on Twitter