You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently Attribution Reporting API cookie-based debug reporting is allowed when third-party cookies are available AND the special unpartitioned ar_debug cookie is set.
To make it easier for reporting origins to set up cookie-based debug reporting, we propose to keep the requirement of third-party cookies accessibility for the reporting origin on the source/destination sites, but remove the ar_debug cookie requirement.
There is no significant difference from either privacy or utility perspectives.
Ad-techs can only set the ar_debug cookie if they have access to third-party cookies on the source/destination sites. Therefore, third-party cookie accessibility is equivalent to the ad-techs’ ability to set the ar_debug cookie, and thus there is no privacy regression.
From the utility perspective, reporting origins can still control whether to enable cookie-based debug reporting via debug_key(attribution-success debug reports) or debug_reporting(verbose debug reporting) fields, and thus there is no utility regression.
This proposal brings ARA debugging more aligned with PAA which doesn’t require any API-specific cookie to be set. There may also be a slight utility improvement where ARA debug reports are not received due to misconfigured cookies (example).
The text was updated successfully, but these errors were encountered:
Ad-techs can only set the ar_debug cookie if they have access to third-party cookies on the source/destination sites. Therefore, third-party cookie accessibility is equivalent to the ad-techs’ ability to set the ar_debug cookie, and thus there is no privacy regression.
An embedded cross-site resource may set a partitioned cookie even when unpartitioned cookies are blocked/disabled, as I understand CHIPs reason for being.
Ad-techs can only set the ar_debug cookie if they have access to third-party cookies on the source/destination sites. Therefore, third-party cookie accessibility is equivalent to the ad-techs’ ability to set the ar_debug cookie, and thus there is no privacy regression.
An embedded cross-site resource may set a partitioned cookie even when unpartitioned cookies are blocked/disabled, as I understand CHIPs reason for being.
Thanks @dmdabbs. It's true that embedded cross-site resource can still set a partitioned cookie, and that's exactly why we require ar_debug to be unpartitioned currently. And to be clear, third-party cookie availability refers to unpartitioned cookies.
Currently Attribution Reporting API cookie-based debug reporting is allowed when third-party cookies are available AND the special unpartitioned ar_debug cookie is set.
To make it easier for reporting origins to set up cookie-based debug reporting, we propose to keep the requirement of third-party cookies accessibility for the reporting origin on the source/destination sites, but remove the ar_debug cookie requirement.
There is no significant difference from either privacy or utility perspectives.
debug_key
(attribution-success debug reports) ordebug_reporting
(verbose debug reporting) fields, and thus there is no utility regression.This proposal brings ARA debugging more aligned with PAA which doesn’t require any API-specific cookie to be set. There may also be a slight utility improvement where ARA debug reports are not received due to misconfigured cookies (example).
The text was updated successfully, but these errors were encountered: