On the Differential Privacy and Interactivity of Privacy Sandbox Reports
Badih Ghazi, Charlie Harrison, Arpana Hosabettu, Pritish Kamath,, Alexander Knop, Ravi Kumar, Ethan Leeman, Pasin Manurangsi, Mariana Raykova,, Vikas Sahu, Phillipp Schoppmann
TL;DR
This paper analyzes the Privacy Sandbox APIs, specifically PAA and ARA, demonstrating they satisfy differential privacy guarantees even under interactive query and database updates.
Contribution
It provides an abstract model for analyzing privacy guarantees of these APIs and proves their differential privacy compliance under interactive conditions.
Findings
APIs satisfy formal differential privacy guarantees
Analysis handles interactive query and database updates
Framework for privacy analysis of sandbox APIs
Abstract
The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities as part of the effort around limiting third-party cookies. In particular, the Private Aggregation API (PAA) and the Attribution Reporting API (ARA) can be used for ad measurement while providing different guardrails for safeguarding user privacy, including a framework for satisfying differential privacy (DP). In this work, we provide an abstract model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee under certain assumptions. Our analysis handles the case where both the queries and database can change interactively based on previous responses from the API.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsPrivacy-Preserving Technologies in Data · Privacy, Security, and Data Protection · Internet Traffic Analysis and Secure E-voting