The Privacy Sandbox initiative from Google includes APIs for enabling privacy-preserving advertising functionalities as part of the effort around limiting third-party cookies. In particular, the Private Aggregation API (PAA) and the Attribution Reporting API (ARA) can be used for ad measurement while providing different guardrails for safeguarding user privacy, including a framework for satisfying differential privacy (DP). In this work, we provide a formal model for analyzing the privacy of these APIs and show that they satisfy a formal DP guarantee under certain assumptions. Our analysis handles the case where both the queries and database can change interactively based on previous responses from the API.

翻译：谷歌的隐私沙盒计划包含一系列API，旨在实现隐私保护型广告功能，这是限制第三方Cookie相关工作的组成部分。具体而言，私有聚合API（PAA）与归因报告API（ARA）可用于广告效果衡量，同时通过不同防护机制保障用户隐私，其中包括满足差分隐私（DP）要求的框架。本研究建立了分析这些API隐私性的形式化模型，并证明在特定假设下它们满足形式化的DP保证。我们的分析处理了查询与数据库均可根据API先前响应进行交互式变更的情况。